Since a year ago, the Solana ecosystem has seen super rapid growth while witnessing multiple hacks (involving Wormhole, CashioApp, CremaFinance, Nirvana, and Slope Wallet), which collectively caused close to $400 million losses.
Importantly, most of these hacks (except Slope Wallet) were due to smart contract vulnerabilities, i.e., coding flaws in on-chain protocols:
In this article, we review the essence of these hacks and aim to find effective solutions to prevent such attacks in the future.
The first three hacks (Wormhole, CashioApp and CremaFinance) were rooted in missing proper account validations.
By coincidence or not, these attacks also caused the largest financial losses.
Both CremaFinance and Nirvana hacks involved direct flash loan transactions and were both through Solend.
In CremaFinance, the flash loan was used to bootstrap the deposit liquidity.
In Nirvana, its internal price oracle was manipulated by the flash loan.
Based on the characteristics of these attacks summarized above, we recommend the following security practices:
In writing a Solana smart contract, always keep in mind that all inputs can be faked by attackers, including all the accounts and external programs (i.e., user wallet accounts, PDA accounts, and other smart contracts).
Solana’s programming model decouples code and data, so all accounts used in the program must be passed as data inputs.
In almost all cases, you should validate:
Depending on the protocol logic, you should also check:
As all these hacks involve multiple transactions spanning at least minutes or hours of time, it is possible to proactively detect suspicious transactions early and throttle the attacks in the middle.
This is a unique property of Solana, which allows on-chain threat monitoring techniques to help effectively prevent and stop security attacks as a defense solution (rather than merely a passive observer of irrecoverable attacks):
In principle, a threat monitoring solution may help:
If any of the monitored transactions led to a fake account or an abnormal state used in a subsequent hack, detecting them early could help stop the hack.
sec3 Pro (https://pro.sec3.dev) offers a one-stop, end-to-end solution to secure Solana projects.
Pre-deployment: sec3 X-ray auto auditor can check 50+ types of Solana smart contract vulnerabilities 7x24, powered by an inference engine that can infer account relationships and pinpoint any missing account validations. It also includes sophisticated checkers for flash loan vulnerabilities and abnormal states.
Post-deployment: sec3 WatchTower features an in-situ security monitoring service for Solana smart contracts. It detects suspicious transactions, and prevents and stops security attacks in real-time. More details can be found in Announcing sec3 WatchTower: Smart Monitor for Smart Contracts.