- The Solana network has patched a critical vulnerability.
- Patch deployments were kept secret only to validators before being released to the public.
- Network users have expressed concerns about transparency.
Despite its reputation for scalability, the Solana network has suffered several major outages over the past year. The most recent outage was in February, when the entire network went down for five hours. However, recent reports say the network narrowly avoided another outage.
Most recently, Solana’s validators revealed that the network had undergone a secret security update that narrowly avoided disaster. Nevertheless, the undisclosed update raised questions about the transparency and centralization of its operations.
Solana Foundation quietly releases critical patch
A secret patch narrowly averted a major disaster for the Solana network. On Friday, August 9, Solana’s validation firm Lane revealed that a group of high-level insiders had pushed a secret patch three days earlier to fix a critical vulnerability that could have caused a network-wide outage.
Instead of making a patch request public and disclosing the vulnerability to attackers, the Solana Foundation took a quiet approach. Representatives contacted many Solana validators via private messages. To verify the legitimacy of the communication, each message included a hashed message (a unique identifier) that was later published on the public platform.
At a pre-determined time, validators received a follow-up message with instructions on how to download and verify the patch. Anza engineers, Solana’s core development group, hosted the patch on their GitHub repository. The effort was successful. By Thursday, August 8, validators controlling over 70% of all staked assets had already implemented the patch.
Why the Solana Foundation kept the patch a secret
Despite the rapid response and apparent success in securing the network, the patching process has raised concerns about centralization and transparency. Critics argue that the ability to coordinate such rapid patching among a large number of validators is excessively centralized in the network.
Because the patch itself makes the vulnerability clear so an attacked could try reverse engineer the vulnerability and halt the network before a sufficient amount of stake upgraded.
— Laine ❤️ stakewiz.com (@laine_sa_) August 9, 2024
Solana supporters have defended the process, emphasizing the need for confidentiality when dealing with critical vulnerabilities. One of the validators, Line, explained that this was done to avoid potential exploits before patches were released.
Whether or not the process could have been more transparent, it is clear that any potential outage would have caused significant damage to the network.
On the other side
- In February, after the last major power outage, Critics have expressed concerns About the stability of the Solana network.
- Despite the initial drop after the blackout, the SOL token Recover quickly. This shows that investors are confident in the Solana ecosystem’s ability to solve technical problems.
Why this matters
A secretly patched vulnerability could have caused a network outage across Solana, severely damaging Solana’s reputation and credibility.
Learn more about Solana’s last blackout:
Solana Blackout Postmortem Analysis Raises More Questions Than Answers
Learn more about Solana’s ETF potential after approval in Brazil:
Learn how Brazil’s first Solana ETF approval changes the game