Why do Solana DeFi protocols continue to be abused?

Solana’s Mango Markets and Solend have both been attacked in recent weeks.

Solana DeFi attacked again

Another Solana DeFi protocol has been exploited.

Solend, a lending and borrowing protocol built on Solana, reported that an attacker drained $1.26 million in user funds on Wednesday. The exploit resulted from an oracle attack, meaning that an attacker manipulated the oracle prices of certain volatile assets in order to lend protocol funds against them with a higher true value.

Solend acknowledged the exploit on Twitter, which showed that three loan pools were affected. “An oracle attack on USDH was detected hitting the isolated pools of Stable, Coin98 and Kamino resulting in $1.26 million in bad debts,” the protocol tweeted.

The “bad debtor” occurs when an attacker tricks a protocol’s pricing oracles into valuing collateral assets higher than they should. This gives them “credit” to borrow money from a protocol with a higher actual value than their inflated collateral. In this case, the attacker borrowed USDH stablecoin funds with no intention of paying them back, resulting in a net loss of $1.26 million for the protocol.

Shortly after the attack, fellow Solana DeFi protocol SolBlaze announced it had discovered one of the attacker’s pseudonymous identities. “We have discovered a known contact for the hacker… and have been working closely with the Solend team for the past half hour to put them in touch with the hacker to come to a resolution,” it said. It is not yet clear whether Solend can reach a resolution with the attacker to protect users’ funds.

Today’s Solend exploit is not the first time oracle price manipulation has been used to attack DeFi protocols on Solana. Last month, decentralized trading platform Mango Markets was exploited for more than $100 million when an attacker drove up the price of the protocol’s proprietary MNGO token. This allowed the attacker to make a series of large loans from various token pools, effectively draining the protocol of its liquidity.

Avraham Eisenberg, a self-proclaimed “applied game theorist” based in New York, later revealed that he carried out the attack with a team. Mango Markets reached an agreement with Eisenberg assuring him that the protocol would not sue him in exchange for $53 million of the stolen assets. While Eisenberg insists his actions were not an exploit, but rather, in his words, a “highly profitable trading strategy,” most onlookers were unconvinced.

Low liquidity, high costs

The reason attackers have successfully manipulated price oracles on Solana comes down to the low liquidity on the blockchain.

During the 2021 bull run, the total value captured in the Solana DeFi protocols soared, peaking at $10.17 billion in November, per facts from Defillama. However, almost a year into the current crypto winter, liquidity on Solana is drying up. The network is currently home to just $940 million in assets, representing a 90% drop. In addition, Solana’s on-chain activity, which acts as a raw heuristic for the amount of trading on the network, also attenuate in the past months.

Once Solana was sufficiently liquid, many DeFi protocols began allowing users to deposit lesser-known tokens as collateral to take out loans or counter-trade. While tokens like MNGO didn’t trade as much as staples in ecosystems like SOL, USDC, and ETH, the liquidity was high enough to liquidate positions if a user defaulted.

However, it turns out that being able to liquidate these collateral funds was not the main problem for protocols. With liquidity and trading activity on Solana falling daily, it has become much easier to manipulate the price of illiquid collateral tokens. Attempting an oracle attack during the peak of the bull market would have been futile and almost certainly lost money to the attacker. But under the current circumstances, such exploits have become increasingly lucrative, as long as the attacker has enough money to change prices.

Those with money deposited in Solana DeFi protocols should be wary of the risks of the current situation. While not all protocols will be vulnerable, those offering more exotic tokens as collateral may be at risk. Eisenberg has marked potential exploits using similar price manipulation methods to his attack on Mango Markets, demonstrating his active pursuit of vulnerable protocols. If liquidity on Layer 1 chains like Solana continues to decline, we are likely to see more price oracle attacks in the future, similar to the Solend and Mango Markets exploits.

Disclosure: At the time of writing this piece, the author owned SOL and several other digital assets.