The protocol's purpose was to allow users to buy options, for which they would pay a premium to the option writers (lenders). The protocol was designed to provide a specific token to the option writers, achieving this by swapping the premium if any other whitelisted token was provided. The vulnerability I found was that an attacker could essentially sandwich attack themselves and siphon most of the swap amount, leaving the option writer liable to pay out the option if it is in-the-money (ITM) without receiving any premium to offset this risk. This resulted in risk-free option trading for the attacker.
The protocol confirmed the issue, however was moving to v2 soon and opted not to fix it.