Solana Addresses Critical Security Vulnerability

Solana developers, validators, and client teams acted quickly to fix a significant security vulnerability by securing a supermajority of the network’s stake before making the issue public.

The process began on Wednesday, Aug. 7, 2024, when the Solana Foundation contacted known network operators through private channels, according to validator Laine. This initial outreach was part of a strategy to patch the vulnerability discreetly to prevent any exploitation.

Laine mentioned that the patch, shared via Anza engineer’s GitHub repository, allowed operators to verify and implement the changes independently. By Thursday, Aug. 8 at 14:00 UTC, detailed instructions were sent to various stakeholders, securing 66.6% of the network’s stake.

The vulnerability was disclosed publicly after 70% of the network had implemented the patch. Subsequently, Solana Labs issued a Discord announcement urging remaining operators to update their systems. The announcement stated: “Core contributors have identified a network security issue that requires an urgent response. v1.18.21 with a patch will be available in 30 minutes. Please prepare to upgrade as soon as the announcement is sent.”