By bobby okposin | may 07, 2026
Security firms SlowMist and PeckShield identified a critical bug in the RFQ contract’s fillOrder function. The flaw allowed attackers to forge orders by registering as authorized signers.
TrustedVolumes has reached out to the exploiter, offering a bug bounty to facilitate the return of funds.
The exploit specifically targeted addresses with unlimited approvals, reigniting industry-wide debates on the safety of custodial setups and high-permission smart contracts.