Solana has raised an incredible $ 2.6 billion that could generate additional revenue through various Defi projects.
Security research group Neodime announced on December 3 that it had found a loophole in the Solana Protocol Library loan agreement. Now Larix, Solana Labs, Solend and Tulip are fixed.
A hole is worth billions of dollars
Neodymium said it recently discovered a loophole in the Solana Program Library (SPL) that could allow users to "ask" for the nearest whole number when withdrawing money from a word contract. This is only true if the error chamber is Lamport (similar to Satoshi in Bitcoin). ) lose some variables that some users have in common with the normal situation.
But for enthusiasts, this little difference turns into a big moment of profit. Neodime noted the resistance of a copy of the Solana blockchain, and “acquired” 0.000001 BTC (approximately $ 0.047) in a single transaction.
According to Neodiim's estimates, if you want to make huge profits, this gap can be closed 300 times in a business, and if you have multiple trades in the same block, you can "more" every second. At US $ 7,500 or US $ 27 million per hour, that equates to winning a Lamborghini Huracan per minute.
Attack validation process. (Source: Neodigm)
Setting the emergency alert
Neodymium discovered that the conflict had spread to several DeFi projects in Solana, including eight loan companies, including Larix, Solend, Tulip, Accumen and Soda, where the risks could be significant, with for all related TVLs around 2, $ 6 billion that I earned.
Neodymium immediately contacted the working groups of Telegram, Discord, Twitter, email and other means, and found that our work, Soda, Acumen and Port, was uninterrupted as they were either flaws fixed or not yet started borrowing services. Income Consolidation Tulip, Loan Consolidation Solend and Larix took immediate steps to prevent the securities from being deducted more than their deposit.
Note that on June 5, 2021, scientist Neodyme Simon reported the negative effects of Github. However, the labor costs are higher due to the large amount of money that can be "won" and the quality of the strike leads to disadvantages. The treatment does not result in serious injury. However, if the stolen currency is exchanged for an expensive token such as Bitcoin, the transaction fees may be paid with the illegal value.
As Neodymium pointed out:
While collecting and dropping coins seems like a problem, it has to be seen as a bad thing.
Because you never know what the token will be worth in the future.
At this time, it is not easy to capture the attack as the attack is very slow and can last for a few days or more. Ideally, non-invasive treatment is essential because APYs have a loss of reach and human alertness. We encourage employees to add themselves to the list of known keys in Solana Explorer so that they can take advantage of the community to see if they are safe or not. Solana Labs has updated the data using the update to ensure that: No inconvenience will occur with future new operations.
Scan QR code with WeChat