blockchainreporter
  • News
    • Altcoins
    • Bitcoin
    • Blockchain
    • Ethereum
    • Adoption
    • NFT
    • DeFi
    • Metaverse
  • Education
  • Glossary
  • Advertise
No Result
View All Result
BET NOW
blockchainreporter
  • News
    • Altcoins
    • Bitcoin
    • Blockchain
    • Ethereum
    • Adoption
    • NFT
    • DeFi
    • Metaverse
  • Education
  • Glossary
  • Advertise
No Result
View All Result
blockchainreporter
BET NOW
No Result
View All Result
Bitcoin
BTC
1d:
7d:
Ethereum
ETH
1d:
7d:
Polkadot
DOT
1d:
7d:
Solana
SOL
1d:
7d:
Ripple
XRP
1d:
7d:
Shiba INU
SHIB
1d:
7d:

Raydium Releases Detailed Post-Mortem and Next Steps after the Recent Liquidity Pool Exploit

Mushu Butt by Mushu Butt
December 18, 2022 - 11:46 am
in defi news, altcoins news
0
Raydium
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

After successfully acquiring access to the Pool Owner (Admin) account on December 16, 2022, at 12:12 UTC, a malicious actor started an exploit on the authority account of the Raydium Liquidity Pool V4 at the same time. OtterSec has published its initial overview of the attack’s scope.

Following up on the recent vulnerability in the Raydium Liquidity Pool, Raydium has just issued a comprehensive update. The purpose of this detailed post-mortem is to make an attempt to provide an in-depth overview of how the exploit was carried out, how the problem was mitigated, and the next measures that will be taken.

1/ Initial Post-Mortem: Raydium is working w 3rd-party auditors and teams across Solana to gather additional info. As of now, a patch is in place preventing further exploits from the attacker.

The following includes info up to now. Big thanks to all teams providing support https://t.co/yKRdA6BAqv

— Raydium (@RaydiumProtocol) December 16, 2022

Background of the Exploit and Latest Details

Initially, the Pool Owner account was deployed on a virtual machine with a specialized internal server. After conducting further research, it has been determined that there is no evidence to suggest that the private key associated with the Pool Owner account has ever been distributed, shared, transferred, or kept locally anywhere other than the virtual machine on which it was initially placed.

An investigation into the company’s internal security is currently underway in order to ascertain the nature of the account breach as well as the underlying reason for it. At first glance, it appears as though the attacker may have obtained remote access to either the virtual machine or the internal server where the account was deployed. It has not yet been determined which specific vector of intrusion was used. However, one hypothesis is that it was a trojan attack.

The Raydium exploiter account appears to be involved in additional illegal conduct on Solana, according to an initial investigation into the matter. An indication of this can be found in a tweet that was posted by cloudzy.sol on November 7 and describes a wallet exploit that resulted in 198 SOL being stolen. These stolen funds eventually made their way into the same account that was used to fund the primary Raydium exploiter wallet.

The attacker gained access to eight continuous product liquidity pools on Raydium and stole a combined amount of about $4.4 million worth of funds. The exploit has no effect on concentrated liquidity pools or RAY staking programs because of how they were designed. The exploit did not have any effect on any of the other pools or funds available on Raydium.

Different assets were moved by the attacker from impacted pools while the vulnerability was being used. The ‘Base’ token is the one that is located on the left side of the token pair, while the ‘Quote’ token is the one that is located on the right side of the token pair (usually stablecoin or SOL). You may see a complete listing of the funds that were stolen along with the transaction history at this link: https://github.com/raydium-io/dec_16_exploit. The breach of security was carried out in two stages.

First of all, the withdrawPNL instruction is in place to collect protocol fees for RAY buybacks. It is based on a predefined amount of assets that are determined by need take pc and need take coin, and it should be equivalent to 12% of the pool’s total earnings from fees or 3bps of the 25bps earned from swap transactions. This function was utilized by the attacker in order to remove funds (which were designated as fees) from the pool vault. The need take pc and need take coin calculations are both immediately reset to zero when the withdrawPNL command has been executed.

