Solana faces new security hurdle amid history of outages

Today, enjoy the Lightspeed newsletter on Blockworks.co. Tomorrow, get the news delivered straight to your inbox. Subscribe to the Lightspeed newsletter.

Hi!

It’s Friday, there has been no downtime in Solana and I am currently working from Nashville.

Have a great weekend. Yee-haw.

Behind the scenes of Solana’s ‘urgent’ security issue

Things appeared to be getting dicey for the Solana network yesterday when a Discord alert was raised stating that core contributors had found a security issue that warranted an “urgent response” and that a fix was imminently available.

Given Solana’s history of power outages, some on the grid held their breath as the situation evolved.

“Prepare for pain, guys,” Helius CEO Mert Mumtaz wrote on X, adding in a reply that “it’s upgrade time Thursday night.”

But just seven minutes after the alert was issued, validators representing over 70% of Solana’s stake had already implemented the fix, Anza engineer @trent.sol said on X, adding that “liveness needs to be protected.”

This is remarkably fast, and one of my sources speculated that major validators had likely been contacted about the vulnerability in advance. This turned out to be accurate, as validator Stakewiz’s pseudonymous Laine wrote on X — a post that appeared to have been validated by several key Solana players. A Solana Foundation spokesperson also said that Laine’s version of events was accurate.

Laine said that several Solana Foundation members reached out to them on Wednesday across multiple platforms saying that Solana had a critical security issue and that Stakewiz should be ready to patch by 10 a.m. ET on Thursday. Several other core members sent similar messages over the next 24 hours — Laine mentions Jito, Anza, and Jump Crypto in various parts of his message.

At the appointed time, members of the Solana Foundation pushed the patch, which was hosted on an Anza engineer’s GitHub. Anza develops Solana Labs’ original validator client (now called Agave).

Once 70% of Solana shareholders implemented the patch, Solana was “apparently safe” from attack, Laine said. The Solana blockchain works in such a way that a supermajority of 66.6% of shareholders can vote to allow the network to reach consensus despite any potential attack. I should note: It’s still unclear exactly what the security issue was, though one source told me a postmortem would be conducted at some point.

All of this raised some eyebrows, as a seemingly decentralized blockchain was working with distributed validators behind the scenes to coordinate the implementation of a fix. Solana core’s response seemed to be that it was a measure born of necessity.

“You don’t fix this stuff in public,” the Anza engineer told one critic, later adding that decentralization had “multiple dimensions.” In another message, Laine said the bug had to be fixed confidentially because the patch clearly indicated the vulnerability, and making it public too early could allow a malicious actor to try to shut down the network.

In his longer post, Laine pointed out that while validators are spread out across the globe, many of them know each other through Discord, Telegram chat groups, and in-person conferences. In other words, if there’s a security issue that needs to be addressed, the Solana Foundation knows how to get in touch.

One X user said that Solana’s ability to mobilize resources to fix a bug was a result of the network’s experience handling downtime in the past.

“(S)tudy the failures,” trent.sol wrote in response, invoking a popular ironic cryptography trope. “(S)ome lessons in there.”

The Solana Foundation did not respond to a request for comment as of press time.

— Jack Kubinec

Zero in

9

That’s the number of major or partial outages Solana has experienced in its four years of existence, according to Solana’s uptime tracker.

Five of those outages occurred during a difficult 2022 for blockchain. There was one outage in 2023 and another in February of this year.

Solana outages are a common problem that critics of the network point out, and while downtime is just part of the modern internet-based world (hello CrowdStrike), its community will certainly be happy that Solana didn’t experience double-digit outages yesterday.

— Jack Kubinec

The pulse

In case you missed it this week in Solanaland:

In a world first, the Comissão de Valores Mobiliários (CVM) has approved the launch of the first-ever Solana spot ETF in Brazil. The ETF, offered by QR and managed by Vortx, will use the CME CF Solana dollar reference rate for pricing to provide a standardized and accurate valuation of Solana in USD.

Russian President Vladimir Putin has signed a law legalizing cryptocurrency mining, making it a recognized part of the digital currency business. Only Russian legal entities and registered entrepreneurs can participate. While not specifically related to Solana, this development could pave the way for SOL to be adopted in the Russian market as the regulatory landscape becomes more favorable to all blockchain technologies.

The launch of the RTR token, which was rumored to be an official Trump memecoin, caused a massive surge in its market cap to $155 million on Solana. However, the excitement was short-lived as the Trump family denied the rumors, causing RTR’s value to plummet by 90%.

DAWN announced an $18 million funding round led by Dragonfly Capital to build the first DePIN protocol to deliver decentralized broadband using multi-gigabit wireless technology on Solana. The project aims to enable users to operate as network hosts, transforming the Internet from a provider-owned model to a consumer-owned model.

Anchorage Digital Bank NA has expanded its custody support to include SPL tokens on Solana. As the only federally licensed crypto bank in the United States, Anchorage Digital’s inclusion of Solana’s native tokens could further strengthen Solana’s position within institutional finance.

Switchboard has announced its partnership with Jito to power its (Re)staking platform. This initiative aims to improve the security and flexibility of Switchboard’s oracle network on Solana. This collaboration aims to increase liquidity and improve network performance, aligning incentives for node operators and paving the way for more efficient dapps on Solana.

— Jeffrey Albus

A good DM

A message from Chris Hermida, co-founder of Standard:

Solana faces new security hurdle amid history of outages

Start your day with the best cryptocurrency news from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection of crypto, macroeconomics, politics, and finance with Ben Strack, Casey Wagner, and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed Newsletter is the latest Solana news delivered to your inbox every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.