The bridge contract contained a flaw allowing cross-chain messages to trigger arbitrary function calls on external contracts. An attacker could execute any function with the bridge’s privileges. Impact: 00M+ in cross-chain assets potentially compromised.