VeryAI raised $10M to develop a palm-scan biometric identity verification system on Solana that uses zero-knowledge proofs to distinguish real users from AI-generated accounts without storing personal data. The platform aims to prevent sybil attacks and bot farming on crypto exchanges and fintech platforms.
A critical vulnerability in marginfi's flash loan mechanism allowed attackers to borrow funds without repayment by exploiting a new `transfer_to_new_account` instruction that could reset account state during an active flash loan, bypassing health checks. The vulnerability put $160M in deposits at risk and was responsibly disclosed and patched.
Raydium's increase_liquidity function failed to validate whether remaining_accounts[0] was the correct TickArrayBitmapExtension account, allowing attackers to manipulate tick states and drain liquidity pools by bypassing intended price boundary checks. The whitehat discovered this critical flaw on January 10, 2024, and received a $505,000 bounty.
Whitehat researcher nojob discovered a critical logic error vulnerability in Port Finance's DeFi lending protocol on Solana that could have resulted in $20-25 million in theft. The vulnerability was responsibly disclosed via Immunefi and patched without user fund loss.