{"id":446,"date":"2023-01-30T11:43:36","date_gmt":"2023-01-30T09:43:36","guid":{"rendered":"https:\/\/ackeeblockchain.com\/blog\/?p=446"},"modified":"2023-01-31T14:49:58","modified_gmt":"2023-01-31T12:49:58","slug":"2022-solana-hacks-explained-cashio","status":"publish","type":"post","link":"https:\/\/ackee.xyz\/blog\/2022-solana-hacks-explained-cashio\/","title":{"rendered":"2022 Solana Hacks Explained: Cashio"},"content":{"rendered":"

Cashio<\/a><\/strong> was a decentralised stablecoin<\/strong> fully backed<\/strong> by interest-bearing Saber USD liquidity provider tokens<\/strong>.<\/span><\/p>\n

What happened <\/strong><\/p>\n

Like with the Wormhole hack<\/strong><\/a>, the attacker used fake accounts<\/strong> to mint<\/strong> Cashio’s CASH<\/strong> tokens and stole<\/strong> over $52M<\/strong>. It is worth mentioning that Cashio was never audited<\/strong> by a third party.<\/strong><\/span><\/p>\n

Due to a collateral token validation flaw<\/strong>, the attacker minted 2 billion CASH<\/strong> tokens using a faked<\/strong> worthless token<\/strong> as collateral. He then burnt<\/strong> part of the tokens for the Saber USDT-USDC LP tokens that he swapped<\/strong> for $16.4<\/strong> USDC and $10.8<\/strong> USDT, respectively. The remaining CASH tokens were swapped out<\/strong> for $8.6M<\/strong> UST<\/strong> and $17M USDC<\/strong> through Saber. What’s curious is that the hacker embedded a hidden message<\/strong><\/a> in the transaction that, after viewing the input data as UTF-8 says:<\/span><\/p>\n

“Accounts with less than 100k have been returned. All other money will be donated to charity”.<\/em><\/span><\/p>\n

Exploit Details<\/b><\/p>\n

Cashio has two programs: Bankman<\/strong> and Brrr<\/strong>. The Bank manager, or Bankman<\/strong> for short, keeps track of the collateral<\/strong> that is allowed to be used as a backing for the $CASH token<\/strong>. The Brrr<\/strong> program handles<\/strong> the printing and burning<\/strong> of $CASH<\/strong>, using Saber LP Arrows as collateral.<\/span><\/p>\n

In order to print $CASH<\/strong>, the brrr<\/strong> program performs checks that the exploiter could circumvent.<\/strong> First of all, the supplied bank account<\/strong> must correspond to the bank of the collateral used<\/strong>.<\/span><\/p>\n

impl<'info> Validate<'info> for BrrrCommon<'info> {<\/span>\r\n\r\n \u00a0\u00a0\u00a0fn validate(&self) -> Result<()> {<\/span>\r\n\r\n\/\/these checks passed due to fake bank account supplied\r\n<\/strong><\/span><\/pre>\n
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0assert_keys_eq!(self.bank, self.collateral.bank);<\/span>\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0assert_keys_eq!(self.bank.crate_mint, self.crate_mint);<\/span>\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0assert_keys_eq!(self.crate_token, self.crate_collateral_tokens.owner);<\/span>\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0assert_keys_eq!(self.crate_mint, self.crate_token.mint);<\/span>\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0assert_keys_eq!(self.crate_collateral_tokens.mint, self.collateral.mint);<\/span>\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\/\/ saber swap<\/span>\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0self.saber_swap.validate()?;<\/span>\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0assert_keys_eq!(self.collateral.mint, self.saber_swap.arrow.mint);<\/span>\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Ok(())<\/span>\r\n\r\n\u00a0\u00a0\u00a0\u00a0}<\/span>\r\n\r\n}<\/span><\/pre>\n
To pass the bank verification<\/strong>, the attacker simply created a new bank<\/strong> with the same mint<\/strong> as his worthless token mint.<\/strong><\/span><\/p>\n
Next, the Saber swap accounts are verified; however, the verification missed the critical check<\/strong> if the <\/span><\/p>\n
saber_swap.mint <\/span><\/pre>\n
actually matches<\/strong> the expected mint.<\/span><\/p>\n
impl<'info> Validate<'info> for SaberSwapAccounts<'info> {<\/span>\r\n\r\n\u00a0\u00a0\u00a0\u00a0fn validate(&self) -> Result<()> {<\/span>\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\/\/ missing verification that the saber_swap.mint is correct<\/span>\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0assert_keys_eq!(self.arrow.vendor_miner.mint, self.pool_mint);<\/span>\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0assert_keys_eq!(self.saber_swap.pool_mint, self.pool_mint);<\/span>\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0assert_keys_eq!(self.saber_swap.token_a.reserves, self.reserve_a);<\/span>\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0assert_keys_eq!(self.saber_swap.token_b.reserves, self.reserve_b);<\/span>\r\n\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Ok(())<\/span>\r\n\r\n\u00a0\u00a0\u00a0\u00a0}<\/span>\r\n\r\n}<\/span><\/pre>\n
Therefore, the exploiter supplied<\/strong> his fake<\/strong> worthless token<\/strong> as collateral<\/strong> and passed the checks<\/strong> proving that the collateral token corresponds to the expected token from the bank. There was no check<\/strong> to ensure that the token was indeed a Saber Arrow<\/strong> token leading to a successful transaction.<\/span><\/p>\n
In simple words,<\/b> the exploiter had to perform multiple steps and supply the worthless tokens<\/strong> he created earlier as collateral<\/strong> to mint 2 billion CASH tokens. The reason why he managed to do this boils down to the flawed verification of input accounts.<\/strong><\/span><\/p>\n
Reference<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"
Cashio was a decentralised stablecoin fully backed by interest-bearing Saber USD liquidity provider tokens. What happened Like with the Wormhole hack, the attacker used fake accounts to mint Cashio’s CASH tokens and stole over $52M. It is worth mentioning that Cashio was never audited by a third party. Due to a collateral token validation flaw, the attacker minted 2 billion CASH tokens…<\/p>\n","protected":false},"author":15,"featured_media":447,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[84,5],"tags":[86,6,19],"class_list":["post-446","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hacks","category-solana","tag-hack","tag-solana","tag-solana-security"],"aioseo_notices":[],"featured_image_src":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2023\/01\/Cashio-600x400.png","featured_image_src_square":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2023\/01\/Cashio-600x600.png","author_info":{"display_name":"Aleksandra Yudina","author_link":"https:\/\/ackee.xyz\/blog\/author\/aleksandra-yudina\/"},"_links":{"self":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/446","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/comments?post=446"}],"version-history":[{"count":0,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/446\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media\/447"}],"wp:attachment":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media?parent=446"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/categories?post=446"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/tags?post=446"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}