We recently discovered a critical bug in the token-lending contract of the solana-program-library (SPL). This blog post details our journey from discovery, through exploitation and coordinated disclosure, and finally the fix.
When CS:GO clients connected to our server, they got more than a game. We found 3 RCE vulnerabilities to give clients an unexpected 'welcome'.
Ready for a deep-dive? 🎮🔧🎆
#InfoSec
#CSGO
#Exploit
Who **actually** controls the largest projects on
#solana
? What's the deal with Upgrade Authorities? Are your funds more safu in DeFi contracts than they were on
#FTX
?
Let's find out 🧵👇
Heads up
#solana
#developers
!
Our team has been helping
@solana
with peer-reviews and we'd like to share what we've learned over the course of our audits:
Technical Analysis of the Ledger Supply-Chain Attack 🧵
We did a brief analysis of today’s attack against the
@ledger
browser integration. This is what we found.
Ledger’s browser integration, Ledger Connect, was attacked via a suspected supply chain attack. The attacker…
We believe every software project should clearly communicate its bug bounty policies and how to get in touch regarding security issues. In order to facilitate this, we brought security.txt to Solana:
The bug was fixed, and dapps updated promptly to close the vulnerability. We believe the most secure code is open-source, and as auditors we believe one of the best ways to write better code is to understand vulnerabilities.
The total TVL at risk was about 2.600.000.000 USD. Some of that value is lent out, and some other low-value coins are not economically viable to steal, but the potential profit was easily in the hundreds of millions.
Total Loss of Funds
The story of Solana's highest-severity bug -- and how we found it back in late 2020.
Among other things, it allowed us to:
- Mint or steal any amount of any token
- Modify any NFT
- Delete liabilities in any lending protocol
The Solana Foundation disagrees with the characterization of SOL as a security. We welcome the continued engagement of policymakers as constructive partners on regulation to achieve legal clarity on these issues for the thousands of entrepreneurs across the U.S. building in the…
1/4 🧵
There's been a lot of fuss around the recent
#Solend
DAO vote, with lots of discussion about what a protocol should be able to change about its
#Solana
smart contract.
Check out our new blog post on our journey of finding and reporting bugs in Solana Core. In this one, we explain a powerful rug pull mechanism that we found about a year ago, and has subsequently been patched:
Many dApps need on-chain
#randomness
. But how can you efficiently obtain true randomness in a decentralised, trustless system? It turns out that this is an unsolved problem. Current solutions, including Verifiable Random Functions (VRFs), have fundamental issues. 🧵👇
Check out our newest blog post on one of the critical vulnerabilities we found in Solana's validator code. This bug allowed anyone to inflate their stake to virtually any value, disrupting consensus. It was quickly fixed after we reported it last year.
Have you ever pushed a secret to github by accident?
Did you try to rewrite history with a quick
`git reset --hard HEAD^ && git push origin -f` ??
Well, maybe you should read our new blog post.
Let's just say the internet never forgits👀
We all know vyper's reentrancy locks didn't work. But why? How was it exploited?
And why does this account hold more tokens than the total supply?
Let's dive in 🧵👇
Of the 10 projects analysed, we found the following about their upgrade authorities: (educated guesses)
- 3 have a hot wallet 💩
- 2 have a hardware wallet
- 5 have a multisig or DAO
Many are currently migrating to a mixed solution.
Ever wonder what happens when you let the world's best auditors loose on a program written by Solana OGs?
Our audit report for
@sanctumso
's Infinity protocol is now public. ♾
In Amsterdam for
@SolanaConf
this week? 👀
Today, we're hosting the Neodyme Security Stage at Het Hem!
A full day dedicated to securing the Solana Ecosystem.
Here's a breakdown of the day! 📅👇
#Breakpoint2023
Wow, what a week it has been! It was great to be hosting the security stage at
@SolanaConf
this year. Thanks to everyone who came to meet us, and a big THANK YOU to the teams at
@solana
that made this happen.
Now, back to auditing. 👋
Are you from Munich and interested in Blockchains?
We're partnering with
@SuperteamDE
,
@StakingFac
,
@solanabeach_io
, TUM Blockchain Club and
@Solana
to host the Munich Blockchain Startup & Hackathon Day!
📅 March 9th, 15:30-19:30
We're excited to announce NeodymeGPT. Going forward, you can simply ask NeodymeGPT whether there are any bugs in your software.
Subscriptions will start at $1337/mo.
We've even decided to open source the code of our Free Tier version:
@m_schneider
@aeyakovenko
The workshop is gonna be super interactive so it's hard to record anything useful but we'll publish all the resources and some tutorials so you can solve all of the exercises online as well.
1/2 Ever wondered how you would go about implementing an on-chain casino on Solana? Our latest series of blog posts is the only guide to on-chain randomness you will ever need!
👇
We've been pushing for more transparency in upgrade authority handling for some time now.
If you see a large project using a hot wallet or hardware wallet, you can help us by asking them why they haven't migrated to a multisig. Stay safe out there.
What are Upgrade Authorities (UAs)? 👮
UAs are the accounts in charge of changing a solana program's code.
Naturally, they pose a huge security risk. If you control the UA, you control the smart contract and its funds.
If you see a hot wallet, or even a hardware wallet, being used as an upgrade authority for a major dApp, be careful when interacting with it. ⚠️ They potentially have the power to rug pull all of your funds.
We'll host a dedicated Security Stage at Solana Breakpoint
@SolanaConf
this year!
