1inch Network project favicon

1inch Network

Multi-Chain
Last audited on 2024/11/14
No active critical issues

Last Issues (6)

Low
Medium
High
Critical
Total
Not fixed
----0
Fixed
6---6
Total60006

Reported rekts

1Inch was reported as rekt on 2025/03/06
Click to show description
Quick Summary

On March 6, 2025, 1inch’s Fusion v1 Settlement Contract suffered a $2.6 million exploit, losing approximately $1.2 million in USDC
and 638 ETH. The root cause was a re-entrancy vulnerability in the fillOrderInteraction() function, which allowed attackers to
repeatedly gain approvals for asset transfers.




Details of the Exploit

The exploited function, fillOrderInteraction(), blindly accepted user-supplied input (takingAmount) and returned that value as the
approved transfer amount. This function is part of the 1inch Aggregation Router (0x1111111254eeb25477b68fb85ed929f73a960582),
which called fillOrderTo(). Critically, both functions accepted arbitrary calldata, opening the door to a re-entrancy attack. This
re-entrancy flaw enabled multiple fraudulent approvals, allowing the attacker to withdraw funds far beyond legitimate order
amounts.




Block Data Reference

Exploit TX Example:

https://etherscan.io/tx/0xb5c94efa0c8fd8f5c8cc2826e374a99620b01061d395b59b8f45dddc9fce1c60

Audits (27)

#NameAuditorDateChainsIssues
1Cross Chain Swaps AuditOpenZeppelin2024/11/14
Off-Chain (Private)
No active critical issues
21inch Settlement Refactor A...OpenZeppelin2024/05/23
Off-Chain (Private)
No active critical issues
31inch Limit Order and Aggre...OpenZeppelin2024/05/23
Off-Chain (Private)
No active critical issues
41inch Limit Order Protocol ...OpenZeppelin2024/05/23
Off-Chain (Private)
No active critical issues
51inch Aggregation Protocol ...OpenZeppelin2024/05/23
Off-Chain (Private)
No active critical issues
61inch Limit Order Settlemen...OpenZeppelin2024/05/20
Off-Chain (Private)
No active critical issues
71inch Fusion v1OXORIO2022/12/27
Off-Chain (Public)
No active critical issues
81inch – Limit OrderChainSecurity2022/12/19
Off-Chain (Private)
No active critical issues
91inch – DelegationChainSecurity2022/12/19
Off-Chain (Private)
No active critical issues
101inch – ERC20ChainSecurity2022/12/19
Off-Chain (Private)
No active critical issues