Solana Discreetly Patches a Possible Critical Security Vulnerability: SOL Validator

Solana ecosystem players have silently prevented a major security vulnerability on the SOL network, while maintaining confidentiality. Solana contributors and developers were able to patch 70% of stake, before the vulnerability was finally revealed to the public.

According to a Solana Validator Laine, the process stated on Wednesday, August 7, after known members of the Foundation contacted the team about an upcoming critical patch and a hashed message.

“The hash shared in this message was published by multiple prominent members of Anza, Jito and Solana Foundation on Twitter/X, Github and even LinkedIn in order to confirm the veracity of the message,” Laine wrote.

Anatomy of a patch

In the past few hours a critical security vulnerability and patch were disclosed on Solana, this public disclosure occured after a supermajority of stake had already been patched to protect the network. Let's look at how this process unfolded and how 70% of…

— Laine ❤️ stakewiz.com (@laine_sa_) August 9, 2024

By Thursday, detailed instructions for implementing the patch were distributed to various stakeholders. This resulted in 66.6% of the network’s stake being secured.

“Once 70% was patched the network was ostensibly safe and the existence of the vulnerability and the patch were disclosed in public with a call for all remaining operators to upgrade.”

Later, Solana Labs issued an announcement on Discord, urging all operators to upgrade their systems.

“Core contributors have identified a network security issue that requires an urgent response,” the announcement read. “v1.18.21 with a patch will be available in 30 minutes. Please be prepared to upgrade as soon as the announcement is sent.”

One X user sought answer to why Solana did not disclose the details of the patch on Aug 7.

Laine wrote in response: “Because the patch itself makes the vulnerability clear so an attacked could try reverse engineer the vulnerability and halt the network before a sufficient amount of stake upgraded.”

Because the patch itself makes the vulnerability clear so an attacked could try reverse engineer the vulnerability and halt the network before a sufficient amount of stake upgraded.

— Laine ❤️ stakewiz.com (@laine_sa_) August 9, 2024

Solana’s Past Network Glitches

In April, Solana co-founder Anatoly Yakovenko revealed that the bug causing reduced functionality in the blockchain ecosystem, had been “patched.”

Yakovenko noted that bugs like these was more complex than keeping a network active and operational for users. Per data from CryptoManiaks, Solana has witnessed nine blockchain network outages since 2021. The network has suffered 150 hours of downtime.