[CRITICAL] Possible Bug Stealing Money

[Wabinab]

Refer to this example.

If you checked the example, there was an assertion raised; however, the assertion wasn't handled such that it result in a successful transaction.

The issue was submitted on ImmuneFi, with steps to reproduce, with ID 24033. Please check.

Unfortunately, I couldn't find the exact file of ft_transfer_call or ft_on_transfer that calls the swap function (that most probably doesn't handled the exception properly) by searching this repo; nor could I provide a solution for the issue.

[reticenceji]

Hey bro, it seems that there is no problem in contract. And the transaction you given doesn't steal any money from ref protocol. Based on your blog, it seems that you ignore your wNEAR turn to NEAR, which makes you think you get money from the air.