As does ours - but they manually review things to give them a 'sense check'. That doesn't scale at all to the crypto world where the concept is permissionless and instant transfers. Said differently, how would you implement multisig in a setup like Nomad and prevent this type of attack?
I've been harping on this part of DeFi for a long time... developers should be writing very good tests. Along with that, security reviews should be followed. This is the review in question [1] where developers ignored the possibility of an issue. This is the commit [2] that likely caused the issue, no tests added. Along with a large chunk of "never brag about your security" hubris [3].
