Uncovering a $2.6 Billion Bug in the Solana Program Library

Neodyme, a boutique security auditing firm, discovered a significant vulnerability in Solana’s codebase.

Neodyme’s crypto security experts recently published a blog post outlining the concept of an attack that might be advantageous for “expensive” tokens incorporated into the Solana (SOL) ecosystem.

“A single Lamborghini per hour.” According to the news released on Neodyme’s social media and blog, its members discovered a problem in the Solana Program Library’s token-lending contract. As such, it impacted various Solana-based DeFi protocols.

Aggregated total value locked (TVL) at risk was above $2,600,000,000. The design of the hypothetical attack was pretty simple: when investing n fractional tokens, a user is allowed to withdraw n+1 fractional tokens.

With Solana’s native currency, SOL, it will not be useful economically, since 1 Lamport (the lowest fraction of SOL, like Satoshi for Bitcoin, Wei for Ether and Drop for XRP) is only worth roughly $0.000000220.

However, this situation might be very advantageous for Ether and Bitcoin. With certain technological enhancements, the assault may be carried out around 300 times per second. In this instance, losses may be severe:

We may incorporate this transaction around 300 times per second, resulting in a theft of $7500 per second or approximately $27 million per hour (that is one Lamborghini Huracan every minute).

Correction of a bug

When conducted automatically, this assault becomes beneficial for both FTT and RAY tokens. On December 2-4, members of Neodyme spoke with a number of decentralised financial protocols (DeFis) on Solana, including Larix, Solend, Tulip, Accumen, and Soda.

Each team corrected flaws in its architecture. Jordan Audet-Sexton, a software developer, announced on GitHub yesterday that the problem has been resolved in Solana’s core codebase as well.

Also Read: Tron Constructs The World’s First Ecological Complex In The Cryptovoxels Metaverse