Home
News
- Solana Protocol Library bug, which had risks of $2.6 billion heist, has been fixed
- The bug could have allowed attackers to steal money from multiple SOL projects at a rate of $27 million an hour
- Tulip Protocol, yield aggregator, and some of the lending protocols, including Solend, Soda, and Larix, were among the targets
Solana, one of the rapidly growing blockchain projects, has been considered the Ethereum Killer. Since its establishment, the project has witnessed tremendous growth. However, although the digital ecosystem brings new evolution, rug pulls, and network exploits have dominated much of the buzz. Decentralized finance (DeFi) protocols have already lost more than $2 billion in total owing to such attacks on the platforms by illicit players. In the latest such hacking news, malicious actors were able to launder more than $120 million worth of cryptocurrencies from BadgerDAO. Further, Solana would also have faced such activities if a bug hadn’t been detected recently.
Read More: Solana could topple BTC and ETH in the near future
Solana network detects a bug
Recently, Neodyme security researchers have detected a bug on Solana. It has been known that if the bug were not detected, the network would have lost several billions of dollars worth of assets. According to Solana’s recent blog post, the researchers revealed a bug in the Solana Protocol Library (SPL). Indeed, an SPL is a set of reference documents for the projects based on the SOL ecosystem. The bug could have allowed attackers to steal money from multiple SOL projects at a rate of $27 million an hour. The total value on alert has been noted to be about $2.6 billion.
Targets that could have been affected
After noting the bug, the teams also revealed some of the targets that could have been affected by it. Such targets on Solana include Tulip Protocol, yield aggregator, and some lending protocols, including Solend, Soda, and Larix. Notably, all of these protocols on the blockchain have millions of dollars in TVL.
How did the researchers spot the bug?
This year in June, Simon, a researcher in the ecosystem, initially spotted the bug. After doing so, the researcher raised an issue on Solana’s Github page. However, at the time, the bug did not seem to pose a threat and went largely unnoticed. Later, the researchers again reviewed the issue on Wednesday, and they observed that the bug was not addressed or fixed.
Following the scenario, the researchers began to test the possibilities of exploiting the bug. Moreover, the tests also helped gauge potential damage that the issue could cause. Although the bug seemed a seemingly harmless rounding error, it was later realized that it could potentially steal a large number of funds through endless tiny transactions.
Such an issue was caused due to the apps on Solana that use the SPL reference documents to round funds to the nearest whole number. Notably, the factor would have resulted in users receiving or losing a tiny fraction of their funds.
