certik

Security Analysis. Sola Incident Analysis
Skynet Certik Quest 2025.06.17

What was the root cause of the Sola exploit?
4: Public withdraw function with no access control

How did the attacker receive USDT before delivering SOLA in the swap?
3: Via a flash swap

What tool did the attacker use to launder funds after the exploits?
1: Tornado Cash

What function was used to extract tokens from the victim contract?
2: withdrawToken()

Security Analysis. Sola Incident Analysis
Skynet Certik Quest 2025.06.17

What was the root cause of the Sola exploit?
4: Public withdraw function with no access control

How did the attacker receive USDT before delivering SOLA in the swap?
3: Via a flash swap

What tool did the attacker use to launder funds after the exploits?
1: Tornado Cash

What function was used to extract tokens from the victim contract?
2: withdrawToken()
https://skynet.certik.com/quest/sola-incident-analysis