Solana just fixed a bug that could allow hackers to steal $ 27 million an hour
Solana just fixed a bug that could allow hackers to steal $ 27 million an hour. Rug pull and network exploits have dominated public opinion in the crypto industry. DeFi applications have now lost a total of more than $ 2 billion to such hacks, up to $ 120 million this week alone.
Additionally, if a bug is recently patched, there is a risk that thousands of dollars will be stolen from the Solana ecosystem, according to security researchers at Neodyme.
In one post In a blog post, researchers revealed that a bug in the Solana Protocol Library (SPL – Reference Set for Solana Projects) could allow hackers to steal funds from multiple Solana projects at high speed. $ 27 million an hour. The total risk value is up to $ 2.6 billion.
Potential targets that could be affected include the Tulip Protocol return aggregator and the Solend, Soda, Larix credit protocols, all of which have a Total Value Locked (TVL) in the millions.
It all started in June of this year when researcher Simon discovered the bug and highlighted the problem on Github. Since the error did not pose an imminent risk at this point, it went unnoticed. However, when it was reviewed on December 1, it remained unresolved or corrected.
Researchers then began testing the exploit for the bug and assessing the potential harm it could cause. Although it was initially considered a “seemingly harmless rounding error”, the researcher later realized that there was a possibility that large amounts of money could be stolen through endlessly small transactions.
This is because applications on Solana that use SPL reference the nearest integer at the time of payout, which results in the user getting very little or losing if the user is owed a fraction of the smallest reference unit of money.
While it may seem insignificant, the number is unimaginable if a single company takes advantage of this and sticks to it.
After the test, the researchers estimate that they can make this mistake 150-200 times in a single transaction and pack those many transactions into a single block. They calculated an exploit of such a vulnerability that could steal funds at the rate of $ 7,500 per second, or $ 27 million per hour.
Upon confirmation, Neodyme contacted several Solana projects that may have been affected by this bug. Since most of them are closed source, the mission has exposed some obstacles. Even so, they made an effort to contact some prominent projects to fix the errors, while Solana Labs also corrected the references to ensure that subsequent new projects were error-free.
Join Bitcoin Magazine Telegram to keep track of news and comment on this article: https://t.me/coincunews
Follow the Youtube Channel | Subscribe to telegram channel | Follow Facebook page