Solana Discreetly Patches a Possible Critical Security Vulnerability: SOL Validator
Solana Discreetly Patches a Possible Critical Security Vulnerability: SOL Validator
Author Sujha Sundararajan Author Sujha Sundararajan About Author Sujha has been recognised as 🟣 Women In Crypto 2024 🟣 by BeInCrypto for her leadership in crypto journalism. Author Profile Share Copied Last updated: August 9, 2024 06:58 EDT
Why Trust Cryptonews With over a decade of crypto coverage, Cryptonews delivers authoritative insights you can rely on. Our veteran team of journalists and analysts combines in-depth market knowledge with hands-on testing of blockchain technologies. We maintain strict editorial standards , ensuring factual accuracy and impartial reporting on both established cryptocurrencies and emerging projects. Our longstanding presence in the industry and commitment to quality journalism make Cryptonews a trusted source in the dynamic world of digital assets. Read more about Cryptonews
Solana ecosystem players have silently prevented a major security vulnerability on the SOL network, while maintaining confidentiality. Solana contributors and developers were able to patch 70% of stake, before the vulnerability was finally revealed to the public.
According to a Solana Validator Laine, the process stated on Wednesday, August 7, after known members of the Foundation contacted the team about an upcoming critical patch and a hashed message.
“The hash shared in this message was published by multiple prominent members of Anza, Jito and Solana Foundation on X">Twitter/X, Github and even LinkedIn in order to confirm the veracity of the message,” Laine wrote.
Anatomy of a patch
In the past few hours a critical security vulnerability and patch were disclosed on Solana, this public disclosure occured after a supermajority of stake had already been patched to protect the network. Let's look at how this process unfolded and how 70% of… — Laine ❤️ stakewiz.com (@laine_sa_) August 9, 2024
By Thursday, detailed instructions for implementing the patch were distributed to various stakeholders. This resulted in 66.6% of the network’s stake being secured.
“Once 70% was patched the network was ostensibly safe and the existence of the vulnerability and the patch were disclosed in public with a call for all remaining operators to upgrade.”
Later, Solana Labs issued an announcement on Discord, urging all operators to upgrade their systems.
“Core contributors have identified a network security issue that requires an urgent response,” the announcement read. “v1.18.21 with a patch will be available in 30 minutes. Please be prepared to upgrade as soon as the announcement is sent.”
One X user sought answer to why Solana did not disclose the details of the patch on Aug 7.
Laine wrote in response: “Because the patch itself makes the vulnerability clear so an attacked could try reverse engineer the vulnerability and halt the network before a sufficient amount of stake upgraded.”
Because the patch itself makes the vulnerability clear so an attacked could try reverse engineer the vulnerability and halt the network before a sufficient amount of stake upgraded. — Laine ❤️ stakewiz.com (@laine_sa_) August 9, 2024
Solana’s Past Network Glitches
In April, Solana co-founder Anatoly Yakovenko revealed that the bug causing reduced functionality in the blockchain ecosystem, had been “patched.”
Yakovenko noted that bugs like these was more complex than keeping a network active and operational for users. Per data from CryptoManiaks, Solana has witnessed nine blockchain network outages since 2021. The network has suffered 150 hours of downtime.