Why are Solana DeFi protocols continuously exploited?

In recent weeks, the mango markets of Solana and Solend have been attacked.

Solana DeFi attacked again

Solend, a lending and borrowing protocol atop Solana, reported that an attacker took $1.26 million from users’ accounts. The exploit resulted from an oracle attack, in which an attacker manipulated the oracle prices of volatile assets to borrow protocol funds against them at a higher real value.

Solend disclosed that three loan pools had been compromised, tweeting that: “An oracle attack against USDH affecting isolated pools Stable, Coin98 and Kamino has been detected, resulting in a bad debt of $1.26 million.”

A “bad debt” occurs when an attacker tricks a protocol’s price oracles by overvaluing collateral assets. This provides them with “credit” to borrow funds from a protocol whose real value is greater than the inflated value of their collateral. In this case, the attacker had no intention of reimbursing USDH stablecoin funds, resulting in a net loss of $1.26 million for the protocol.

SolBlaze announced shortly after the attack that it had discovered one of the attacker’s pseudonymous identities. But it is currently unclear if Solend can come to an agreement with the attacker to protect user funds.

Oracle price manipulation has already been used to attack DeFi protocols on Solana. For example, an attacker exploited decentralized trading platform Mango Markets for over $100 million last month by inflating the price of the native MNGO token. Thus, the attacker could withdraw large loans from multiple token pools, reducing the liquidity of the protocol.

Later, Avraham Eisenberg, a self-proclaimed “applied game theorist”, revealed that he and a team had carried out the attack. Mango markets assured Eisenberg that Protocol would not pursue legal action against him in exchange for $53 million in stolen assets. Although Eisenberg maintains that his actions were not a feat but rather a “highly profitable business strategy”, this was not convincing to many.

Low liquidity and high price

The attackers managed to manipulate Solana’s price oracles due to the blockchain’s lack of liquidity. According to DefiLlama, the total value of Solana DeFi protocols skyrocketed during the 2021 bull run, reaching a high of $10.17 billion in November.

Nevertheless, almost a year after the start of the current crypto winter, Solana Liquidity dries up. The network currently hosts assets worth just $940 million, down 90%. In recent months, Solana’s on-chain activity, acting as a proxy for trading volume on the network, has also declined.

When Solana had ample liquidity, many DeFi protocols began allowing users to use lesser-known tokens as collateral for loans and transactions. Although tokens such as MNGO were not traded as actively as ecosystem stalwarts such as SOL, USDC, and ETH, there was sufficient liquidity that positions would be liquidated in the event of a user default.

It turns out, however, that the ability to liquidate these collateral funds was not the most important concern for the protocols. The daily dips in liquidity and trading activity on Solana have made it much easier to manipulate the price of illiquid collateral tokens.

Attempting an oracle attack during the peak of the bull market would have been futile and would almost certainly result in financial loss for the attacker.

Under current circumstances, however, such exploits have become increasingly lucrative, assuming the attacker has enough funds to manipulate prices in the first place.

Those who have deposited funds in Solana DeFi protocols should be aware of the current risks. While not all protocols are vulnerable, those that offer more exotic tokens as collateral can be susceptible.

Eisenberg identified potential exploits using price manipulation techniques similar to his attack on Mango Markets, showing that he actively searches for protocols with vulnerabilities. If liquidity on layer 1 chains like Solana continues to decline, future price oracle attacks similar to those on Solend and Mango Markets are likely.

Source link