The exploit involved the attacker creating a fake tick account on Crema. A tick account is “a dedicated account that stores price tick data in CLMM,” the developers said, referring to Crema’s market-making protocol. After that, the attacker exploited a command by writing the data on the fake account and circumventing security measures.
Crema Finance Attacker Returns Almost $8M, Keeps $1.7M Bounty
previous post