Solana – does Proof-of-History improve security?

Layer 1 crypto platform, Solana, offers a faster and cheaper blockchain solution to Ethereum. This is achieved using Proof-of-History combined with Proof-of-Stake consensus. We look at any security implications.

In this article we examine what is Solana, how Proof-of-History works, together with Solana’s security plus any recent breaches.

What is Solana?

Solana is a decentralized blockchain built to enable scalable, user-friendly apps for the world.

At the time of writing Solana (SOL) is the 5th highest cryptocurrency by market cap. It is an Open Source project that focuses on providing a permissionless blockchain platform for Decentralized Finance (DeFi) solutions.

The Solana protocol aims to improve scalability of its blockchain by using a hybrid consensus model that combines Proof-of-History (PoH) and Proof-of-Stake (PoS). Solana is known for very short processing times of cryptocurrency transactions.

A Solana cluster is a set of independently owned computers working together (and sometimes against each other) to verify the output of untrusted, user-submitted programs.

The native token of Solana is SOL. These tokens are sent to nodes, within a Solana cluster, in exchange for running on-chain programs or validating their output. Micropayments can be made in fractional SOL’s that are known as ‘lamports’.

What is Proof-of-History?

A stack of proofs, each which proves that some data existed before the proof was created and that a precise duration of time passed before the previous proof. Like a VDF*, a Proof of History can be verified in less time than it took to produce.

* Verifiable Delay Function – takes a fixed amount of time to execute and produces a proof that it ran.

PoH is the main component of the Solana protocol and is responsible for processing the majority of the transactions. Successful operations are recorded by PoH together with the time that has passed between them. This ensures the trustless nature of the blockchain.

PoH’s primary aim is to overcome ‘on-time agreement’ which is a core problem with distributed systems. Most decentralized networks use trust together with centralized timing solutions but these are costly to maintain. What PoH does is to create a historical record proving that an event occurred at a specific moment in time.

PoS consensus acts as a monitoring mechanism for the PoH processes and validates each sequence of blocks produced by it.

How does Solana process transactions?

Transactions within the Solana blockchain are processed by nodes that are grouped together in clusters. Each cluster has a leader node that is responsible for distributing blockchain entries to validator nodes and in return collects the submitted votes confirming that the entries are valid.

Clients send transactions to any node within a cluster, if the node is a validator then the transaction is forwarded to the leader. The leader groups transactions into bundles, adds a timestamp, and distributes them to validators via the cluster’s ‘data plane’.

At any time only one node within a cluster can produce ledger entries – this is the leader. To avoid the potential of a malicious leader censoring votes that could cause corrupted or manipulated blockchain entries, the cluster rotates which node acts as leader. Additionally validators reject blocks that are not signed by the current leader.

Does Solana have security issues?

Solana is a Layer 1 cryptocurrency blockchain solution which is used as a platform for building a variety of dApps (Distributed Applications) on top of it.

Security therefore has two levels of strength and potential weakness:

  • Solana itself
  • dApps built on Solana

Examples of some top Solana dApps covering a variety of categories include:

Below are a selection of Solana, or Solana-based dApp, security breaches that have occurred in recent times:

  • DDoS attack on Solana (Dec 2021)
    A Distributed Denial-of-Service (DDoS) attack was launched on the Solana network rendering it slow and unusable for end users. This followed a 17 hour outage in September 2021. The problem was mitigated without the need for a network shutdown.
  • Justin Kan’s NFT security breach (Dec 2021)
    The Solana-based Fractal platform suffered a scammer attack when the announcement bot on the startup’s Discord server sent out a fraudulent link to 100k+ users. The message promised users access to 3,333 commemorative NFT’s celebrating the platform’s success. The fake link directed users to a minting site that took funds for nothing in return.
  • Monkey Kingdom $1.2m hack (Dec 2021)
    The Solana-based NFT project was the victim of a coordinated attack on thousands of people whilst they attempted to follow a minting link produced by a malicious bot. This resulted in permissions being requested from a hacker’s wallet that once granted proceeded to drain SOL from the targeted user wallets.
  • Zero-day exploit attack disrupted (Aug 2021)
    Several cryptocurrency exchanges, that support the Solana blockchain, were targeted by a hacker attempting to merge an ‘orphaned’ wallet with the exchanges’ SOL wallets. The attack involved faking a deposit of Raydium (RAY) tokens and selling them for BitCoin (BTC) that was subsequently withdrawn from the exchange. This attempt did not work out as it resulted in the BTC & RAY crypto assets being sold from the intruder’s wallet.

Does you have any experience of developing with Solana? Have you encountered any security issues? If so please comment below.

Leave a Reply