Becoming a Millionaire, 0.000150 BTC at a Time

Becoming a Millionaire, 0.000150 BTC at a Time

How we discovered a critical issue in Solana’s stable swap implementation. A story about arbitrage and rounding.

We discovered a critical rounding issue in the Solana Program Library’s implementation of stable swap, spl-token-swap. Similar to Neodyme’s spl-token-lending exploit, we were able to extract a single token per instruction. This exceeds the value of the 5000 lamport transaction fee on BTC stable swaps, allowing an attacker to profitably drain funds.

Solana: An Auditor's Introduction

A security focused introduction to Solana, exploring the underlying runtime environment, security boundaries, and implications. An important resource for all developers who want to write more secure code.

This blog post is meant as a security focused introduction to Solana written. We explore how exactly Solana’s runtime operates, what degree of control an attacker has, and any relevant security boundaries. That being said, we believe this is an important resource for all developers. With vulnerabilities putting millions in assets at risk, understanding what happens under the hood, even in passing, is crucial to writing safer code.

The $200m Bluff: Cheating Oracles on Solana

The $200m Bluff: Cheating Oracles on Solana

How we fooled oracles to beat the house. An exploration into liquidity tokens and oracle price manipulation.

We discovered a vulnerability in Switchboard’s liquidity pool token price feeds which could hypothetically allow an attacker to manipulate the price of liquidity pool tokens and possibly steal lending protocol funds. This was reported to all affected lending protocols.


© 2022. All rights reserved.

Powered by Hydejack v9.1.6