Solana Network Disruption: Vulnerability Exposed

Solana Network Disruption: Vulnerability Exposed
Solana Network Disruption: Vulnerability Exposed

Solana network team deployed a fix to address the issue, which was previously identified but not resolved.

The post-mortem report about the Solana network disruption this week implicated a pre-existing vulnerability.

On Tuesday, the network was inoperable for five hours. Validators, which are accountable for operating the software that adds and verifies transactions to the blockchain and are a critical infrastructure layer of Solana, subsequently resumed the network before 10:00 a.m. ET.

The post-mortem, composed by Anza, deduced that the validators encountered a halt on a specific block due to an infinite cycle introduced by a bug.

An endless cycle results in validators performing the same action indefinitely; since validators are inactive, the network cannot process additional transactions.

More precisely, an error was discovered in Solana’s Just-in-Time (JIT) compilation cache, which caused specific older programs to undergo an infinite cycle of recompilations; as a result, network resources were monopolized and operations were halted.

Addressing Vulnerabilities in the Solana Network

Consequently, the compiler, designed to optimize performance through real-time code compilation, emerged as a bottleneck. To address this issue, the Solana team implemented a remedy within a new release, circumventing the loops.

“The problem was consistent with a vulnerability discovered during the investigation of a recent Devnet outage and for which a remedy was scheduled to be deployed shortly.” In April 2022, the issue was initially reported to the Solana security team.

“By eliminating the ability to generate the necessary preconditions to activate the flaw, this fix offers a more straightforward resolution. A more comprehensive fix will be incorporated alongside additional LoadedProgram enhancements and permitted to stabilize with the regular release cycle,” the report elaborated.

It was the sixth significant disruption that Solana network had experienced since its inception. The last outage for Solana occurred in February of the previous year.

In response to the news of the outage, the price of SOL, Solana’s native asset, momentarily declined, as noted at the time. However, it quickly recovered, and market data suggested that market reactions to Solana network disruptions have recently become less pronounced.