According to the analysis of the Beosin security team, the root cause of the attack on the JPEG'd project was a reentry attack, resulting in a loss of at least $10 million. The attacker added liquidity by reentering the add_liquidity function when calling the remove_liquidity function to remove liquidity. Since the balance was updated before reentering the add_liquidity function, an error occurred in the price calculation.
