Bunni points to smart contract rounding errors as the cause of an $8.4 million flash loan exploit

The vulnerability stems from an issue with the rounding direction used when updating idle balances in the smart contract, which occurred during user withdrawals. The attacker exploited this error to launch a flash loan attack, manipulating the price and liquidity of the trading pool.