TL;DR
- Critical Vulnerability Patched: Solana developers and contributors patched a major security vulnerability, securing 70% of the network’s stake before disclosing the issue to the public.
- Coordinated Response: The patch process began on August 7 with a hashed message from Solana Foundation members, leading to a coordinated upgrade across the network.
- Past Network Issues: Solana has faced multiple network outages since 2021, highlighting the ongoing challenges in maintaining blockchain stability and security.
The Solana ecosystem recently faced a significant security threat, which was quietly addressed by its contributors and developers. The team managed to patch 70% of the network’s stake before the vulnerability was publicly disclosed, ensuring the network’s safety.
Anatomy of a patch
In the past few hours a critical security vulnerability and patch were disclosed on Solana, this public disclosure occured after a supermajority of stake had already been patched to protect the network. Let's look at how this process unfolded and how 70% of…
— Laine ❤️ stakewiz.com (@laine_sa_) August 9, 2024
According to Solana validator Laine, the process began on Wednesday, August 7, when members of the Solana Foundation contacted the team about an upcoming critical patch. They shared a hashed message to verify the authenticity of the communication.
Key figures from Anza, Jito, and the Solana Foundation shared this hash across social media platforms such as Twitter/X, GitHub, and LinkedIn. By Thursday, comprehensive guidelines for applying the patch were sent out to multiple stakeholders, leading to the securing of 66.6% of the network’s stake.
Once 70% was patched, the network was considered safe, and the vulnerability and patch were disclosed publicly, urging all remaining operators to upgrade.
Urgent Response from Solana Labs
Solana Labs issued an announcement on Discord, emphasizing the urgency of the situation. “Core contributors have identified a network security issue that requires an urgent response,” the announcement read. “v1.18.21 with a patch will be available in 30 minutes. Please be prepared to upgrade as soon as the announcement is sent.”
One X user questioned why Solana did not disclose the details of the patch on August 7. Laine responded, explaining that revealing the patch details would have made the vulnerability clear, allowing an attacker to reverse engineer it and potentially halt the network before a sufficient amount of stake was upgraded.
Solana’s Past Network Glitches
In April, Anatoly Yakovenko, co-founder of Solana, announced that a bug affecting the blockchain ecosystem’s functionality had been successfully fixed. He emphasized that these types of bugs are often more intricate than just ensuring the network remains active and usable for its users.
According to CryptoManiaks, Solana has experienced nine blockchain network outages since 2021, totaling 150 hours of downtime. At the time of writing, Solana’s SOL token is trading at $155, down nearly 1% in the last 24 hours.
The swift and coordinated response by Solana developers, validators, and client teams highlights the importance of proactive measures in maintaining blockchain security. This incident underscores the ongoing challenges and complexities in ensuring the stability and reliability of blockchain networks.
