TrustedVolumes

Forged RFQ Orders

Estimated loss

$6.70M

VERDICT —AUDIT-CATCHABLE

Audit-catchable, textbook variety. Halborn's own published analysis: 'Smart contract functions should be private or internal by default unless there is a clear business need for them to be public. This type of vulnerability could have been found and fixed by a comprehensive smart contract audit.' Pure access-control flaw on a function that mutates the privileged signers set — the kind of thing Slither's missing-modifier detector or any manual ACL walkthrough flags within minutes.

▰ METHOD

Public function on RFQ swap proxy → caller self-whitelists as Allowed Order Signer → exercises stale ERC20 approvals

ACCESS-CONTROLBYTECODE CATCHABLE →AI SCANNABLE →

Root cause

TrustedVolumes' custom RFQ (Request-For-Quote) swap proxy exposed a public function that allowed any caller to add themselves to the protocol's 'Allowed Order Signers' set. Per Halborn's post-mortem, this is NOT a cryptographic-validation flaw — the digital-signature check on trading orders ran correctly — it is a pure access-control flaw: a function that should have been internal/private was left public. Once the attacker added their own address to the approved-signers list, they could sign fake RFQ orders that the proxy would then honor by exercising stale ERC20 approvals that legitimate users had previously granted. Net drain: 1,291.16 WETH + 206,282 USDT + 16.939 WBTC + 1,268,771 USDC across ~85 fast transactions (~$5.87-6.7M depending on price snapshot, May 7 2026). The attacker is the same operator behind the March 2025 1inch Fusion V1 ~$5M drain on a different RFQ surface. 1inch's own infrastructure was NOT touched — only the TrustedVolumes-controlled custom proxy.

Forensic narrative

Classification: Protocol Logic. Technique: Forged RFQ Orders. Target type: Other. Affected chains: Ethereum. Implementation language: Solidity.

Sourced from

DefiLlama Hacks dataset · api.llama.fi/hacks

Technical record