- Fund Loss: ~$4.75M
The attacker exploited unvalidated inputs in claimReward() and inconsistent parameter handling in swapDebtParaSwap() to bypass debt repayment obligations. This combination enabled the fabrication of swap fees following a zero-cost swap, draining 66 WETH from the DeltaPrime pool.
- Contract Etherscan Link: https://arbiscan.io/address/0xd6002c3f5a53107cb11cc0b8de5f76f61f18cb5d#code
- Contract Github Link: https://github.com/DeltaPrimeLabs/deltaprime-contracts-v2/blob/9a2f353ae085cfdc152fc1f0d7397b906519c716/contracts/facets/TraderJoeV2Facet.sol
