Cryptonews Altcoin News

Solana Discreetly Patches a Possible Critical Security Vulnerability: SOL Validator

Security Breach Solana

Author

Sujha Sundararajan

Author

Sujha Sundararajan

About Author

Sujha has been recognised as 🟣 Women In Crypto 2024 🟣 by BeInCrypto for her leadership in crypto journalism.

Author Profile

Last updated:

August 8, 2024

Why Trust Cryptonews

Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

Solana ecosystem players have silently prevented a major security vulnerability on the SOL network, while maintaining confidentiality. Solana contributors and developers were able to patch 70% of stake, before the vulnerability was finally revealed to the public.

According to a Solana Validator Laine, the process stated on Wednesday, August 7, after known members of the Foundation contacted the team about an upcoming critical patch and a hashed message.

“The hash shared in this message was published by multiple prominent members of Anza, Jito and Solana Foundation on Twitter/X, Github and even LinkedIn in order to confirm the veracity of the message,” Laine wrote.

Anatomy of a patch

In the past few hours a critical security vulnerability and patch were disclosed on Solana, this public disclosure occured after a supermajority of stake had already been patched to protect the network. Let's look at how this process unfolded and how 70% of…
— Laine ❤️ stakewiz.com (@laine_sa_) August 9, 2024

By Thursday, detailed instructions for implementing the patch were distributed to various stakeholders. This resulted in 66.6% of the network’s stake being secured.

“Once 70% was patched the network was ostensibly safe and the existence of the vulnerability and the patch were disclosed in public with a call for all remaining operators to upgrade.”

Later, Solana Labs issued an announcement on Discord, urging all operators to upgrade their systems.

“Core contributors have identified a network security issue that requires an urgent response,” the announcement read. “v1.18.21 with a patch will be available in 30 minutes. Please be prepared to upgrade as soon as the announcement is sent.”

One X user sought answer to why Solana did not disclose the details of the patch on Aug 7.

Laine wrote in response: “Because the patch itself makes the vulnerability clear so an attacked could try reverse engineer the vulnerability and halt the network before a sufficient amount of stake upgraded.”

Because the patch itself makes the vulnerability clear so an attacked could try reverse engineer the vulnerability and halt the network before a sufficient amount of stake upgraded.
— Laine ❤️ stakewiz.com (@laine_sa_) August 9, 2024

Solana’s Past Network Glitches

In April, Solana co-founder Anatoly Yakovenko revealed that the bug causing reduced functionality in the blockchain ecosystem, had been “patched.”

Yakovenko noted that bugs like these was more complex than keeping a network active and operational for users. Per data from CryptoManiaks, Solana has witnessed nine blockchain network outages since 2021. The network has suffered 150 hours of downtime.