Reported by The Block: Solana developers, validators, and client teams worked together to address a critical security vulnerability.
The developers ensured a supermajority of the network stake was patched before public disclosure.
Solana developers, validators, and client teams addressed a critical security vulnerability by securing a supermajority of its network stake before publicly disclosing the issue.
The process started on Wednesday, Aug. 7, 2024, when the Solana Foundation contacted known network operators through private channels, according to Solana validator Laine. This initial contact was part of a strategy to patch the vulnerability discreetly so it couldn’t be exploited in any way.
Laine added that the patch, made available via an Anza engineer's GitHub repository, enabled operators to independently verify and apply the changes. By Thursday, Aug. 8 at 14:00 UTC, detailed instructions for implementing the patch were distributed to various stakeholders, resulting in 66.6% of the network’s stake being secured.
The vulnerability was publicly disclosed after 70% of the network had implemented the patch. Then, Solana Labs issued a Discord announcement urging all remaining operators to update their systems. The statement read: “Core contributors have identified a network security issue that requires an urgent response. v1.18.21 with a patch will be available in 30 minutes. Please be prepared to upgrade as soon as the announcement is sent.”
Solana