Featuring an exciting line-up of Breakpoint's deepest and most technical talks on Security & Solana Core
🤫🤫🔐
This year at Solana Breakpoint,
@Neodyme
will host Neodyme Security Stage November 1, covering the latest in IT & web3 security research! 🔐
Join us at the cutting edge of change in Amsterdam from Oct 30 to Nov 3.
Get your ticket today:
3/4
There are many different ways of managing your program upgrade authority, and they are all subject to a trade-off between decentralization, security and ease of upgrading.
Behind the scenes as we get set up for the drawing to determine the schedule for
#Pwn2Own
Toronto 2022. We’ll get started tomorrow (Dec 5) at 3pm Eastern. Watch it live here and on YouTube at
Neodyme's
@_localo_
@0x4d5aC
@r0bre
are competing in
#pwn2own
with 2 entries:
In the SOHO smashup category, we will be demonstrating a Netgear Router -> HP Printer exploit chain.
In addition, we have a second Netgear WAN exploit in our back pocket!
After a herculean effort by the scheduling crew, the agenda for
#Pwn2Own
Toronto 2022 is now available. 26 contestants. 66 entries. Four days. It should be a great event.
👾 You play CTF and still need a DEFCON ticket?
We've 2 tickets left over and want to give them away!
Follow us and comment with your favourite CTF writeup to win!
Ends Aug 3rd 12:00 CET
#defcon31
#DEFCON
However, they are a necessary evil.
If you want to fix a bug in a program, or add new features, this is done through UAs.
For more info on UAs, check our blog post from June:
🎃👩💻 Hacks are SCARY 👻🔐
Unmasking the Hacky Halloween Party at
#Breakpoint2023
!
Dress up to be safe from the hackers!
🎟️ Access Limited: Hack your way into the guestlist now
Congrats to
@b2ahex
for winning
@PwnieAwards
Top Desktop Bug category this year! Well deserved.
It was a great honor to be nominated for our CS:GO 0day research - thank you!
🔐 Learn how to "Hack Cryptography" in our intense 2-day training at
@defcon
this year
You will learn all about common mistakes made in cryptographic implementations and how they can be broken.
Secure your spot today!
📅 August 14th - 15th
📍Las Vegas
In technical terms, Riverguard is a live transaction fuzzer. It takes real current transactions, modifies them like an attacker, and then tests them in a simulation. 🤖
First, you need to find the program address of the dApp you are trying to investigate. There are many ways to do this: Often, it is listed in the docs or open source code.
🕵️♂️🪙🌆
Guess the mystery city on our 2022 mint Neodime and win an exclusive merch package including our hoodie, tshirt, socks, bag, stickers and a coin!
#Breakpoint
Submit your guesses at
The upgraded program has a new Instruction, “DoSexualAction”. This instruction allows the attacker to withdraw funds from the contract.
In 3 transactions, the attacker withdrew about $230k
While we're busy in Berlin, our team is taking a Munich trip to host a Solana Blockchain Night in the Bavarian capital.
We invite you to join us this Thursday (February 16th), at the Center for Digital Technology and Management in Munich!🥨
See more below🧵👇
The smallest errors can have grave consequences. That’s why it’s important to double-, triple- and quadruple-check your code.
We will continue to assist cypher protocol in trying to find solutions for the difficult situation they are in.
➡️ Training: Hacking Cryptography
Cryptography is hard and error prone.
🧠 Learn how to exploit cryptography and how to properly use it to defend yourself! 🧠
Join us at
@HITBSecConf
for the onsite training!
📅17th - 19th April
📍Amsterdam
Riverguard does multiple checks like this. On every transaction. And now, after we've already found and reported multiple bugs with Riverguard, we're opening it up for the community!
And what's best: Its free! 🎊
What does "like an attacker" mean? Well, unlike many fuzzers, instead of just flipping bits, Riverguard uses a set of carefully crafted Fuzzcases.
Each Fuzzcase implements a specific potential attack. For example: Missing Singer checks.
This data helps researchers to get in touch with you, even if they only have your program id.
We recently had trouble finding contact information for multiple smart contracts. This project has been born out of that very real frustration.
👾 You play CTF and still need a DEFCON ticket?
We've 2 tickets left over and want to give them away!
Follow us and comment with your favourite CTF writeup to win!
Ends Aug 3rd 12:00 CET
#defcon31
#DEFCON
Once you have the program address, you can use any explorer of your choice to find its upgrade authority -- it's listed directly on its explorer page. You can also see the address of the program data and the last slot it was changed.
The Missing Signer Check Fuzzcase removes all signers from a Transaction, and adds a new signer just to pay transaction fees. If this transaction succeeds, the program in question is potentially missing a crucial Signer check. 🚨
Cryptography is hard.
Thankfully, you don't have to learn it all on your own. Our training "Hacking Cryptography" will turn anyone into a codebreaker Alan Turing himself would be proud of 🧠
The 3-day training will be offered April 17-19 at
@HITBSecConf
:
Lets check the UA. If there are many transactions within a few seconds landing in the same slot, the upgrade auth is almost certainly managed by a hot wallet. OTOH, if the upgrades are managed using a multisig or DAO, you can see this by program invocations in the upgrade txs.
For those who've been asking, this will be *very* interactive and technical. Most of the time, you'll be reading code and writing exploits for contracts. You should already have some experience writing rust code and ideally also Solana smart contracts.
If not, you can try and see if a block explorer like solscan already knows the address of that dApp by its name. Finally, you can also do a test transaction and view the program it interacts with on-chain.