Solana developers address critical vulnerability with coordinated patch

Quick Take

  • Solana developers, validators, and client teams worked together to address a critical security vulnerability.
  • The developers ensured a supermajority of the network stake was patched before public disclosure.

Solana developers, validators, and client teams addressed a critical security vulnerability by securing a supermajority of its network stake before publicly disclosing the issue.

The process started on Wednesday, Aug. 7, 2024, when the Solana Foundation contacted known network operators through private channels, according to Solana validator Laine. This initial contact was part of a strategy to patch the vulnerability discreetly so it couldn’t be exploited in any way.

Laine added that the patch, made available via an Anza engineer's GitHub repository, enabled operators to independently verify and apply the changes. By Thursday, Aug. 8 at 14:00 UTC, detailed instructions for implementing the patch were distributed to various stakeholders, resulting in 66.6% of the network’s stake being secured.

The vulnerability was publicly disclosed after 70% of the network had implemented the patch. Then, Solana Labs issued a Discord announcement urging all remaining operators to update their systems. The statement read: “Core contributors have identified a network security issue that requires an urgent response. v1.18.21 with a patch will be available in 30 minutes. Please be prepared to upgrade as soon as the announcement is sent.”


Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.

© 2024 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s Crypto Ecosystems Editor and has spent over seven years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal can be reached on Twitter at @vishal4c and via email at [email protected]

Editor

To contact the editor of this story:
Timmy Shen at
[email protected]

WHO WE ARE

The Block is a news provider that strives to be the first and final world on digital assets news, research, and data.

+ Follow us on Google News
Connect with the block on