Anza disclosed a vulnerability in the Solana validation node and recommended upgrading to v2.2.8.

WuSaidBlockchainW · 2025-04-25T01:25:29+00:00

The vulnerability of the ed25519 and secp256k1 precompiled programs in the Solana Virtual Machine (SVM) poses risks to validator Nodes. Anza and Temporal reported the issue, and Anza released v2.2.8 to fix it, recommending to disable --transaction-structure view and upgrade. The vulnerability affects Node availability but does not involve fund security.

WuSaidBlockchainW

2025-04-25 01:25:29

Abstract generation in progress

Wu reported that Anza identified vulnerabilities in the ed25519 and secp256k1 precompiled programs within the Solana Virtual Machine (SVM), affecting validator nodes running version v2.2 with the --transaction-structure view enabled. The vulnerability arises from the assumption that transaction instruction data is 2-byte aligned, leading to errors under the new transaction view (transaction-view) without alignment guarantees, causing mismatches between the leader node and the cluster’s bank hash, which could lead to node crashes and network availability risks. The vulnerability was reported by Temporal on April 9, and Anza released v2.2.8 on April 11 to fix it by removing the alignment assumption. This vulnerability does not affect fund security. Anza recommends disabling the --transaction-structure view and upgrading to the patched version.

SOL-1,12%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

1 Likes