Mango Markets is a trading platform built on Solana. It leverages the Serum DEX for spot and margin trading, while perpetual contract trading take place on Mango’s own orderbooks.
As is typical of exchanges that allow for margin trading, users can deposit assets as collateral and borrow against them.
Herein lay the problem: Mango Markets allowed the platform’s governance token – with a relatively low market capitalization and illiquid orderbooks – to be used as a collateral asset.
This exploit was unique in that the attacker came forward to claim credit.
On October 15, Avraham Eisenberg described the exploit as “a highly profitable trading strategy.” The team he was a part of pumped the price of the MNGO token, which then allowed them to borrow against this inflated value until the protocol was left insolvent.
This insolvency was not the result of a smart contract flaw or any other sort of hack. The protocol functioned as it was designed. The designers just failed to take into account the risk of allowing illiquid tokens to be used as collateral.
Eisenberg proposed returning the funds in exchange for a bounty, which is eventually what happened after a vote by the Mango DAO.
Eisenberg and co. were left with a sizable $47 million “white hat” bounty in return for their stress test of Mango Markets.
Since this exploit there have been a number of almost identical incidents in the fourth quarter of 2022, all of which involve illiquid tokens being used as collateral assets.
Moola Markets lost over $8 million in November, and Lodestar Finance lost $6.9 million in December.
These exploits highlight the importance of secure protocol design in addition to secure smart contract code. A contract can function exactly as intended, but if that intention opens the door to a vulnerability the result can be just as costly as any flaw in the code.