{"id":455,"date":"2023-01-31T14:48:47","date_gmt":"2023-01-31T12:48:47","guid":{"rendered":"https:\/\/ackeeblockchain.com\/blog\/?p=455"},"modified":"2023-01-31T14:48:47","modified_gmt":"2023-01-31T12:48:47","slug":"2022-solana-hacks-explained-solend","status":"publish","type":"post","link":"https:\/\/ackee.xyz\/blog\/2022-solana-hacks-explained-solend\/","title":{"rendered":"2022 Solana Hacks Explained: Solend"},"content":{"rendered":"

Solend<\/strong><\/a> is a decentralized lending and borrowing protocol<\/strong> on Solana. On November 2, 2022, an attacker drained<\/strong> assets from Solend’s Stable, Coin98, and Kamino isolated pools resulting in $1.26M<\/strong> of bad debt.<\/span><\/p>\n

Exploit Details\u00a0<\/b><\/p>\n

Based on the report<\/a> from Solend’s team, the attacker previously attempted to exploit<\/strong> the platform on October 28, when he pumped up<\/strong> the price of USDH token on Saber<\/a> by spending 200k<\/strong> USDC. However, the pumped price got arbitraged<\/strong> in the same slot and reversed back to $1. The oracles could, therefore, never report the increased price. <\/span><\/p>\n

So, the attacker leant from his mistakes. On November 2, the he performed the same attack with minor differences.<\/strong> First, he spent 100k USDC to pump<\/strong> USDH price on Saber, and then he started spamming<\/strong> the Saber account so that no arbitrage could occur<\/strong> in the same slot as during the first attempt. The attacker then arbitraged himself<\/strong> in the next slot.<\/span><\/p>\n

This time the Switchboard oracle picked up the high price.<\/strong> By repeating the same procedure, the attacker was able to pump<\/strong> up the price of USDH, and by depositing, he borrowed<\/strong> assets worth $1.26M<\/strong>, effectively draining all pools<\/strong>. It was a sophisticated exploit as the attacker prevented the arbitrages<\/strong> in the same slot by write-locking<\/strong> the Saber account and predicting<\/strong> when the oracle<\/strong> would update the price<\/strong>. Solend’s vulnerability in this exploit was that it was looking for price<\/strong> updates only using the Switchboard oracle<\/strong> from Saber pool, making the price<\/strong> feed prone to manipulation.<\/strong><\/span><\/p>\n

Later on, the Solend’s DAO proposals SLND6<\/a> and SLND5<\/a> passed, making users whole<\/strong> from all the bad debts.<\/span><\/p>\n

In simple words, <\/b>it was a combination of a hack<\/strong> and a market manipulation<\/strong>: the hacker pumped<\/strong> the tokens price and spammed the oracle<\/strong> to make sure it picks the price which would be the most profitable for him. One can say that is was a more sophisticated version of the Mango Markets exploit<\/a> which didn’t involve any hacking.\u00a0<\/span><\/p>\n

Reference<\/strong><\/p>\n

1<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Solend is a decentralized lending and borrowing protocol on Solana. On November 2, 2022, an attacker drained assets from Solend’s Stable, Coin98, and Kamino isolated pools resulting in $1.26M of bad debt. Exploit Details\u00a0 Based on the report from Solend’s team, the attacker previously attempted to exploit the platform on October 28, when he pumped up the price of USDH token on…<\/p>\n","protected":false},"author":15,"featured_media":456,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[85,84,5],"tags":[14,86,6,19],"class_list":["post-455","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-exploits","category-hacks","category-solana","tag-exploit","tag-hack","tag-solana","tag-solana-security"],"aioseo_notices":[],"featured_image_src":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2023\/01\/Solden-1-600x400.png","featured_image_src_square":"https:\/\/ackee.xyz\/blog\/wp-content\/uploads\/2023\/01\/Solden-1-600x600.png","author_info":{"display_name":"Aleksandra Yudina","author_link":"https:\/\/ackee.xyz\/blog\/author\/aleksandra-yudina\/"},"_links":{"self":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/455","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/comments?post=455"}],"version-history":[{"count":0,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/posts\/455\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media\/456"}],"wp:attachment":[{"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/media?parent=455"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/categories?post=455"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ackee.xyz\/blog\/wp-json\/wp\/v2\/tags?post=455"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}