The attacker exploited the check function in the EGGXClaim contract, which lacks validation, allowing multiple claims of EGGX tokens using specific NFT IDs during a flash loan, enabling a swap for ~2 ETH.
function check(uint256[] memory nftids) public {
for (uint256 i = 0; i < nftids.length; i++) {
require(eggx.ownerOf(nftids[i]) == msg.sender, "Not owner");
eggx.mint(msg.sender, 1e18); // Simplified; actual logic may vary
}
}