The second thing the attacker did was use the SetParams instruction in conjunction with the AmmParams::SyncNeedTake function to artificially inflate the balances for need take pc and need take coin. This allowed the attacker to change and increase the expected fees, and then repeatedly withdraw funds that were designated as fees from the pool vault using the withdrawPNL function.

Raydium’s Initial Mitigation of Exploit and Security Steps

At 14:16 UTC on December 16, 2022, Raydium issued a hot patch, also known as a stub, which is also known as a controllable substitute for an existing dependence for all of the applications. In other words, the authorization of the compromised account (HggGrUeg4ReGvpPMLJMFKV69NTXL1r4wQ9Pk9Ljutwyv) has been revoked, and it has been updated to a new account that is held on a hardware wallet.

The fix removed the attacker’s permission and ability to continue exploiting the pools, which withdrew their authority. At 10:27 UTC on December 17, the Raydium AMM V4 program was upgraded using Squads multisig to remove extraneous admin options that, if compromised, might potentially have an influence on money. AmmParams::MinSize, AmmParams::SyncLp, AmmParams::SetLpSupply, AmmParams::SyncK, and AmmParams::SyncNeedTake are the parameters that have been removed.

In addition, all of the admin parameters for Raydium Stable Pools, Raydium Acceleraytor, and Raydium DropZone have been removed. At approximately 15:00 UTC on December 17, all of the remaining administrative parameters, including the withdrawPNL function, were upgraded to the Squads multisig that is now being utilized for program upgrades.

Future Measures to Mitigate The Situation

Raydium is simultaneously moving closer to the next level in two different arenas. To begin, the challenge is in correctly assessing the impact that the hack has on the pools that store user LP balances. Raydium is now taking snapshots and compiling data for all LP balances and matching position sizes before the hack happened. Additionally, the company is extrapolating the difference in original balances that occurred as a direct result of the vulnerability.

For the purpose of determining a viable solution for moving forward, it is vital to ensure that an exact account of balances is determined. It is going to take some time before precise information can be obtained for all accounts and LP balances in the pools that are being affected. Second, it is monitoring the wallets of the attackers and looking into other possibilities for the recovery of the funds.

Raydium has been in communication with a number of Solana teams, third-party auditors, and centralized exchanges, all of which have provided support as well as potential leads in reference to the attacker and associated accounts. Even while there is no conclusive evidence as of yet, there is mounting evidence that links the wallets that were used in the exploit to previous NFT rug projects as well as the malicious draining of user wallets.

Raydium will keep in contact with the necessary teams and security specialists in order to investigate other potential channels for the recovery of lost funds. In exchange for returning funds, Raydium is providing a 10% bonus as an incentive. In addition to the standard bounty, Raydium offers the RAY balance that was compromised.

There is still work to be done to determine the total impact on the balances and funds held by individual users of LPs. Even though Raydium is aware that all involved parties are experiencing apprehension regarding the funds at issue, additional time is required to compile the necessary facts and information before any of the potential courses of action can be evaluated.

Tags: AltcoinsCryptocurrencyDeFiOnChainSolana
ShareTweet
Mushu Butt

Mushu Butt

Mushu Butt is an experienced freelance content writer. His focus is primarily on blockchain technology and cryptocurrency. One might even refer to him as a "blockchain enthusiast." He has been following advancements in the crypto and blockchain area for several years, researching and writing his insights in the media.In addition to being a skilled content writer, Mushu is also knowledgeable in SEO and digital marketing. He aspires to succeed as a content creator in the digital realm, dealing with customers in the finance and tech industries to generate traffic through engaging taglines and content. Mushu enjoys traveling, reading, and playing cricket when he is not writing. He now works as a news and article writer for Blockchainreporter.

Recommended For You

AmazeWallet Partners with 1inch Network to Revolutionize Web3 Experience

by Umair Younas
May 31, 2023 - 2:15 pm
0
1inch

Users will have easy access to the best market-available token trading prices because of the integration of 1inch Network's API into AmazeWallet.

