April 1, 2022
On a $20M Bug in Jet Protocol
Recently, Charlie You disclosed a vulnerability in the Jet Protocol. The vulnerability would have caused $20m loss of Jet users’ funds if exploited. Fortunately, Jet patched it before any user was affected. sec3 team identified something tricky in Jet-v1’s code and had a discussion with Charlie shortly after the disclosure. It turns out that the vulnerability has a different cause (unexpected by Charlie)
March 24, 2022
CashioApp Attack - What’s the Vulnerability and How X-Ray Detects It
The Cashio stablecoin (CASH) protocol recently lost $50M in an attack. The attacker was able to mint 2,000,000,000 CASH tokens for almost free. The root cause is a vulnerability in the Cashio’s brrr smart contract. Soteria team conducted an in-depth analysis of the attack. Importantly, the vulnerability can be automatically detected by Soteria’s Premium Auto Auditor. This article elaborates on the details.
March 21, 2022
Solana Programs Part 1: Understanding SPL Token Mint
Most user-deployed Solana smart contracts (directly or transitively) use the token program to mint/transfer/burn tokens (i.e., SPL tokens). SPL tokens are similar to ERC20/ERC721 token with tricky differences. In this article, we elaborate on the SPL tokens and introduce the internals of the most commonly used instructions in the token program.
February 3, 2022
The Wormhole Hack: How X-Ray Detects the Vulnerability Automatically
Recently, an attacker was able to steal more than $320 million from Wormhole, a popular bridge linking Solana and Ethereum. This article describes how we enhance our X-Ray tool and detect the vulnerability.
January 23, 2022
Solana Internals Part 3: The Transaction Processing Unit (TPU)
Solana recently experienced severe performance degradation due to network congestion. The TPS (number of transactions processed per second) dropped by orders of magnitude (from thousands to tens) for several hours. Technically, this problem is caused by performance bugs in Solana, in particular — the transaction processing unit (TPU). This article elaborates on the design of the TPU and highlights some intricacies.
January 16, 2022
Solana Internals Part 2: How Is a Solana Program Deployed and Upgraded
What happens inside Solana when you deploy a smart contract to the Solana Mainnet? Can a Solana program be modified or closed? How to upgrade a Solana program? Who is authorized to change a Solana program? This article focuses on the upgradability of Solana programs and highlights some intricacies.
December 31, 2021
Solana Internals Part 1: What Are the Native On-Chain Programs and Why Do They Matter?
Solana has a few built-in (native on-chain) programs (e.g., system_program, spl_token, stake, vote, ed25519, etc) that provide essential instructions and are generally trusted. In this article, we introduce the internals of these programs, and highlight some of the intricacies.
December 17, 2021
Solana Stake Pool: A Semantic Inconsistency Vulnerability Discovered by X-Ray
This article describes our journey in discovering the vulnerability and constructing the PoC. We note that the stake-pool code was audited before by multiple companies, which motivates the need of a more comprehensive and systematic audit process.
October 23, 2021
Solana Bug Bounty Hunting With X-Ray
Recently, using X-Ray, we identified a vulnerability in an on-chain Solana smart contract (jet-v1) and have been awarded a bug bounty. We thank the Jet Protocol team and Immunefi for their quick responses and generous support. The fix has been applied in this commit. This article shares our bug hunting experience with X-Ray.
October 14, 2021
Understanding Arithmetic Overflow/Underflows in Rust and Solana Smart Contracts
Rust is a popular language used in blockchains such as Solana and Polkadot. For many developers, it may be a misconception that Rust is memory-safe so it is free of arithmetic overflow/underflows. This article explains why Rust programs still suffer from arithmetic errors, how these issues affect blockchain security, and how to deal with them in smart contracts.
October 7, 2021
From Ethereum Smart Contracts to Solana Programs: Two Common Security Pitfalls and Beyond
Why Solana programs are faster than Ethereum smart contracts? What are their key differences? This article explains an essential difference between the two and illustrates two common security pitfalls in Solana programs.