The Wormhole exploit shined the spotlight on a number of things in the crypto industry as users scrambled for answers. Solana, Ethereum, DeFi, cross-chain protocols, and Solana’s proof-of-history consensus mechanism, all came under intense scrutiny. Now, with Wormhole releasing its incident report, there are more voices chiming in.
Time for pest control
The incident report confirmed the basic details of the exploit, such as the signature verification vulnerability in the Wormhole network which let an attacker mint 120,000 Wormhole-wrapped ETH on Solana. 93,750 such tokens were then moved to Ethereum to be unwrapped. The loss came up to more than $321 million.
Addressing rumors that Wormhole contributors already knew about the vulnerability, the report claimed that the vulnerability had indeed been fixed in a new commit added to the Wormhole repository. However, this was reportedly a coincidence that took place along with the Solana toolchain upgrade.
It’s worth noting here that Wormhole’s incident report did not reference any measurable plans or targets for the future, in light of the exploit.
Time to get up to speed
The exploit has once again raised the demons of Solana’s past. In other words, the classic speed versus security debate.
For his part, DFINITY founder Dominic Williams, claimed that Solana’s “security hole” needed to be fixed quickly. He also felt that a consensus needed more than 66% of the nodes, to ensure security.
Solana security hole needs fixing asap?
Seems their consensus proceeds with only 33% of the nodes
Hard math proofs show you need 66%+ for safety. No ifs no buts
Possibilities: 1) is insecure, 2) is centralized, or 3) they've broken Computer Science (unlikely) pic.twitter.com/yqfW3QnfeK
— dom.icp ∞ (@dominic_w) February 3, 2022
Another controversy involved Kyle Samani, Co-Founder of Multicoin Capital which invested in Solana. Samani had declared in 2021 that he valued speed over security.
After the Wormhole exploits, a Twitter user asked Samani if he still felt the same way.
The VC exec answered yes.
You were warned
This isn’t the first time the crypto sector is tightening the screws on Solana’s proof-of-history. In its introduction to Solana which was published in December 2021, Grayscale Investments listed this as a potential risk, noting,
“The Solana consensus mechanism uses a new blockchain technology that is not widely used, and may not function as intended.”
“There may be flaws in the cryptography underlying the network, including flaws that affect the functionality of the Solana Network or make the network vulnerable to attack.”