status

Restarting The Blockchain Is A Security Issue

Published

Yesterday there was another restart of the Solana network after a five-hour outage. This is a long-term problem of this project that the team is unable to solve. Solana occasionally needs a network restart, which requires the cooperation of all validators. It is important to realize that this is a security issue for blockchain. We don't want to be a parasite on someone else's misfortune. However, it is important to understand why the IOG team uses a scientific approach, formal methods, and peer review to build Cardano. Blockchains are mission-critical systems and must run 24/7/365 without rebooting. Failure to meet this requirement is a risk to user funds.

Decentralization Is Supposed To Ensure Availability

One of the motivations for pursuing the migration of centralized services to blockchain is greater resilience against network outages. Decentralization must ensure that after a short-term outage of one or several nodes, services will still be available.

Solana seems less reliable than regular financial services. At the moment, it does not make sense from a business point of view for PayPal to migrate part of its services to a less reliable network.

To ensure 100% availability of services on the blockchain, several conditions must be met.

The client must be reliable. So it must not contain critical bugs. This can be achieved through careful software development. The team must be aware that they are developing a mission-critical system. Scientific research, formal methods, and peer review are essential. However, this approach is more costly in terms of money and time.

If the team's goal is to get their blockchain to market quickly, there's a good chance the software quality will be average.

Client diversity is another way to significantly increase network robustness. Most blockchains today are dependent on only one dominant client. Other client implementations either do not exist at all or exist and are not used. A critical error in the dominant client's code is a risk factor for the reliable operation of the network.

Ideally, there must be multiple client implementations from independent teams, and operators must use these clients evenly. If 4 clients were available and each had 25% representation in the network, there is a good chance that if one version of the client fails, 75% of the nodes in the network will still be able to produce blocks.

Both Cardano and Solana are dependent on a single dominant client. So are Bitcoin, Ethereum, and other blockchains.

Cardano and Solana have completely different network consensus. Teams approach software development quite differently. The difference in practice is that Solana requires regular network restarts while Cardano has been running non-stop for years.

Cardano had a single minor outage in block production. The outage lasted only a few minutes and the network was able to recover without the need for a network restart or manual intervention of operators (SPOs). The outage was proof that the Cardano client is a robust piece of code and the team thought of these crisis scenarios.

Restarting The Network Is A Security Issue

If the network suddenly stops functioning, it is not certain what will happen to the transactions that users submitted shortly before the outage. In theory, a financial loss can thus occur. For example, users could pay for goods and take them home. However, shortly after the payment, the network went down and these transactions may not make it to the blockchain after a restart. Retailers could thus lose money.

Of course, the team will try to prevent this, so they will want to make sure that no already processed transactions are lost. However, this may not always be possible.

If the network is down for hours, it can be a problem for DeFi services. Some financial contracts may expire and users are unable to do anything about it because the network is unavailable. DeFi applications rely on the blockchain running 24/7/365. Smart contracts autonomously perform exactly the operations they are supposed to perform under the given circumstances. If the required action on the part of the users does not take place in time, the smart contract will perform the given operation without the possibility of change. It is not possible for a third party to centrally change something after a network restart.

If DeFi services are to function as decentralized ones, the blockchain must be 100% reliable. If this is not the case, there may be unfairness in the system. Users may not be able to submit a transaction at a critical moment and may lose money as a result.

The team can potentially intentionally manipulate transactions during a network outage. This is a direct threat to the security of the system. It can be seen as a third-party intervention in the functioning of the system, which should behave autonomously and make it impossible for third parties to change anything.

If there are hourly outages of the blockchain, it directly threatens the funds of users. I do not consider Solana a secure network.

Decentralization loses its meaning if the operators have to know each other, be on the same Discord, and cooperate when restarting the network. Essentially, the team forces them to a new version of the client that is untested and could potentially contain malicious code, backdoors, or other bugs. Operators may not have time to deal with the details, as the primary goal is to quickly restore the network.

Ideally, operators should have time to run a new version of the client on the testnet and properly test it. But it could take several days and Solana would have to be stopped the whole time. This is undesirable from the users' point of view. However, from a security point of view, it would be the right approach.

First of all, there must be no blockchain restarts, as this presents many problematic aspects.

Blockchain Is A Mission-critical System

The goal of the crypto industry is to gain people's trust. We all want them to entrust their wealth to blockchain technology. Blockchain networks are mission-critical systems. Security comes first.

The Solana team has in the past laughed at the IOG team for saying that Cardano is building too slowly and that the scientific approach is unnecessary. Time shows that the IOG team chose the best possible way to build Cardano while Solana is losing people's trust.

For financial institutions, security is a key feature. They will research blockchain projects before using or investing in them. For example, VanEck wrote this about the Solana consensus:

' The core issue of this outage and others in the past stems from the fact that Solana is running an experimental system. There is no formal verification of the Solana consensus mechanism, nor is there the ability to predict future failures in Solana's design because of the colossal data volumes that the system processes. Though Solana has implemented numerous improvements to mitigate past issues, Solana's design may make it impossible to understand future complications until they happen. ‘

Some institutions are well aware that the use of formal methods is essential for building reliable blockchain networks. Unfortunately, some people overlook it or maybe don't even know that software can be built in different ways.

Some investor groups like K33, or analytical companies like Messari, will tell you the same thing as the Solana team about the scientific approach or formal methods. It's just that they are biased, possibly bribed, and very likely don't understand software development. Unfortunately, they influence mainstream opinion and decide where investors' money will go. This distorts the market, as some people judge the quality of projects by market capitalization, not by technology.

I wish the Solana team to solve the problems and not have to restart the network from time to time. But I don't believe they will succeed. They would have to start from scratch, scientifically verify that the Solana consensus will be reliable, and then use formal methods to implement the client. This could take several years of development. It might be a good idea to build an alternative client this way.

Some influencers tend to forgive Solana's network outages, arguing that the team is advancing the technological possibilities of blockchain. From my point of view, technological progress cannot limit users in managing their funds or even cause financial loss. This can happen in DeFi services if the blockchain does not run for several hours. Fortunately, Solana is not a DeFi leader, so hopefully, nothing serious happened.

Cardano appears to be a secure blockchain for your funds and a more suitable SC platform for building DeFi services. It is not possible to build reliable DeFi services on top of an unreliable blockchain.

Conclusion

In the past, all blockchains have had some problems. Satoshi had to save Bitcoin through a hard fork. The Ethereum team had to roll back the blockchain due to the DAO hack. Ethereum validators stop working from time to time. This does not cause as serious problems as Solana, but it does indicate problems.

The reality is that Cardano is one of the few blockchains that has never needed a network restart requiring operator coordination, never had a long-term outage in block production, and never had a blockchain rollback. Cardano has a single client implementation, but this implementation is built as a mission-critical system requires.

The lay public does not have a chance to see the difference in the quality of client implementation, but in practice, they can experience it firsthand through network outages and other possible problems. In the long term, this is important. If there are more Solana reboots, this project has no chance to succeed in the financial sector. Sooner or later there will be financial losses that will force people and institutions to abandon this project. Cardano can appear as a technology leader if it maintains its status as a network that does not require reboots.

Featured:

Related articles

Did you enjoy this article? Other great articles by the same author