Howdy!
The weekend is here, and there has been no Solana outage. I’m working right now from Nashville.
Have a great weekend. Yee-haw.
Behind the scenes of Solana’s ‘urgent’ security issue
It looked like things were going to get dicey yesterday for the Solana Network when Discord sent out an alert saying that key contributors discovered a security flaw warranting an investigation. “urgent response,” The patch will be released in the near future.
Some network members were on edge as this situation unfolded, given Solana’s past with outages.
“[P]repare for pain boys,” Mert Mumtaz is the CEO at Helius. He wrote on X adding that in a response. “it’s Thursday night upgrade time.”
Anza engineer @trent.sol told X that within seven minutes of the alert being sent out, over 70% Solana’s share had already applied the patch. “liveness should be protected.”
This is a very fast response. And one of my reliable sources told me that it’s likely large validators have been informed about the vulnerability before time. This proved to be correct, as the pseudonymous validator Laine wrote on X — a post that appeared to be validated by multiple key Solana players. Laine’s account of the events was also confirmed by a spokesperson from the Solana Foundation.
Laine stated that several members of the Solana Foundation had reached out to them across various platforms on Wednesday, saying that Solana was experiencing a serious security problem. Laine would be prepared to implement a fix at 10am ET on Thursday. Several other core members reached out with a similar message over the following 24 hours — Laine mentions Jito, Anza and Jump Crypto in various parts of their post.
Anza’s engineer hosted the patch in GitHub. Anza is responsible for developing the Solana Labs original validator client, now called Agave.
Solana gained control of 70% of the stake in his company once the patch was implemented. “ostensibly safe” Laine stated that the blockchain would protect against an attack. Solana’s blockchain is designed so that any attack can be neutralized by a supermajority vote of 66.6%. Note: it’s not clear what exactly the problem was. However, a source has told me that a report will be released at some stage.
It was a strange situation, where an apparently decentralized blockchain coordinated with distributed validators to implement a fix. Solana core responded that the patch was necessary.
“[Y]ou don’t patch shit like this in public,” Anza Engineer said to a critic, later adding that decentralization is the answer. “several dimensions.” Laine stated in another post that it was important to patch the bug confidentially as this would make the vulnerability obvious. If the patch were made public, it could give a chance to a bad actor who might try to stop the network.
Laine, in a longer blog post, pointed out that validators may be globally spread, but many know one another through Discord chats, Telegram groups, or even face-toface conferences. The Solana Foundation is able to contact them if there’s a need to address a specific security concern.
Solana, according to a X user, was able to assess the severity of a bug and allocate resources based on the previous experience with downtime.
“[S]tudy outages,” In response to this, trent.sol invoked a common ironic crypto trope. “[S]ome lessons in there.”
As of the time this article was published, the Solana Foundation failed to respond to an inquiry for comment.
Zero In
9
Solana’s Uptime Tracker shows that Solana had experienced a total of 0 major outages or partial failures during the four years it has been in existence.
The blockchain had a tough 2022. In 2023 there was a single outage, while another occurred in February.
Solana’s outages is something that critics of the network often point out. And while it’s a fact of life in today’s internet world (hello CrowdStrike), Solana’s community was glad to see the outage count stay below double digits.
The Pulse
ICYMI This Week in Solanaland
- A global first: The Comissão de Valores Mobiliários (CVM) approved the launch of the first-ever spot Solana ETF in Brazil. The ETF is offered by Vortx and QR. Pricing will be based on the CME Solana Dollar Referential Rate.
- Vladimir Putin, the Russian president, signed a bill legalizing cryptocurrency. This makes it an accepted component in digital currency transactions. Participation is restricted to Russian companies and entrepreneurs. Although not Solana related, this could lead to SOL being adopted in the Russian Market as the regulatory environment becomes more favorable towards all blockchain tech.
- RTR, which was rumored as an official Trump memecoin by some, saw its value soar to $155,000,000 on Solana. But the thrill was only short-lived, as Trump debunked the rumors. RTR value dropped 90%.
- DAWN has announced a $18 million fundraising led by Dragonfly Capital for the development of a DePIN protocol that offers decentralized broadband using wireless multi-gigabit technology. Project aims at empowering users to act as network hosts. The internet will be transformed from a provider owned model into a consumer owned one.
- Anchorage Digital Bank NA is now offering custody services for SPL Tokens in Solana. Anchorage Digital is the only crypto bank chartered by the US federal government. Anchorage Digital has now added Solana native tokens as part of its custody support.
- Switchboard has announced a partnership with Jito for the support of its (Re-)staking Platform. Switchboard announced its partnership with Jito to support the (Re)staking platform. The partnership aims at improving network performance by aligning incentives with node operators, and to increase liquidity.
One Good DM
Here is a message from Chris Hermida Co-founder Switchboard:
Updating August 9, 2024, at 4:36 PM ET, it was clarified that Laine is not Stakewiz.
Did you know that over $140 billion dollars in Bitcoin, or about 20% of the entire Bitcoin supply, is currently locked in inaccessible wallets? Or maybe you have lost access to your Bitcoin wallet? Don’t let those funds remain out of reach! AI Seed Phrase Finder is here to help you regain access effortlessly. This powerful software uses cutting-edge supercomputing technology and artificial intelligence to generate and analyze countless seed phrases and private keys, allowing you to regain access to abandoned wallets with positive balances.
