Key takeaways
- Solana’s rapid response to a critical flaw helped avert potential network issues.
- The security patch was applied before public disclosure to ensure network integrity.
Share this article
Solana developers, validators, and client teams have successfully patched a critical security vulnerability on the network, securing the blockchain before releasing the information to the public.
Solana validator Laine posted on X that a “critical security vulnerability” had been patched by ecosystem participants. On August 7, the company received messages from several Solana Foundation members informing them of an upcoming critical fix and a hashed message containing the unique incident ID.
Laine explained that prominent members of Anza, Jito, and the Solana Foundation published the hash on various platforms to confirm the authenticity of the message. The communication included a specific date and time to apply the patch to mainnet nodes urgently to protect the network.
According to Laine, the vulnerability could have potentially led to a network outage. The patch itself clarifies the nature of the flaw, which is why it was not disclosed earlier. If leaked, an attacker could have attempted to reverse engineer the vulnerability and potentially “bring the network down.”
To mitigate risk, the patch was only shared between trusted parties and released simultaneously for coordinated upgrades. Once 70% of the network was patched and deemed safe, the vulnerability was finally disclosed to the public.
This preemptive action follows past criticism of Solana’s network outages. Earlier this year, the network experienced significant downtime, with block production being halted for over five hours. The incident impacted cryptocurrency exchanges, leading some to suspend deposits and withdrawals of Solana-based tokens.
Critics have pointed to the network’s lack of customer diversity as a contributing factor to previous outages.
In April, Solana developers released update version 1.17.31 to address severe network congestion caused by heavy trading of meme coins. At the time, Solana Foundation chief strategy officer Austin Federa acknowledged that the protocol remained in beta, stressing that the current network did not represent its final form.
The Solana Foundation also removed several operators from its delegation program in June due to their involvement in malicious sandwich attacks, improving network integrity.
Share this article
