A bug in the Solana library potentially allowed to steal $27 million an hour
The bug went unnoticed for six months
06.12.2021 - 14:15
719
1 min
0
.
What’s new? The Neodyme experts discovered that due to the bug in one of the Solana Protocol Program Library (SPL) the potential scammers could steal funds from the DeFi projects at a rate of $27 million per hour.
We recently discovered a critical bug in the token-lending contract of the solana-program-library (SPL). This blog post details our journey from discovery, through exploitation and coordinated disclosure, and finally the fix.— Neodyme (@Neodyme) December 3, 2021
Which projects were under threat? The Tulip Protocol (TULIP) yield aggregator and the Solend (SLND) and Larix lending protocols could have been the most vulnerable.
The Neodyme experts noted that the bug was first identified by one of Solana's auditors, back in June. However, he probably considered it insignificant, and as a result, the library continued to function with the bug for six months. On December 1, the auditor noticed that the vulnerability had not been fixed yet, and asked the Neodyme experts to run testing.
What conclusions did Neodyme come to? After the experts did their research, they discovered that the bug could have caused a multi-million dollar loss. They contacted the Solana Foundation and 8 projects that should have noticed the impact of the bug in their work. It turned out that some of them had already removed it, and Solana Labs had fixed the help documentation.
Useful material?
Telegram 
Twitter Technologies
Network fees will be integrated into the cost of swaps
Nov 22, 2024
Market
The company’s unrealized profits from investing in its first cryptocurrency approached $14 billion
Nov 19, 2024
Incidents
The search, the reason for which was not announced, took place a week after the election, the results of which Polymarket users predicted quite accurately
Nov 14, 2024
Market
Analysts point to the growing popularity of the first cryptocurrency as a safe haven asset
Nov 13, 2024
Market
The product will begin trading on the Swiss Exchange on November 19
Nov 12, 2024
Market
The company’s unrealized profits from investing in the first cryptocurrency approached $13 billion
Nov 12, 2024
Cryptocurrency rates
-
Bitcoin
$95 110
BTC
-0.92%
-
Ethereum
$3 452.65
ETH
+4.26%
-
BNB Smart Chain
$579.4
BSC
+1.23%
-
Ripple
$1.45
XRP
+8.24%
-
Dogecoin
$0.400547
DOGE
-2.7%
-
Cardano
$0.988134
ADA
+2.08%
-
Stellar XLM
$0.509899
XLM
+5.95%
-
Polkadot
$8.41
DOT
+0.21%
-
Bitcoin Cash
$501.76
BCH
+0.3%
-
Litecoin
$94.5
LTC
+0.18%