Cashio's `print` instruction on the Saber-based stablecoin minted CASH against Saber LP tokens supplied as collateral, but the `crate_collateral` account validation chain was incomplete. The program verified that the user's `collateral` token account matched a `bank` PDA, and that the `bank` referenced a `crate_token`, but it never verified that the `saber_swap.arrow` account passed in was itself the canonical arrow for that collateral mint — the constraint only checked the arrow pointed at the collateral, not that the arrow was authorized. The attacker constructed a fake Saber pool, minted worthless fake-LP tokens, deposited them as `collateral`, and the `print_cash` logic credited their account as if real BTC-USDC LP was deposited. Two transactions minted ~2 billion CASH which was swapped to USDC/UST and bridged out. Root cause is a missing PDA-derivation/ownership check in the account-constraint graph — a classic Solana account-confusion bug.
Classification: Protocol Logic. Technique: Collateral Validation Exploit. Target type: DeFi Protocol. Affected chains: Solana. Implementation language: Rust.
- chain
- solana
- protocol
- Cashio
- bug_class
- logic
- date_occurred
- 2022-03-23
- loss_usd
- $48,000,000
- classification
- Protocol Logic
- technique
- Collateral Validation Exploit
- target_type
- DeFi Protocol
- language
- Rust
- source_id
- dl:793