Read more

EOS EVM v0.5.0 Launches, Facilitating Yield+ Liquidity Mining on EOS EVM

by Mushu Butt
May 31, 2023 - 1:12 pm
0
eos evm

EOS EVM v0.5.0 release brings Yield+ Liquidity Mining to the EOS ecosystem. A major milestone for EOS, showcasing rapid development and growth.

Read more

Chinese Police Target the Team of Stablecoin Issuer Trust Reserve, Seize Its Office

by Umair Younas
May 31, 2023 - 12:32 pm
0
Investment Promotion China

Trust Reserve is being targeted by the police in China. Due to this, the company is witnessing trouble while operating within the Chinese jurisdiction.

Read more

Bitpanda Partners with Coinbase as Rival Tradecurve Price Increases 50%

by Josh Fernandez
May 31, 2023 - 11:48 am
0
eer

Discover key crypto market trends as Bitpanda and Coinbase unite to improve trading infrastructure and enrich user experience globally.

Read more

BingX Unleashes LSD Token Trading Pair, Amplifying DeFi Potential with Lybra Finance

by Samuel Edyme
May 31, 2023 - 11:34 am
0
BingX

Earlier today, BingX, a leading centralized cryptocurrency platform, announced the launch of a new trading pair.

Read more
Next Post
okx

OKX Witnesses Irregular Outage amid the Equipment Failure at Alibaba Cloud

PARTNERS LIST

  • sp

PRESS RELEASE

imageedithAICLCD

Bumper’s Breakthrough DeFi Protocol Set to Reshape Options Pricing

by Chainwire
May 31, 2023 - 2:06 pm
0

London, United Kingdom, May 31st, 2023, ChainwireMarking a seismic shift in the digital asset landscape, DeFi platform Bumper today unveiled...

photoy

Ripple (XRP) Price Prediction – Ripple (XRP) Struggles to Hold Leading Position with HedgeUp (HDUP) and Solana (SOL) Covering Crypto Ground

by Max Clark
May 31, 2023 - 12:51 pm
0

Explore the high-stakes world of cryptocurrencies as Ripple (XRP) fights to maintain its leading position against rising contenders, HedgeUp (HDUP)...

tms network tmsn

TMS Network (TMSN) Makes Market Bullish with 3000% Gains While Kava (KAVA) Price Surges 40%

by Josh Fernandez
May 31, 2023 - 11:22 am
0

Discover the latest trends in the cryptocurrency market where TMS Network (TMSN) stuns with a 3000% growth in presale, making...

MZInvestDOjSBpFmtG

MetaZone Secures Funding to Expand the World’s First Tokenized App Platform for the Metaverse

by Chainwire
May 30, 2023 - 3:22 pm
0

Singapore, Singapore, May 30th, 2023, ChainwireMetaZone announced today the completion of its US$3 million seed round co-led by metaverse industry...

n

BlockchainReporter is a trusted name in the cryptocurrency and blockchain technology news space, keeping its readers abreast of the latest and most significant trends in the industry.

Here at BlockchainReporter, our team of global writers is dedicated to providing price analysis on leading cryptocurrencies and covering the latest developments pertaining to bitcoin news, altcoins news, blockchain news, NFT news and cryptocurrency adoption news from around the world.

News

  • Altcoins
  • Bitcoin
  • Blockchain
  • Ethereum
  • Adoption
  • NFT
  • DeFi
  • Metaverse

Info

  • Education
  • Glossary
  • Market
  • Press Release

Company

  • About Us
  • Terms & Conditions
  • Advertise
  • Sitemap
  • Contact

@2022 – Blockchainreporter.net. All Right Reserved.

No Result
View All Result
  • News
    • Altcoins
    • Bitcoin
    • Blockchain
    • Ethereum
    • Adoption
    • NFT
    • DeFi
    • Metaverse
  • Education
  • Glossary
  • Advertise