In April, Solana network participants implemented an emergency upgrade to address a serious security vulnerability that could allow attackers to mint and steal tokens. Nonetheless, the coordinated effort to execute the mitigation measures and patch the vulnerability has raised concerns about the network’s level of decentralization.
Solana's Overnight Emergency Upgrade Raises Concerns About Its True Level of Decentralization
WRITTEN BY
SHARE
Solana’s Quiet Emergency Upgrade Raises Concerns Among Crypto Actors About Decentralization
The swift action that Solana network actors took to mitigate a serious vulnerability last month has raised concerns about the decentralization level of the network. According to a postmortem report published by the Solana Foundation on May 2, validators coordinated a set of two patches that addressed a vulnerability potentially allowing attackers to mint unlimited tokens and withdraw tokens from any account by quietly applying a series of patches.
While the vulnerability was not exploited, the main Solana validator projects quietly coordinated this action, which was applied on April 17.
Even when the action was focused on protecting the network’s users and their funds, the swiftness of this action and the level of coordination between network actors have left some worried about a possible collusion of these same actors to advance pernicious changes to the protocol.
Grant Hummer, founder of Etherealize, a marketing institution part of the Ethereum ecosystem, blasted this action, stressing that this kind of development might also be implemented for less noble purposes.
He asked:
If your chain can hard fork overnight with a small group of datacenter validators in a Discord chat room, what else can it do overnight? Steal, freeze or delete your assets, maybe?
Furthermore, he wondered what would happen in the case of a hypothetical coercive attack by government officials against Anatoly Yakovenko, co-founder of Solana Labs.
While critics state that in the same situation, bitcoin and ethereum developers would behave similarly, Hummer stressed that the difference lies in the time and coordination such an endeavor would take. “That’s not a blockchain – that’s a glorified company division,” he concluded.
This is the second time Solana has applied an emergency upgrade: In August, a critical security issue was also patched similarly, raising worries about the same behavior at the time.
Read more: Anza Commits to Scale Solana to 1 Million Transactions per Second
