SlowMist: EIP-7702 Account Vulnerability Causes Theft of 1,988.5 QNT, Worth Approximately 54.93 ETH

According to SlowMist monitoring, due to a design flaw in an EIP-7702 account, a QNT reserve pool was attacked, resulting in a loss of 1,988.5 QNT, worth approximately 54.93 ETH. The root cause of the attack is that the administrator identity of the reserve pool is held by an address, which delegated its code to the BatchExecutor contract via EIP-7702. Because BatchExecutor authorized the permissionless BatchCall contract as a caller, and the BatchCall.batch function lacks permission checks, the attacker exploited an arbitrary call vulnerability to drain tokens from the pool.