Marginfi, a Solana-based lending and borrowing protocol, has patched a critical vulnerability in its flash loan mechanism that briefly placed more than $160 million in user deposits at risk.
The bug, disclosed by security researcher Felix Wilhelm through Marginfi’s bug bounty program, would have allowed an attacker to borrow funds without repaying them. The issue was resolved before any exploit occurred, and no funds were lost, according to Asymmetric Research’s report.
Flash loans, a common DeFi feature, allow users to borrow nearly all available liquidity on the condition that the funds are repaid within the same blockchain transaction. Solana protocols typically enforce this by introspecting instructions in a transaction to ensure a repayment step is included.
According to Asymmetric, Marginfi followed this approach but introduced a new instruction, transfer_to_new_account, that unintentionally bypassed repayment checks. This meant liabilities could be shifted to a new account mid-loan, enabling funds to be drained without triggering safeguards.
The report indicates that the Marginfi team swiftly deployed a patch to block account transfers during flash loans and prevent disabled accounts from being used for repayment. While Solana’s architecture limits some common Ethereum-style exploits, the vulnerability underscores that logic errors remain a critical threat.
The swift resolution demonstrates the role of bug bounty programs in preventing systemic losses. Similar past incidents, including attacks on Mango Markets and other Solana-based protocols, have shown how flash loan vulnerabilities can lead to multimillion-dollar losses.
Marginfi representatives did not respond to Blockworks’ request for comment before publication.
This is a developing story.
This article was generated with the assistance of AI and reviewed by editor Jeffrey Albus before publication.
Get the news in your inbox. Explore Blockworks newsletters:
Source: https://blockworks.co/news/marginfi-flash-loan-bug
