In March 2022, the Solana-based Cashio stable coin CASH was the victim of a hack exploiting an “infinite mint” vulnerability.  The value of the CASH token plunged to $0.00005 after the attacker stole over $52 million in tokens from the protocol.

Inside the Attack

To mint new CASH tokens, a user needs to deposit collateral.  This collateral can be deposited into a collateral account owned by the protocol if the deposit passes a series of checks designed to validate that the deposited tokens match the type held within the protocol’s accounts.

As part of the validation process for crate_collateral_tokens, the contract checked that the token type matched that of the saber_swap.arrow account.  However, there was no validation of the mint field within the saber_swap.arrow account.  The attacker could make a fake saber_swap.arrow account that would allow it to create a fake crate_collateral_tokens account that would allow the deposit of worthless collateral.

The other piece of the attack was a missing check for depositor_source, which has the same requirement that the token type should match that of the collateral.  It is possible to set the collateral token type if a user owns a bank, which can be created with a call to crate_mint.

With a fake bank, the attacker could deposit fake collateral that would pass all of the checks due to the issues in crate_collateral_tokens.  However, the code failed to verify that the token associated with the bank and the one being minted are the same.

As a result, a bank with a worthless token could be used to mint real CASH tokens.  This allowed the attacker to drain value from the protocol by depositing worthless collateral and minting real CASH tokens.

Lessons Learned From the Attack

The Cashio hack was made possible by missing validation code.  While the smart contract included numerous checks designed to validate collateral deposits, two essential ones were missing, enabling a $52 million hack and the destruction of the stablecoin’s peg to the USD.

These vulnerabilities may have been detected by a smart contract audit.  However, Cashio was an unaudited project, resulting in the vulnerability being discovered – and exploited – by an attacker.

Rob Behnke