CertiK: Dough was attacked due to an arbitrary call vulnerability in the contract, and the white hat hacker returned 76 ETH.
The security agency CertiK released a report on the Dough Finance vulnerability incident. The report shows that Dough Finance was exploited in multiple flash loan transactions on July 12, and the hackers made about $2.10 million, of which about 76 ETH (about $260,000) was returned by white hat hackers. Attackers can use arbitrary call vulnerabilities in Dough ConnectorDeleverageParaswap contracts to transfer WETH directly from vulnerable contracts.