The Solana ecosystem has faced an unprecedented number of security risks last year. Even before the FTX collapse severely impacted SOL, Solana had been through a hard spell, partly due to a few network outages that made it impossible for users to access the blockchain for short periods. Some say Solana DeFi has too many security flaws.
Solana had also suffered multiple exploits, most recently in August 2022, when thousands of accounts were drained due to an exploit of its system loophole.
Solana continues to push boundaries in the face of these incredible setbacks, and it remains one of the top blockchain networks for building DeFi apps. It is is a fast and secure blockchain with multiple permissionless features, including proof of history and delegated proof of stake. Solana is also known for offering quick transaction times and inexpensive fees compared to other competing platforms.
Do the recent security incidents in Solana spell its doom? Not really, since there are various solutions to those problems, and this article explores them all.
1. An Exploitation of a Cross-Chain Bridge: Wormhole
Perhaps one of the most devastating examples of security exploits in crypto history is the $320 million Wormhole hack in early 2022. This attack mainly targeted Wormhole’s Solana-Ethereum bridge. The attacker could only exploit it thanks to a vulnerability on the Solana side.
The Wormhole protocol lets users move their tokens and NFTs between Solana and Ethereum. An Ethereum token is deposited, verified, and locked by the smart contract. Then an equivalent amount of tokens is minted at the other side of the bridge and sent to the user’s wallet.
As Solana is not compatible with EVM chains, the bridging solution demanded a custom implementation for both the Solana and Ethereum sides, and each had to communicate with the other seamlessly. As it turned out, the Solana implementation of the bridge ran on Solana 1.7.0, which allowed the use of the insecure load_instruction_at method. As a result, the attacker manipulated the unpatched Rust contracts on Solana to mint 120,000 wrapped ETH tokens. They then used those tokens to claim the ETH that was held on the Ethereum side of the bridge.
Hubble Protocol’s Approach and Solution
The Wormhole hack was possible because the dev team had pushed framework security changes to their public GitHub repository before deploying the patch to production. The exploit came just a few hours after the developers had pushed the patch to GitHub but failed to deploy it. This highlights how crucial it is for teams to guard themselves against potential security risks when making critical security updates to their smart contracts.
One of the ways Wormhole could have handled the situation was to use a local commit containing security patches to update the programs on Solana before pushing updates to a public repository. An experienced auditing team would have detected such loopholes in the smart contract code during the manual testing stage.
Another option we recommend is the Net Outflow Caps that allow projects to limit the loss of funds on the protocol in the case of an exploit. It is clear that the first sign of an attack typically involves unusually large and/or many transactions going to the same address in an extremely short period. The Net Outflow Caps work by putting restrictions on withdrawals if the net-outflow ceilings for collateralized assets have been reached during a particular window. This helps to prevent the loss of user funds in the case of an exploit.
For instance, a Net Outflow Cap on ETH would prevent an attacker from minting an unlimited amount of ETH while also giving the protocol time to react. The attacker would only be able to mint a certain amount of ETH in a given window before the Net Outflow Cap is triggered. Even if funds are lost, a prompt response such as this is crucial to prevent further loss.
2. Exploiting Solana DeFi Protocols: Raydium
In a separate incident, Solana suffered a significant hack of one of its largest DeFi protocols, Raydium, in December 2022. According to the Raydium team, the exploit happened when the attacker managed to overtake the DEX’s “owner authority” and used that access to drain Raydium’s liquidity pools.
Considered one of the cornerstones of the Solana DeFi ecosystem, Raydium is an automated market maker that allows users to contribute assets to a pool in exchange for token rewards. However, the hack exposed Raydium’s vulnerabilities. It was taken down by a simple top-down method of exploitation in which the hacker took control of the protocol owner’s private keys. They then drained the funds by invoking the withdraw_pnl function on the contract used by the developer to withdraw trading and protocol fees.
According to crypto analytics firm Nansen, the hacker stole over $4.4 million worth of digital assets from Raydium, including $1.6 million worth of SOL.
Hubble Protocol’s Approach and Solution
Since the private key loss was the main reason for the Raydium hack, keeping such keys safe and never granting access to any third party is essential. Once an attacker gets a private key, they can use the kill function or withdraw all funds from the dependent contracts in a second.
As a project owner, you should be careful when creating the protocol’s administrative roles. Build the system so that even if one of the admins’ accesses is compromised, the whole system remains safe and intact. Under no circumstances should you give all the power to a single operator.
Also, establishing a bug bounty can encourage users to report any detected problems and help ensure the security of the overall ecosystem.
3. An Exploitation by Market Manipulation: Mango
Another popular Solana DEX, Mango, was exploited for over $100 million in October 2022 after a rogue whale inflated MNGO’s value and drained the protocol’s liquidity.
