Root cause:

the attacker manipulated MakerDAO’s CDP (Collateralized Debt Position) system and a vulnerable UniswapV2 LP token contract

Vulnerable code snippet:

Attack tx:

https://etherscan.io/tx/0xf1818f62c635e5c80ef16b7857da812c74ce330ebed46682b4d173bffe84c666

Analysis:

https://app.blocksec.com/explorer/tx/eth/0xf1818f62c635e5c80ef16b7857da812c74ce330ebed46682b4d173bffe84c666?line=74