On August 9, Solana validator Laine posted on X that a “critical security vulnerability” had been addressed by developers, validators, and client teams working within the Solana ecosystem. Laine adds, “this public disclosure occured after a supermajority of stake had already been patched to protect the network.”
Anatomy of a patch
In the past few hours a critical security vulnerability and patch were disclosed on Solana, this public disclosure occured after a supermajority of stake had already been patched to protect the network. Let’s look at how this process unfolded and how 70% of…
— Laine ❤️ stakewiz.com (@laine_sa_) August 9, 2024
The Solana Foundation began the process on August 7 by discreetly contacting well-known network operators as part of a covert plan to prevent the vulnerability from being exploited. The fix was made public through the Anza engineers’ GitHub repository, allowing operators to check and apply the changes independently.
“The first message was received on Wednesday, 7 August 2024 at 14:56 UTC, advising of an upcoming critical patch and sharing a hashed message confirming the date and unique identifier of the incident […] The message provided a specific date and time at which to expect receipt of the patch in order to urgently apply this to Mainnet nodes to protect the network, as the patch itself discloses the vulnerability, time therefore being critical once it is first circulated.” Laine
According to Laine, the vulnerability could have caused an outage on the Solana network. The validator stated that the fix addresses the vulnerability. As a result, if the patch leaked, an attacker could attempt to reverse engineer the vulnerability, potentially ‘halting the network.’
The silent Solana patch has sparked discord; however, the majority believe it was the right decision to avoid a breach. The Solana network has experienced past outages. For example, on February 6, the network experienced an outage, with block production halting for more than five hours. This had an impact on crypto exchanges, with some suspending deposits and withdrawals for Solana-based tokens.
Also Read: Bitcoin Park Hosts Michael Saylor: “Love it or Hate it, Bitcoin Is Here to Stay”