...
...
Haider Jamal

Aug 10, 2024

Critical Solana Vulnerability Gets Quietly Patched

This week, Solana developers discreetly addressed and resolved a major vulnerability with little public attention. On one hand, the covert nature of the fix prompts questions about the decentralization of the blockchain, which ranks third in terms of total-value locked. On the other side, it is somewhat reassuring that the vulnerability did not result in a network outage.

 

Discord Saves The Day

In a post titled Anatomy of a Patch on August 8th, the pseudonymous Laine revealed that the rapid resolution was facilitated by advance notice given to major validators. A Discord alert on August 7th indicated that core contributors had identified a critical vulnerability requiring immediate action. Within minutes, validators controlling over 70% of the Solana network had implemented the fix.

According to Solana Beach, the network currently has 1,515 validators, with Helius, Galaxy, and Coinbase holding the largest stakes at 3.39%, 3.36%, and 2.89% respectively. Laine mentioned that the Discord alert advised validators to anticipate a follow-up message about the imminent patching scheduled for 10AM EST on August 8th.

 

Questions of Decentralization

Through ongoing research by Solana Foundation members and projects like Anza, Jito, Jump, Firedancer, and others, the community managed to achieve initial consensus through 19% of validators, which then grew to a supermajority of 67% to apply the patch. Once the supermajority was secured and the network appeared ostensibly safe, Solana contributors reached out to other validators to prompt the upgrade.

Still, many have asked if Solana truly embodies decentralization, how could a critical vulnerability be detected and patched by 70% of the validator set so quickly. Additionally, why is it that coordination occurred behind closed doors while much of the Solana ecosystem remained unaware of a potential threat.

Laine suggests that maintaining confidentiality was crucial to deter malicious actors. In response to concerns about centralization, Anza engineer trent.sol defended the approach, stating that this sort of patch need not be disclosed to the public as doing so would only complicate matters.

 

Press Releases

...
Terra
Do Kwon Trial Begins Despite The Founder

8 months ago Mar 26, 2024

The civil fraud trial involving Ter... Read more

...
Goldman
Goldman Sachs Clients Look To Get Back

8 months ago Mar 25, 2024

Institutional clients served by the... Read more

...
Payments
New Payment Limit For Crypto Wallets Scrapped

8 months ago Mar 25, 2024

The recent Anti-Money Laundering re... Read more

...
Bitcoin
Bitcoin Undergoes Price Correction As International Economies

8 months ago Mar 24, 2024

A significant portion of the crypto... Read more

Join Our Newsletter

Get the latest trends and updates on our crypto community.