Mango offers trade spot and perpetual futures, allowing Solana DeFi users to bet on the price performance of assets like SOL, ETH, and BTC. Like any DEX, Mango relies on smart contracts to match user trades. However, smart contracts are decentralized and are not overseen by a centralized third party. So anyone can deploy enough money to exploit loopholes in any protocol without the risk of being stopped.
The attacker pulled off the heist by manipulating price oracle data—a system used to track the prices of different crypto assets—to drive up the value of their MNGO collateral and then took out loans from the Mango treasury. They then took out $116 million from all tokens available on Mango, which effectively wiped out its liquidity. This was possible as MNGO was a thinly traded token with low liquidity, which allowed the rogue trader to manipulate prices quickly.
4. Another Price Oracle Exploitation on Solana: Solend
Solend, another Solana DeFi protocol, was exploited through a price oracle attack barely weeks after Mango Markets was attacked in the same manner.
Solend is a Solana-built lending and borrowing protocol that allows users to borrow and earn interest on crypto assets with the help of lending pools.
The attack targeted Solend’s three lending pools and stole $1.26 million that the firm deleted as bad debt. Like the Mango hack, the attacker exploited Solend’s price data oracles by tricking the system into valuing collateral assets higher than they should be. This gave them “credit” to borrow funds from various pools with a higher actual value than their inflated collateral had. In this instance, the attacker borrowed USDH stablecoin funds, never to repay them, resulting in a net $1.26 million loss for Solend.
Hubble Protocol’s Approach and Solution
Price oracle attacks on Solana have been successful because of the low levels of liquidity on the blockchain. With liquidity and trading activity on Solana dropping daily, it’s become much easier to manipulate the price of illiquid collateral tokens via smart contract exploits.
It’s usually a good idea to participate in a DeFi protocol that has undergone a comprehensive audit to minimize risks. A smart contract audit by a reputable third-party firm offers the surest way to avoid exploits related to price oracle attacks. A smart contract security audit involves a comprehensive review of the code and functionality of your smart contract to ensure users’ digital assets are safe, secure, and functioning as intended. In addition, the vulnerabilities that malicious actors could exploit are identified and addressed during the audit process.
Also, a one-time security audit isn’t enough—even a thoroughly tested and well-audited DeFi platform can still be hacked. We recommend performing new audits every time the code is updated.
5. A Supply Chain Exploit: Slope Wallet
A supply chain attack is when a bad actor inserts malicious code into the software of a third-party vendor. This caused Solana users to collectively lose at least $6 million in various tokens from a large-scale Solana attack targeting their Slope mobile wallets. The exploit—that only affected hot wallets—was traced back to a Slope-connected third-party event logging platform that had inadvertently leaked the private keys of the affected wallets to the intruder. The attacker likely gained access to the private keys by infiltrating internet-connected data via iOS and Android supply chain attacks. This allowed them to approve the transactions on behalf of the victims and transfer the funds without the owners’ consent.
Hubble Protocol’s Approach and Solution
This attack highlights the risks of using your phone to interact with DeFi applications. Phones have many attack surfaces, such as cached-in software, internet connection, and downloaded apps that bad actors can use to infiltrate your wallet. Never use your phone on untrusted networks when participating in DeFi or signing transactions on the blockchain.
In addition, keep some of your assets in a cold wallet. Unlike hot wallets hosted online, cold (hardware) wallets help keep your private keys safe from hackers who would need to steal the physical wallet to gain access. A hardware wallet keeps your private keys offline on a device (such as a USB drive).
When you set up your hardware wallet, use a new set of private keys separate from the keys you use with your hot wallets. You can then use the keys on your cold wallet to sign DeFi transactions to minimize the chances of your information being exposed online.
Conclusion
DeFi protocols should conduct regular security audits and monitor network activity to prevent exploits. Projects must step ahead in mastering DeFi security with updated monitoring and alerts for security risks and incidents. Have systems that actively monitor transactions at any given time and can detect anomalous or suspicious activity, such as sudden spikes in usage or changes in price.
As a user of DeFi protocols, you should do your homework before participating in any DeFi or blockchain project. Pay particular attention to smart contract audits and only invest in projects with rigorous tests and safety measures to avoid hacks.
Lastly, safeguard your wallet. Your private keys must always be kept secret and private, while cold wallets offer the most secure way to store private keys.
Check Everstake Twitter and Discord for the latest updates.
Read more
- in How to stake Solana SOL: a beginner’s guide we explore the main aspects of Solana staking.
And If you have any questions you can always contact our Solana Blockchain Manager on Twitter.