Bug in Solana lending contract of Solana Program Library (SPL) was found and fixed by the Neodyme. Security auditing firm found the bug and disclosed it immediately to the firm, otherwise, it could have affected several DeFi protocols with a total value locked (TVL) of $2 billion.
A security agency, Neodyme, discovered a bug in one of the lending contracts that is part of the token’s Solana Program Library. This bug put the funds of several protocols at risk. The firm discovered the bug and alerted about it, but due to the innocuous effect of the bug, it had not been resolved. This bug caused the rounding error by which more tokens were being deposited by the users to the contract.
Bug in Solana lending contract fixed:
There is no report that the bug was exploited in an organized attack that targeted the vulnerability directly. Bug in Solana lending contract was putting $2 billion in several protocols at risk. The security firm has also revealed that if the attack was done in a smart way, it would not have triggered any alarm. Neodyme explained it further by saying:
We believe the most secure code is open-source, and as auditors, we believe one of the best ways to write better code is to understand vulnerabilities.
Bug in Solana lending contract was fixed and the contracts were audited independently. These contracts were Solend by Kudelski and Larix by Slowmist.
Read more here.