$7.2mm stolen from @burger_swap because of a silly modification in the source code.
The swap function is supposed to verify x*y >= k which basically verifies that the contract got enough input tokens required to do the swap 🧵👇
Without this check, you can trigger a swap to swap a million token X for a million token Y but only pay 1 token X to the pool while withdrawing the million token Y.
Without this check, the pool has no way to ensure that the user paid the input tokens they committed in the swap.
Why was this check removed? I have two theories 1) Planned Rug 2) Incompetent devs that saw a test case failing and just removed the check that caused the failure rather than understanding what's going on and fixing the issue.
You can get more details on the economic aspect of this hack in this thread from @FrankResearcher.
The technical reasoning behind the hack is not totally correct but the rest of the details seem to be on point.