CoinVoice latest learned that Coinbase incurred approximately $300,000 in token fees that were intercepted by MEV bots due to a configuration error in interacting with the 'swapper' contract from 0xProject.
Security researcher from Venn Network, 'X' user deeberiroz, disclosed on Wednesday that Coinbase interacted with the 'swapper' smart contract of the decentralized peer-to-peer trading platform 0x, which was never designed for token authorization operations.
The 'swapper' contract provided by 0xProject is used for executing token exchanges. This contract is permissionless, allowing anyone to call it to perform any operation, without ownership restrictions. However, it was not designed for token authorization because doing so could expose funds to risk.
Researchers indicate that this design has previously led to known issues, such as incidents involving the Zora airdrop on the BaseLayer2 network. [Original link]