Share this article

Solana developers, validators, and customer teams successfully patched a critical security vulnerability in the network and secured the blockchain before the information was made public.

Solana validator Laine stated on X that a “critical security vulnerability” had been addressed by ecosystem participants. The company received messages from multiple Solana Foundation members on August 7th advising of an upcoming critical patch and a hashed message uniquely identifying the incident.

Laine explained that prominent members of Anza, Jito, and the Solana Foundation posted the hash on various platforms to confirm the authenticity of the message. The communication included a specific date and time for the patch to be urgently applied to mainnet nodes to protect the network.

According to Laine, the vulnerability could have potentially led to a network outage. The patch itself clarifies the nature of the flaw, which is why it wasn’t disclosed earlier. If it were leaked, an attacker could have attempted to reverse engineer the vulnerability and potentially “bring the network to a standstill.”

To mitigate risk, the patch was communicated only between trusted parties and released simultaneously for coordinated upgrades. After 70% of the network was patched and deemed safe, the vulnerability was finally made public.

The preemptive action follows previous criticism of Solana’s network outages. Earlier this year, the network experienced significant downtime, with block production halted for over five hours. The incident impacted crypto exchanges, with some suspending deposits and withdrawals of Solana-based tokens.

Critics point to the lack of diversity in client configurations as a contributing factor to past outages.

In April, Solana developers released update version 1.17.31 to address severe network congestion caused by heavy meme coin trading. At the time, Solana Foundation Strategic Lead Austin Federa acknowledged that the protocol is still in beta, and stressed that the current network does not represent its final form.

The Solana Foundation also removed several operators from its delegation program in June for their involvement in malicious sandwich attacks that improved network integrity.

Share this article