Svmuu News: According to GoPlus monitoring, Lumi Finance on Arbitrum was attacked on July 13, resulting in losses of approximately $270,000. The vulnerability stemmed from a logical flaw in the `validateUserOp` function of the Sodium smart contract (ERC-4337) when calling `_validateSignature` to verify a signature. When executing `isValidSignatureNow`, the `signer` parameter was passed as the attacker’s address, After an error occurred during the call to `ECDSA.tryRecover`, the transaction did not revert; instead, it called the `isValidSignature` function in the attacker’s contract and passed the validation.