Initial Post-mortem
1) The attacker created their own router, that emitted a deposit event when sent ETH
2) The attacker called returnVaultAssets() with no coins, but a small amount of ETH, but with their own router as asgard
3) On Line140 of the Router, it forwards the ETH to the fake asgard
4) When the fake asgard receives the ETH, it pretends to be a router and fires a fake deposit event with a bad memo
5) Bifrost interprets as a normal deposit and refunds due to a bad memo
The bug is in the bifrost code to be vulnerable to (5)