Key Takeaways
- Laine noted that the vulnerability, if exploited, could have led to network disruption.
- Once 70% of the network was patched, the vulnerability was finally disclosed to the public.
The Solana blockchain addressed a major security vulnerability before making the information public. On August 9, Solana validator Laine reported on X that a โcritical security vulnerabilityโ was fixed by developers, validators, and client teams working within the Solana ecosystem.
Laine revealed that on August 7, they received a message from multiple members of the Solana Foundation about an upcoming critical patch. The message included a hashed identifier of the incident and a specific date and time for the patch.
โThe hash shared in this message was published by multiple prominent members of Anza, Jito, and Solana Foundation on Twitter/X, Github, and even LinkedIn in order to confirm the veracity of the message,โ Laine said.
The patch aimed to protect the network from a potential outage. Laine noted that the vulnerability, if exploited, could have led to network disruption.
To prevent this, validators began applying the patch as directed, with the fix being implemented first by a superminority and then by a supermajority of the network, reaching 66.66% of the stake. Once 70% of the network was patched, the vulnerability was disclosed publicly.
Laine added that at no point were operators asked to run a closed-source or private binary. The patch instructions were sent at the predetermined time of 14:00 UTC on August 8, 2028. The message, received from two separate Solana Foundation members, included instructions on downloading, verifying, and applying the patch, which was hosted on GitHub by an Anza engineer.
Solana has faced numerous network outages in recent years. In February this year, the blockchain faced a significant outage lasting nearly 5 hours.
On 14 September 2021, the Solana blockchain went offline after a surge of transactions caused the network to fork, and different validators had different views of the state of the network. The outage lasted around 7 hours.
Since January 2022, the blockchain has suffered from aroundย half a dozen significant outagesย and 15 partial or major outage days.ย The blockchain went offline again on 31 May, 2022, due to a bug in how the blockchain processes offline transactions, with the outage lasting about four and a half hours
