Mango Markets

Mango Markets Exploit - Post-Mortem

Date: October 12, 2022

What Happened

Solana's flagship margin trading protocol Mango Markets suffered a significant attack resulting in "$115M of bad debt" left in the protocol's lending pools.

Attack Vector & Exploit Steps

The attacker executed a price manipulation scheme:

1. Funding: The attacker's address received over $5M in USDC from FTX—"$2M and $3.5M USDC" deposited into Mango Markets

2. Position Setup: Used these funds to establish a large MNGO-PERP (perpetual futures) position

3. Price Spike: Counter-traded against the position from another account, manipulating the spot price of MNGO token from $0.03 to $0.91

4. Collateral Extraction: While MNGO price remained elevated, drained lending pools using unrealized profits as collateral

5. Liquidation Cascade: The manipulation triggered "over 4000 short liquidations"

Technical Root Cause

The vulnerability stemmed from MNGO token's "low liquidity and volume," enabling price manipulation. Mango Markets later clarified this was "not an oracle failure, but rather genuine price manipulation."

Financial Impact

• Bad Debt Created: $115M shortfall in the attacker's account

• Available Treasury: $70M remaining

• Shortfall Gap: ~$50M uncovered

• Network Effect: Solana's TVL dropped "over 20%"

Attacker's Address

Attacker's Mango account: 4ND8FVPjUGGjx9VuGFuJefDWpg3THb58c277hbVRnjNa

Remediation Proposal

The attacker proposed a governance solution requesting "~$65M" in assets and immunity from criminal investigation. The attacker voted with "32M votes" stolen during the attack.

Notable Context

A community member had raised "concerns within the Mango community over six months ago" regarding similar attack vectors, which went unaddressed.