The bug went unnoticed for six months

​A bug in the Solana library potentially allowed to steal $27 million an hour

06.12.2021 - 14:15


1 min


What’s new? The Neodyme experts discovered that due to the bug in one of the Solana Protocol Program Library (SPL) the potential scammers could steal funds from the DeFi projects at a rate of $27 million per hour.

Which projects were under threat? The Tulip Protocol (TULIP) yield aggregator and the Solend (SLND) and Larix lending protocols could have been the most vulnerable.

The Neodyme experts noted that the bug was first identified by one of Solana's auditors, back in June. However, he probably considered it insignificant, and as a result, the library continued to function with the bug for six months. On December 1, the auditor noticed that the vulnerability had not been fixed yet, and asked the Neodyme experts to run testing.

What conclusions did Neodyme come to? After the experts did their research, they discovered that the bug could have caused a multi-million dollar loss. They contacted the Solana Foundation and 8 projects that should have noticed the impact of the bug in their work. It turned out that some of them had already removed it, and Solana Labs had fixed the help documentation.


yanazakomoldina yanazakomoldina

Subscribe to Getblock Magazine and stay up to date with the latest news from the world of cryptocurrencies and the digital economy