CertiK Helped Fix a DoS Vulnerability in Solanaâs Big-Integer Modular Exponentiation - CertiK
ID: 40db688a-4522-58f7-a736-35dd13d98b07
STIX ID: report--40db688a-4522-58f7-a736-35dd13d98b07
Feed Name: CertiK Blog
Threat Score
This report details a serious CU-accounting vulnerability in Solana's big_mod_exp syscall where byte/bit unit confusion underbills compute consumption, allowing 4,096-bit modular exponentiation calls to run far longer than charged and be retried repeatedly—enabling a remote DoS that was reproducible on a private cluster; the issue was reported by CertiK and mitigated by Solana via CU recalibration.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.