Solana Security Overview

The goal of Solana is to do what Ethereum can’t: scale without using Layer-2 scaling solutions. 

To achieve this goal, Solana invented an innovative consensus mechanism that combines proof-of-history (PoH) with proof-of-stake (PoS). 

Solana is secured by staking nodes, but it also has a ‘clock’ that establishes when events happen. By having this clock, nodes can confirm blocks without having to verify the entire chain beforehand. This reduces consensus overhead and allows for greater network speed and scalability.

Although this consensus mechanism has worked well for scaling Solana, it is not risk-free. 

Similarly to all new blockchains, the primary risk of Solana’s consensus mechanism is centralization. Steep hardware requirements make it challenging to run a validator node, resulting in Solana having only 2,364 validators. In comparison, Ethereum has 440,263 validators. 

You might be thinking: Who cares about centralization? As long as it’s fast, centralization doesn’t matter. The problem with this is that centralization in blockchains leads to network outages during periods of extreme congestion.

Unsurprisingly, Solana had some network availability issues in the last few years.

Solana experienced 14 network outages in 2022, a less than stellar number for a blockchain that prides itself on speed and scaling.

But what causes these outages at Solana?

On a high level, it’s because the validators can’t handle the transaction loads during peak periods. These peak periods most often come during increased bot activity, such as when NFT minting bots flooded the network with transactions causing it to halt for 7 hours in May 2022.

However, the root cause of these outages is that Solana’s eyes are bigger than its stomach. Solana has very cheap transactions at all times, typically only a fraction of a penny. It doesn’t matter how many people use the network; transactions are always dirt-cheap.

This makes congestion, in theory, limitless. There’s nothing stopping bots from spamming and crashing the network. Because each validator can only handle so much, and there aren’t many validators to spread the workload, the network eventually collapses. 

Ethereum, in contrast, does not have this issue. When Ethereum is congested, gas prices skyrocket. This prevents bots from spamming and crashing the network, as no bot wants to pay $100 per transaction. Instead, Ethereum has issues with the network becoming too expensive for average Joes to use…but that’s a discussion for another day!

Thankfully for Solana, these outage problems are not unsolvable.

Solana has 3 main avenues to solve its outage issue:

1. Increasing decentralization
2. Increasing validator hardware requirements
3. Changing the fee structure

The preferred method of blockchain purists for solving the outage issue would be to further decentralize the network. More validators would mean more computing power in the network to better handle the workload. As a positive side effect, it would also boost Solana’s resistance to attacks from powerful entities such as nation-states. Sounds good if you ask me. 

Although decentralization is the preferred solution, it’s not ideal because it would take a long time to see noticeable improvement. Decentralization is a slow process. This is especially the case with Solana, which requires expensive hardware. In the fast-moving world of crypto, can Solana afford to wait?

Another possible solution would be to increase validator hardware requirements. If each validator can handle more transactions, the network will naturally be more resistant to outages. 

The problem with this is that it is the crypto equivalent of cutting off your nose to spite your face. More stringent validator hardware requirements would definitely increase validator capabilities, but it would also make it even tougher for people to run validators. This would decrease decentralization and negate any boost in individual validator performance. At best, it’s a temporary solution. At worst, it’s a one-way ticket to centralization. 

That leaves a new fee structure as the last possible solution. Turns out that this is actually the route that Solana chose. The plan is simple: raise the fees for just the congested dApps. In theory, this prevents bot attacks from crashing the network while also allowing fees to remain low for the rest of the Solana network. 

Solana’s innovative design took it to the top of the crypto world in less than a year. However, it became clear that the network was not ready for such rapid success, and network outages became as synonymous with Solana as gas fees with Ethereum.

On the bright side, Solana’s recurring outages are a fixable problem. The new fee structure is promising. Decentralization is slowly but steadily improving. Code updates are being put in to prevent bot attacks. And developers are constantly working on improvements. 

People keep saying Solana is broken and the Solana team is listening.  On August 16, 2022, Jump Crypto announced they are working with the Solana Foundation on a 24-month project to develop a new open-source validator client for Solana. This is all in an effort to boost the speed and reliability of the network. 

Going forward, it would be nice to see not just more development from Jump and the Solana team but also more input from outside parties.

Should Solana solve its current network issues, there appears to be little stopping it from becoming a true crypto blue chip.