TechFlow, April 15 — According to SlowMist Team's disclosure, the KiloEx attack occurred because the MinimalForwarder contract lacked access control checks, enabling manipulation of oracle prices.
The attacker exploited a vulnerability in the execute function of the MinimalForwarder contract, where external call data was not validated, successfully manipulating price data within the KiloPriceFeed contract. The attacker first set the price to an extremely low value and opened a long position, then increased the price and closed the position to realize profits.




