Cashio: Infinite mint via incomplete collateral validation — fake account chain bypasses all verification
An attacker minted 2 billion $CASH by exploiting a gap in Cashio's collateral validation that never checked the `.mint` field — creating a chain of fake Solana accounts that each vouched for the others.
Summary #
Cashio suffered a Algorithmic Stablecoin / Mint Protocol on 2022-03-23, resulting in a loss of approximately $48M.
What happened #
An attacker minted 2 billion $CASH by exploiting a gap in Cashio's collateral validation that never checked the `.mint` field — creating a chain of fake Solana accounts that each vouched for the others.
Linked factors #
- RD-F-004 — causal : Audit count likely 0; floor display [via dashboard_risk_factors/Vulnerability in audited or unaudited code: Unaudited code]
- RD-F-007 — causal : Direct: bug bounty presence + max payout [via cross-hack: Factor 9: No Bug Bounty Program]
- RD-F-061 — causal : Protocol trusts LP token balanceOf for pricing — donation-manipulable [via cross-hack: Factor 12: LP Token Collateral With Incomplete Field Validation]
- RD-F-111 — causal : Team doxx status — pseudonymous-no-track-record class [via dashboard_risk_factors/Team anonymity: Partially anonymous — team did respond publicly post-exploit]
- RD-F-126 — causal : Is-a-fork-of (Cat 8 anchor) [via dashboard_risk_factors/Forked: Unknown — novel Solana stablecoin design, not a direct fork of Ethereum equivalents]