Fixed errors in the Solana tokenbail contract, made more than $ 2 billion usable-
Fixed errors in the Solana tokenbail contract, made more than $ 2 billion usable-
US-Dollar-utbar.jpg" Class = "Story__img Article__Poster" Alt = "Solana" Loading = "Lazy">
An error in the token-loan contract of the Solana Program Library (SPL) was recently found and remedied by neodyms, a security examination company. The error discovered a few months ago could affect several decentralized financial protocols with a total value of more than $ 2 billion (TVL). Your team identified the possible protocols that used this contract (or derivatives of it) and immediately announced the error.
Solana SPL rounding error endangers funds
An error in one of the token-lending contracts, which is part of the Solana program library (SPL), a group of on-chain programs that aim at the parallel term of Sealevel on Solana, endangers the funds of several protocols. Neodyme, a security authority, had this vulnerability was discovered and made aware of it, but the error was not remedied due to its apparently harmless effect.
The error caused a rounding error that delivers more token than the users paid into the contract. However, the error was not exploited without an organized attack that aimed directly at the sustainability of security. Neodyms, the auditing group, managed to reproduce it and create a script that benefits from it.
Meaning of Open Source
More than $ 2 billion in several tokens for this protocols threatened to slowly exploit the use of this exploit. If the attack had been carried out in an intelligent way, he would not have triggered alarms and would only have been recognized in some pools as a slow drainage of APY. Neodym noticed the importance of open source code so that auditors can be included and help to remedy this type of error. It was said:
We believe that Open Source is the safest code, and as auditors we believe that one of the best ways to write better code is to understand weaknesses.
After Neodyms discovered this exploit, he shared his existence with teams that would probably use the program as tools for their operations. Among them were some protocols on the Solana. Not open source are chain , and cannot be checked directly by their users. This made it difficult for you to check directly whether these platforms could be used by the error. However, you have communicated with the teams behind these protocols that are responsible for the individual correction of the problem.
The SPL token-Lending contract has already been checked and two projects that use it were also checked independently: Solend by Kudelski and Larix by Slowgmist.
What do you think of the exploit corrected in the Solana token credit agreement? Tell us in the comment area below.
Bedy verification : Shutterstock, Pixabay, Wiki Commons