Solana developers, validators, and client teams have successfully addressed a critical security vulnerability by securing a supermajority of the network’s stake before making the issue public. The coordinated effort ensured that the network remained protected throughout the process.
The operation began on Wednesday, August 7, 2024, when the Solana Foundation discreetly contacted known network operators through private channels. This cautious approach was designed to patch the vulnerability without exposing the network to potential exploitation.
According to Solana validator Laine, the patch was provided through an Anza engineer’s GitHub repository, allowing operators to independently verify and apply the necessary changes. By Thursday, August 8, at 14:00 UTC, detailed instructions for implementing the patch were distributed to stakeholders, leading to 66.6% of the network’s stake being secured.
Public disclosure of the vulnerability occurred after 70% of the network had implemented the patch. Following this, Solana Labs issued a Discord announcement, urging all remaining operators to update their systems promptly. The statement emphasized the urgency of the situation: “Core contributors have identified a network security issue that requires an urgent response. v1.18.21 with a patch will be available in 30 minutes. Please be prepared to upgrade as soon as the announcement is sent.”