Solana based ANA stablecoin crashes after flash loan exploit

avatar

image.png

Solana can't seem to stay out of the news and not in a way you want to be featured. Around $3.5 million was exploited from the Nirvana Finance platform due to a flash loan exploit. Nirvana Finance is a DeFi protocol on Solana. As far as I know it, Nirvana Finance is not owned by Solana team and is a third-party project.

What is a flash loan?

A flash loan is similar to any other unsecured lending in the crypto space except for the fact the entire lifecycle is in a single transaction. That means a user will borrow and pay back funds immediately. This is only possible using platforms that support smart contracts.

The main reason to use flash loans is to take advantage of an arbitrage opportunity with more leverage.

Because flash loans are handled by a smart contract, they are generally considered safe for both parties. However if you exploit the price of one of the tokens in the transaction to make it seems as though the loan is repaid, you can come out with millions in profit.

Nirvana Finance exploit

This is how Nirvana Finance was exploited. A user took out a flash loan for $10 million dollars worth of USDC and minted $10 million worth of ANA. This increased the price of ANA in excess of $10 million dollars allowing the attacker to return fewer ANA tokens than they minted.

image.png

In this case, they were able to make around $3.5 million dollar profit. The price of ANA dropped around 90% as a result of this.

Flash loan attacks are not new and the largest known flash loan attack happened on Ethereum for over $182 million dollars.

Posted Using LeoFinance Beta

solana hive-engine vyb ctp cent proofofbrain neoxian archon leofinance
0
0
0.000
17 comments
avatar

A user took out a flash loan for $10 million dollars worth of USDC and minted $10 million worth of ANA. This increased the price of ANA in excess of $10 million dollars allowing the attacker to return fewer ANA tokens than they minted.

How did the price went up if the tokens were minted?
There were similar exploits on the PancakeBunny and the Belt platform, where they moved the price oracle for a bit ... not sure how did exactly happened here

0
0
0.000
Reply
avatar

How did the price went up if the tokens were minted?

Contract Algorithm

0
0
0.000
Reply
avatar

So a bad design ... realy bad coding practice there, especialy with a year of experiance in flash loans and tricking price oracles.

0
0
0.000
Reply
avatar

Shit eh? Not a bad pay day if you could get it. I'll be honest, at $3.5 million bucks I'd only need one day like that! I found 5 bucks in my pocket the other day and thought I was having a good week!

0
0
0.000
Reply
avatar

I thought it was owned by a Solana team not until you pointed them as a third party.

0
0
0.000
Reply
avatar

When you build a DeFi project, you need to test massively against exploits to be safe and secure the funds of investors.

0
0
0.000
Reply
avatar

Risk 10M on a field trip, I always assume that it's an insider job. You write it, you know it, you have a bad weekend in vegas so you come back and exploit it.

0
0
0.000
Reply
avatar

untitled.gif

people still try to build more algo stablecoins?

0
0
0.000
Reply
avatar

In this case, they were able to make around $3.5 million dollar profit. The price of ANA dropped around 90% as a result of this- This way, the attacker could steal $3.5 million from the Nirvana treasury, repay the USDC loan, and then move the stolen funds to an Ethereum wallet converting it to DAI stablecoin.

0
0
0.000
Reply
avatar

From $8 to less than $2 is a terrible plunge. I hope LeoFinance devs learn from news such as this to guard against such occurrences with PolyCUB and CubDeFi.

Posted Using LeoFinance Beta

0
0
0.000
Reply
avatar

Solana had another unsuccess story... What a surprise ... Not

0
0
0.000
Reply