Solana Developers Quietly Patched a Critical Vulnerability
The post Solana Developers Quietly Patched a Critical Vulnerability appeared on BitcoinEthereumNews.com.
Solana developers quietly found and fixed a critical vulnerability this week, with few people noticing. On one hand, the stealthy patch raises questions on how decentralized the third-largest blockchain by total-value locked is. On the other hand, some might be relieved the vulnerability didn’t cause an outage. The pseudonymous Laine from Solana’s Stakewiz validator explained in an Aug. 8 post titled “Anatomy of a patch,” that the quick fix came thanks to the fact that large validators were alerted ahead of time. A Discord alert on Aug. 7 said that core contributors had found a critical vulnerability that needed urgent patching. Within minutes, validators representing more than 70% of Solana’s network had already made the fix. Solana Beach reports that there are currently 1,515 validators on Solana. Helius, Galaxy, and Coinbase account for the largest sets, with 3.39%, 3.36%, and 2.89% of the network’s total stake. Source: Solana Beach Laine said the Discord alert urged them to be ready for a second message, and the imminent patching to take place at 10:00 EST on Aug. 8. They received private messages from two separate Solana Foundation members containing instructions. Through extensive and ongoing research from members of the Solana Foundation, and projects including Anza, Jito, Jump, Firedancer, and others, the community was able to first reach a super minority of 19%, and then a supermajority of 67% of validator consensus to institute the patch. Once the supermajority was reached, and the network was “ostensibly safe,” Solana contributors called other validators to upgrade. Decentralized? A few questions arise from this quiet patching. If Solana is decentralized, how can a critical vulnerability become known and patched by 70% of the validator set within minutes? Also, why was coordination taking place behind-the-scenes, without the majority of Solana’s ecosystem oblivious to a potentially threatening situation?…
Filed under: News - @ August 10, 2024 10:28 pm