Solana error could lead to theft of $ 2.6 billion
Solana's protocol corrects a potential error that could lead to theft of $ 2.6 billion.
This hack would be one of the largest in cryptocurrency history. For example, to date, all DeFi applications in exploits have lost about $ 2 billion.
Due to a vulnerability in the protocol library (SPL), attackers would be able to steal funds from projects on this blockchain at $ 27 million per hour. Hacked projects such as Tulip Protocol, Solend, Soda, Larix, which have a billion-dollar blocked amount of funds (TVL).
The error was found in June 2021. They wrote about it on Github. However, it was not solved until December. During the verification of the potential risk, it was found that the error can lead to theft of funds through an infinite number of tiny transactions.
The problem was incorrect rounding of transaction amounts. The fact is that the aforementioned applications round up amounts during transactions to the nearest whole number. As part of the exploitation of this error by attackers, this would lead to the theft of a whole state.
It turned out that the error can be triggered up to 150-200 times in a single transfer of funds, and this would lead to theft of money from the pools in the amount of $ 7,500 in one second. Fortunately, the researchers were able to convince the Solana Labs developers to make the necessary corrections to the SPL.