Solend Oracle Fail Costs Them $1.26 Million

In today's edition of YIYL, (You Invest, You Lose) we head back to everyone's favourite Ethereum killer Solana, where operating hours seem to be a big problem, and when it is running smoothly the hacks and breaches are faster than any other platform as well as so cheap. I mean with those low fees why would you not want to spend time hacking people on Solana?

If it's not Solana that's causing issues its things built on Solana, which makes sense, if your base foundation isn't reliable, why should anything built on top of it be? That makes zero sense.

An example of this is the protocol we're looking at today Solend is a lending platform based on the Solana network. It is pretty simple, you borrow or lend assets and use an algorithmic protocol to determine interest rates and collateral amounts. The service has been around for just over a year as it launched in August of 2021.

Solong Solend

Since Solend allows for multiple tokens support on Solana, there are several contracts running that have to speak to different oracles, and if one goes wonky it can easily be manipulated because you're pulling in data, not native to the chain, so it can't be verified and can be subject to corruption.

And that oracle issue that plagues any multi-token and chain service shows its ugly head again. Solend announced that an exploiter had manipulated the oracle price of an asset on their platform, allowing them to take out a loan that left the platform with $1.26 million in bad debt.

They reported that they had paused affected pools, and did not anticipate other pools on the platform were at risk. The exploit was centered around the hubble stablecoin (USDH) and affected the Stable, Coin98, and Kamino lending pools, according to a tweet by Solend.

https://twitter.com/solendprotocol/status/1587671511137398784

DEFI doing very centralised things

Solend said the three pools that have been affected are safely disabled and that exchanges have been notified of the exploiter's address. So first of all, you are supposed to be DEFI, how are you pausing services? That doesn't sound very decentralised to me, if anything that sounds like a tech company trying to be reactive to a vulnerability in their system.

https://twitter.com/PeckShieldAlert/status/1587686180962783234?s=20&t=ZtXslLpG4853HIl2TrRt8A

Second of all, if code is the law and the user found a way to open up a loophole, why are you running to the authorities, clearly your laws don't work properly. Solend will try to recover the funds with the help of authorities and exchanges should the traced funds not be tumbled and collateralised on chain and moved to different chains or assets.

If that person is dumb enough to touch an exchange with now blacklisted coins, they're not going to be having a good time of it thats for sure.

Also if coins can be blacklisted how is that censorship-resistant and immutable? Doesn't sound like an open monetary network to me, more like a PayPal with less control over their funds and wish they had more control.

How many times must the same mistake happen for people to learn that this is nothing more than a shell game? I don't know, but clearly many more times.

Survivorship bias is one hell of a drug.

Sources

• coindesk.com
• bitcoin.com
• bybit.com

Have your say

What do you good people of HIVE think?

So have at it my Jessies! If you don't have something to comment, "I am a Jessie."

Let's connect

If you liked this post, sprinkle it with an upvote or esteem and if you don't already, consider following me @chekohler and subscribe to my fanbase

Earn Free bitcoin & shop	Earn Free Bitcoin & shop	Claim Free Bitcoin & Shop

Posted Using LeoFinance ^Beta