The root cause of the @KiloEx_perp exploit is the lack of access control checks in the top-level contract(MinimalForwarder), which leads to the manipulation of oracle prices. The attack path is as follows: 1. The setPrices function in the KiloPriceFeed contract, which can modify oracle prices, needs to be called by the Keeper contract. 2. The 0x7a498a61 function in the Keeper contract, which executes price modifications and opening positions, needs to be called by the PositionKeeper contract. 3. The 0xac9fd279 function in the PositionKeeper contract, which executes calls to the Keeper contract, needs to be called by the MinimalForwarder contract. 4. The MinimalForwarder requires users to call the execute function to complete the function call to the PositionKeeper contract. However, within the execute function of the MinimalForwarder contract, users can pass any specified from address and a constructed signature to pass the signature check. Furthermore, there is no check on the data of the external call. This ultimately allows for a step-by-step call to the setPrices function in the KiloPriceFeed contract to tamper with the price. 5. Consequently, the attacker first modified the price to a very low value and used this price to open a long position, then immediately closed the position for profit after adjusting the price to a very high value. MinimalForwarder: BASE 0x3274b668aed85479e2a8511e74d7db7240ebe7c8 BSC 0xad37c86c06be706466ee70cbbf58f20655e7efb1 PositionKeeper: BASE 0xfdc7bc3a9fde88e7bcfb69c8b9ca7fda483627ed BSC 0xaf457b72fff6712641c5f1843515a6e114b2ecde Keeper: BASE 0x796f1793599d7b6aca6a87516546ddf8e5f3aa9d BSC 0x298e94d5494e7c461a05903dcf41910e0125d019 KiloPriceFeed: BASE 0x22c40b883b5976f13c78ee45ead6b0cdc192dae5 BSC 0x1b64eb04f9e62e1f3d1599d65fcfa8cc2dc44024 As always, stay vigilant!