The attacker began by making a faux tick account. A tick account is “a devoted account that shops value tick information in CLMM,” the builders mentioned, referring to Crema’s market making protocol. After that, the attacker exploited a command by writing the information on the faux account and circumventing safety measures.
