Flash loan-style exploit hits Resupply — $9.5M stolen
The attacker used donations to boost cvcrvUSD’s price, tricking the system into overvaluing it.
Then, using the ResupplyPair contract, they posted only 1 wei of cvcrvUSD and borrowed 10 million reUSD.
Another costly lesson in oracle manipulation.