Suche
Mein Konto
Solana Token Lending Contract Bug Fixed, Leveraging More Than $2 Billion –
A bug in the Solana Program Library (SPL) token lending agreement was recently found and fixed by Neodyme, a security auditing firm. The flaw, discovered a few months ago, could affect several decentralized finance protocols with a total value of more than $2 billion (TVL). Their team identified the possible protocols that used this contract (or derivatives thereof) and immediately disclosed the bug. Solana SPL Rounding Error Puts Funds at Risk An error in one of the token lending contracts that is part of Solana's Program Library (SPL), a group of on-chain programs targeting Sealevel's parallel runtime on Solana, is putting funds at risk across multiple protocols. Neodymium, a...
Solana Token Lending Contract Bug Fixed, Leveraging More Than $2 Billion –
A bug in the Solana Program Library (SPL) token lending agreement was recently found and fixed by Neodyme, a security auditing firm. The flaw, discovered a few months ago, could affect several decentralized finance protocols with a total value of more than $2 billion (TVL). Their team identified the possible protocols that used this contract (or derivatives thereof) and immediately disclosed the bug.
Solana SPL rounding errors put funds at risk
A flaw in one of the token lending contracts that is part of Solana's Program Library (SPL), a group of on-chain programs targeting Sealevel's parallel runtime on Solana, puts the funds of several protocols at risk. Neodyme, a security agency, had disclosed This vulnerability was discovered and brought to attention months ago, but the error had not been fixed due to its seemingly harmless effect.
The error caused a rounding error, yielding more tokens than were deposited into the contract by users. However, the flaw was not exploitable without an organized attack that directly targeted the vulnerability. Neodyme, the auditing group, managed to reproduce it and create a script that takes advantage of it.
Meaning of Open Source
More than $2 billion in multiple tokens for these protocols were at risk of being slowly drained through the use of this exploit. Furthermore, if the attack had been carried out intelligently, it would not have triggered any alarms and would only have been detected as a slow outflow of APY in some pools. neodymium noticed about the importance of open source code so that auditors can be involved and help fix these types of errors. It said:
We believe that open source is the safest code, and as auditors we believe that one of the best ways to write better code is to understand vulnerabilities.
After discovering this exploit, Neodyme shared its existence with teams who would likely use the program as a tool in their operations. Among them were some protocols running on the Solana. are not open source Chain, and cannot be directly verified by their users. This made it difficult for them to directly verify whether these platforms could be exploited through the bug. However, they have communicated with the teams behind these protocols who are responsible for resolving the issue individually.
The SPL token lending contract has been previously audited and two projects using it have also been independently audited: Solend by Kudelski and Larix by Slowmist.
What do you think about the exploit corrected in the Solana token lending contract? Tell us in the comments section below.
Photo credits: Shutterstock, Pixabay, Wiki Commons