As announced on August 9, a stealth fix across the Solana blockchain eliminated a major security problem. Laine, a notable Solana validator, said that this activity was started and finished before public revelation, protecting the network from hostile actors.
On August 7, 2024, Solana Foundation leaders uncovered and addressed a key vulnerability, starting the tale. Network validators received the first patch announcement via private messages from confirmed Solana Foundation contacts.
Validators could trust these communications since they were hashed with an incident identification and a timestamp. Notable personalities shared the hash on Twitter/X, GitHub, and LinkedIn to acknowledge the vulnerability without providing information.
Despite its simplicity, this question has arisen. Most validators use Discord, Telegram, Twitter/X, and may know Anza or Foundation staff from Breakpoint. Laine said it's tiresome but not impossible for DM validators to spread such messages, particularly with 5-8 key persons involved in this outreach.
The foundation provided validators with specific guidelines by August 8. At exactly 14:00 UTC, these instructions contained links to download the fix from a GitHub repository owned by an Anza engineer. Thus, validators were told to check downloaded files using SHA sums. Therefore, they could manually check the adjustments. This prevented operators from executing untested code.
Laine said the fix was crucial since “the patch itself discloses the vulnerability,” requiring quick and discreet action. A “superminority” of the network implemented the patch within hours of the first outreach, followed by a “supermajority,” meeting the 70% security criterion.
After reaching the critical level of patched nodes, the Solana Foundation revealed the vulnerability and corrective efforts. This was done to encourage existing operators to improve their systems and ensure community openness.