A recent attack on Arbitrum resulted in a loss of approximately 23.5 ETH, with the root cause traced to the spot price used by the convert function, involving two pools sharing the same LP token name.
According to Phalcon, Arbitrum experienced an attack that led to a loss of around 23.5 ETH. The root cause of the issue has been identified as the spot price used by the convert function. There were two pools that shared the same name for their liquidity provider (LP) tokens, which are both called CMLT-LP. Users can convert from one pool (CMLT-LP-65eb) to another (CMLT-LP-2ea3) by invoking the convert function.
This issue highlights the importance of proper naming conventions and attention to detail in smart contract development, as well as the need for robust security measures to protect against potential attacks.