I've been harping on this part of DeFi for a long time... developers should be writing very good tests. Along with that, security reviews should be followed. This is the review in question [1] where developers ignored the possibility of an issue. This is the commit [2] that likely caused the issue, no tests added. Along with a large chunk of "never brag about your security" hubris [3].

[1] https://news.ycombinator.com/item?id=32319344

[2] https://github.com/nomad-xyz/monorepo/commit/46d14571f3eada6...

[3] https://twitter.com/0xemon/status/1554310755071119361