A QNT reserve pool has been attacked, resulting in the loss of 1,988.5 QNT tokens, according to Odaily. The attack stemmed from a design flaw in the EIP-7702 account, where the pool's administrator identity was held by an address that delegated its code to the BatchExecutor contract. The BatchExecutor authorized the BatchCall contract as a caller without permission control, and the BatchCall.batch function lacked permission checks. This allowed the attacker to exploit the vulnerability and extract tokens from the pool.