Solana developers, validators, and client teams fixed a critical security vulnerability by securing the vast majority of their network stake before publicly disclosing the issue. The process began on Wednesday, August 7, 2024, when the Solana Foundation contacted known network operators through private channels, according to Solana validator Laine. This initial contact was part of a strategy to patch the vulnerability so that it could not be exploited in any way.
The patch, made available through an Anza engineer’s GitHub repository, allowed operators to independently verify and implement the changes. By Thursday, August 8 at 14:00 UTC, detailed instructions on how to implement the patch had been distributed to various stakeholders, resulting in 66.6% of network stake being protected.
The vulnerability was publicly disclosed after 70% of the network had implemented the patch. Solana Labs then posted an announcement on Discord calling on all remaining operators to update their systems. The announcement read: “Core contributors have identified a network security issue that requires an urgent response. v1.18.21 with a patch will be available in 30 minutes. Please be prepared to upgrade as soon as the announcement is sent.”
Image: Binance Academy
