⚠️Smart contract vulnerability exploited: QNT reserve pool assets attacked

On-chain security incident occurs again. Attackers exploited account authorization and contract permission design flaws to successfully steal assets from the reserve pool.
The key details of this incident are as follows:
The attacker launched the attack through a flawed EIP-7702 account mechanism
Stole 1,988.5 Quant (QNT) from the reserve pool
Worth approximately 54.93 Ethereum
The core reason for the problem:
1️⃣ The reserve pool administrator's EOA address delegates code to the BatchExecutor contract via EIP-7702
2️⃣ This contract then authorizes the BatchCall contract to perform batch calls
3️⃣ But the () function has no permission checks
As a result:
👉 Any external address can directly call this function
👉 The attacker successfully executed batch calls and transferred the reserve pool assets
Professional perspective:
Such incidents are essentially not a problem with the underlying blockchain, but a failure in contract permission management design. In DeFi systems, a single misconfigured permission can often lead to complete fund drain.
Summary in one sentence:
In the on-chain world, code is law, and security boundaries often determine everything. #WCTC交易王PK #加密市场小幅下跌 #Polymarket每日热点 $ONT $SSV