Raydium
Solana
Last audited on 2024/08/19
No active critical issues
This project has no reported issues.
Reported rekts
Raydium
fixed/high
Quick Summary The private key of the Pool Owner account was compromised. The attacker drained nine Raydium’s constant product liquidity pools having stolen crypto worth around 4.4m USD. Details of the Exploit The affected pools are ETH-USDC, RAY-SOL, RAY-USDC, RAY-USDT, SOL-USDT, SOL-USDC, stSOL-USDC, UXP-USDC, ZBC-USDC. The funds draining was performed through repeatedly calling the withdrawPNL function that allows to withdraw fees from the pools. The expected fees to be withdrawn were increased with the SetParams and AmmParams::SyncNeedTake functionality. Block Data Reference The pool owner account: https://solscan.io/account/HggGrUeg4ReGvpPMLJMFKV69NTXL1r4wQ9Pk9Ljutwyv [https://solscan.io/account/HggGrUeg4ReGvpPMLJMFKV69NTXL1r4wQ9Pk9Ljutwyv]