Main navigation

$2.6 Billion Bug in Solana Program Library Disclosed: Details

Advertisement
Sat, 4/12/2021 - 16:31
$2.6 Billion Bug in Solana Program Library Disclosed: Details
Cover image via stock.adobe.com
Read U.TODAY on
Google News
Advertisement

In their latest blog post, crypto security researchers from Neodyme shared the design of an attack that may be profitable for "expensive" tokens integrated into Solana (SOL) ecosystem.

"One Lambo per hour"

As per the announcement shared in Neodyme's social network and blog, its members noticed a bug in the token-lending contract of the Solana Program Library. As such, it affected numerous Solana-based DeFi protocols.

Aggregated total value locked (TVL) at risk was over $2,600,000,000. The design of the hypothetical attack was quite simple: while depositing n fractional tokens, a user is able to withdraw n+1 fractional tokens.

Advertisement

With Solana's native token, SOL, it will not be effective economically, as 1 Lamport (the smallest fraction of SOL, like Satoshi for Bitcoin, Wei for Ether and Drop for XRP) is only worth about $0.000000220.

However, for Ether and Bitcoin, this scenario can be very profitable. With some technical upgrades, the attack can be executed about 300 times per second. In this case, losses can be dramatic:

We can get this transaction included about 300 times per second, stealing $7500 per second or about $27 million an hour (that is one Lamborghini Huracan every minute).

Bug fixed

In automated mode, this attack becomes profitable even for FTT and RAY tokens.

On Dec. 2-4, Neodyme's representatives contacted a number of decentralized finance protocols (DeFis) on Solana, e.g., Larix, Solend, Tulip, Accumen, Soda and so on.

All teams fixed the bugs in their architecture. Yesterday, software engineer Jordan Audet-Sexton shared in GitHub that the issue is fixed in Solana's main codebase as well.

Related articles

Advertisement
TopCryptoNewsinYourMailbox
TopCryptoNewsinYourMailbox
Advertisement
Advertisement

Recommended articles

Latest Press Releases

Our social media
There's a lot to see there, too

Popular articles

Advertisement
AD