Earn 6.36% APY staking with Solana Compass + help grow Solana's ecosystem

Stake natively or with our LST compassSOL to earn a market leading APY

Breakpoint 2023: An Inside Look into the Past and Future of Solana Security

Published on 2023-11-09

An exploration into the evolution and strengthening of security on the Solana blockchain as presented by Neodyme's co-founder.

The notes below are AI generated and may not be 100% accurate. Watch the video to be sure!

Summary

At Breakpoint 2023, Thomas Lambertz, CEO and co-founder of Neodyme, delivered a comprehensive overview of the evolution of security within the Solana blockchain ecosystem. His talk traced the journey from Solana's vulnerable early days to the robust security posture it has developed since. As a security research company specializing in Solana, Neodyme has been instrumental in identifying and mitigating security risks. Lambertz shared insights into the mechanisms that have led to improved contract security, the challenges that developers face, and the initiatives that aim to fortify the ecosystem from potential vulnerabilities.

Key Points:

The Evolution of Security in Solana

Initially, Solana was perceived as difficult to develop due to its complexity and the fledgling state of its security. In its early days back in 2020, the blockchain was fresh and teeming with bugs. Neodyme, under Lambertz's guidance, found hundreds of these bugs, which were mostly minor but still indicative of the ecosystem's immaturity. However, as time progressed and Solana began to mature, several events, such as inflation activation and the adoption of frameworks like Anchor, contributed to a more secure state. Despite setbacks from high-profile hacks in 2022, the ecosystem has learned and adapted, leading to a recovery of security posture and trust.

The Current State and the Path Forward

The present looks much brighter for Solana's security. The ecosystem now boasts over 6,000 contracts, an increase from the previous year, with most utilizing the Anchor framework. Lambertz highlights the pressing issue of contract upgrade authority as a potential vulnerability if not managed properly. Security tooling and education are essential for continued growth and stability. The upcoming initiative called "runtime with you" is poised to change the landscape by making smart contract development and auditing more efficient with typed contracts.

Challenges and Solutions for Security

Thomas Lambertz elaborated on the challenges developers face, such as rounding errors due to low transaction fees and the importance of checking account relationships. Additionally, he mentioned that the focus may shift from smart contracts to the ecosystem, including RPC security. Acknowledging the lack of comprehensive security tools, he advocates for community involvement in building and sharing resources.

Facts + Figures

  • Solana was difficult to develop for in 2020, and many security issues were present at its inception.
  • Neodyme discovered roughly 100 bugs in Solana's blockchain.
  • Solana has gone through significant growth, with Solana's token (SOL) at one point reaching over $200 in value.
  • The introduction of inflation in Solana's ecosystem marked a vital turning point for its development.
  • There are over 6,000 deployed contracts on Solana, signifying a 30% increase since the last year.
  • About two-thirds of these contracts use the Anchor framework.
  • The issue of upgrade authorities poses a threat to contract security.
  • In 2023, there were 22,000 contract upgrades, suggesting high development activity within Solana.
  • The improvement of security tooling is critical for preventing bugs and verifying code.
  • River Garden, a new tool for security, will be introduced to provide free resources to the community.

Top quotes

  • "Has Solana become more secure?"
  • "Solana is only like three years at mainnet. Not even that."
  • "And then Solana starts picking up steam... And that led to like rushed code."
  • "Contracts are upgradable. Many, many of the contracts just have like some upgrade authority which can like completely replace the implementation."
  • "On Solana like the fees are like so insanely low and you can put so many instructions in a single transaction that rounding errors may become worth it."
  • "That's a way to like prove that a transaction was included on chain and it was successful."
  • "Because like once we do like kind of like these silo security implementations of like individual auditors I don't think that can be really like an ecosystem."
  • "Please have a discussion about security come to our talks and I'm excited to be here."

Questions Answered

How has Solana's security evolved since its inception?

Initially, Solana faced myriad security issues, which was common for a new blockchain. However, with the advent of frameworks like Anchor and the active involvement of security companies like Neodyme, Solana's security has significantly improved. Despite high-profile hacks, the ecosystem has adapted, leading to a more secure network today.

What are the current security challenges faced by the Solana blockchain?

Solana developers grapple with issues such as rounding errors and account relationship checks, which are exacerbated by low transaction fees. Contract upgrades and inadequate security tools also pose challenges. The ecosystem is actively seeking solutions through better frameworks, documentation, and community-led projects.

Why are contract upgrades a point of concern in Solana’s security?

Contract upgrades can potentially introduce vulnerabilities if not scrutinized. In 2023, Solana experienced a high average rate of upgrades, with 22,000 across 6,000 contracts, limiting the time auditors have to review each change. This increased frequency makes thorough assessments more difficult, raising concerns about maintaining security.

What future developments are expected to enhance Solana's security further?

Initiatives like "runtime with you" will bring typed contracts to Solana, which promises to streamline development and auditing processes. Improvements to RPC security and transaction receipt verification, as well as community tools like River Garden, are all aimed at fortifying Solana's overall security infrastructure.

How does Neodyme contribute to the security of Solana?

Neodyme conducts security research specifically for the Solana blockchain, identifying vulnerabilities and helping to address them. The company was instrumental in finding numerous bugs in Solana's early days and continues to be involved in security education and tooling for the community.

Related Content

Breakpoint 2023: Fuzzing, Formal Methods, and the State of Solana Security

An exploration of how fuzzing and formal verification techniques contribute to the security of the Solana blockchain.

Breakpoint 2023: ZK on Solana: Private Solana Programs

An exploration of zero-knowledge proofs for enhanced privacy on the Solana blockchain.

Breakpoint 2023: Water from a Stone: Liquid Staking on Solana

A deep dive into the evolving landscape of liquid staking on the Solana blockchain featuring key industry players.

Breakpoint 2023: How Helium Migrated to Solana

The migration of the Helium network to Solana blockchain.

Breakpoint 2023: How to Store Solana NFTs On-Chain - A Brief Overview

An insightful exploration into the essentials of storing NFTs on Solana's blockchain.

Breakpoint 2023: Auditor's Panel

Insights from leading blockchain auditors on the importance of security in the Solana ecosystem.

Breakpoint 2023: Using Compression + NFTs to Build a Data-Rich Blockchain

An exploration into using NFTs and compression methodologies to enhance blockchain data richness.

Breakpoint 2023: The Global State Machine

Breakpoint 2023 provides insight into the advancements and future of the Solana Blockchain and its ecosystem.

Breakpoint 2023: Social Media on Solana

An in-depth look at the evolving landscape of social media on the Solana blockchain from the perspectives of key industry players.

Breakpoint 2023: Solang: Running Solidity Natively on Solana

An introduction to Solang, a tool that compiles Solidity code to run natively on the Solana blockchain.

Breakpoint 2023: When Are You Going to Get Serious About Security?

A compelling call for developers to prioritize security in the Web3 ecosystem.

Breakpoint 2023: Bonds Can Be Interesting, Too

Introducing stable bonds on the blockchain, fostering growth and stability in the DeFi ecosystem.

Breakpoint 2023: Sooner™ Climate Challenges and Opportunities of Blockchain

An exploration of climate challenges and potential roles of blockchain technology for a sustainable future.

Breakpoint 2023: The Good, The Bad, and The Vulnerable

An insightful presentation on secure programming practices for developing Solana blockchain programs

Breakpoint 2023: The Investor Nation

Mongolian entrepreneur shares a vision for transforming Mongolia's economy through blockchain technology