Solana network patched a critical vulnerability.

Patch distribution was confidential to validators before public disclosure. 

Network users raised concerns about transparency.  Despite its reputation for scalability, the Solana network has seen several major outages over the past year. The most recent one was in February, when the whole network was down for five hours. However, the latest reports suggest the network narrowly avoided another such outage.  Sponsored Most recently, Solana’s validators revealed that the network underwent a secret security update, narrowly avoiding disaster. Still, the undisclosed update has raised questions about the transparency and centralization of its operations.Solana Foundation Quietly Rolls Out Critical PatchA secret patch narrowly prevented a major disaster for the Solana network. On Friday, August 9, Solana validator firm Lane revealed how, over the three days prior, a group of high-level insiders pushed a secret patch to fix a critical vulnerability that could have caused a network-wide outage. Instead of going public with the patch request and potentially revealing the vulnerability to attackers, the Solana Foundation took a quiet approach. Its representatives contacted a large number of Solana validators through private messages. To confirm the legitimacy of communication, each message included a hashed message (unique identifier), later published on public platforms. At a pre-determined time, validators received a follow-up message with instructions on downloading and verifying the patch. An engineer from Anza, Solana’s core development group hosted the patch on a GitHub repository. The effort was a success, as, by Thursday, August 8, validators controlling over 70% of all staked assets had already implemented the patch. Why Solana Foundation Kept the Patch ConfidentialDespite the rapid response and the apparent success in securing the network, the patching process has raised concerns about centralization and transparency. Critics argue that the ability to coordinate such a swift patching effort among a supermajority of validators suggests too much centralization in the network. Supporters of Solana have defended the process, emphasizing the need for confidentiality in handling critical vulnerabilities. One of the validators, Laine, explained that this was done to avoid potential exploitation before the patch was live.  Sponsored Whether or not the process should have been more transparent, it is clear that any potential outage would have caused serious damage to the network.  On the Flipside In February, after the last major outage, critics raised concerns over the Solana network’s reliability. 

Despite the initial fall after the outage, the SOL token quickly rebounded. This indicated that investors were confident in the Solana ecosystem’s ability to fix its technical issues.    Why This MattersThe secretly patched vulnerability had the potential to cause a network-wide outage for Solana, significantly hurting its reputation and credibility. Read more about Solana’s last outage: Solana Outage Post-Mortem Raises More Questions Than AnswersRead more about Solana’s ETF chances after the approval in Brazil: Here’s How First Solana ETF Approval in Brazil Changes the Game