- Lightspeed
- Posts
- 🪲 200,000 lines of code
🪲 200,000 lines of code
Solana’s new even-faster client is opening up a bug bounty
Brought to you by:
Howdy!
The Solana ETF bandwagon moved a bit further down the road yesterday, as Cboe filed 19b-4s to list and trade VanEck and 21Shares’ proposed ETFs. Prolific ETF poster Nate Geraci said the “decision clock starts ticking” once the SEC acknowledges the filings.
But we’re all about the tech over at Lightspeed, so let’s pop the hood open for a minute:
Firedancer looks to put out fires
For the first time in some time, we got news about Firedancer this week. The Jump Crypto-created Solana validator client — boasted of as lightning-fast — is running a $1 million bug bounty program through Immunefi from tomorrow until late August.
That’s notable because debugging only seems useful for far-along code, and Firedancer comes up repeatedly whenever I ask someone on the technical side of Solana why they’re bullish on the network.
The bug bounty — which offers money to anyone who finds flaws in Firedancer v0.1 — will ask participants to trawl over roughly 200,000 lines of new code, Immunefi CEO Mitchell Amador told me. Amador said since the codebase is “memory-unsafe,” he expects bug bounty searchers to find some “denial of service conditions.” He added that participants should test the durability of Firedancer’s security.
Solana’s blockchain is created and secured by validators, and these validators run software clients, which are versions of the Solana program. Currently, Solana’s two clients are the original Solana Labs-created client, named Agave, as well as Jito-Solana, which is a fork of the Labs code with some MEV modifications created by Jito.
Ideally, you’d have even more clients: As I’ve written before, clients being forced to compete for validators could incentivize client upgrades to stay faithful to validators’ wishes — and give validators who don’t like choices made by their client’s developers alternative options.
Firedancer is written from scratch in a different programming language from Agave and Jito-Solana, which could also make Solana harder to attack, Jump claims.
Eschewing the Bisquick method of client-building has created quite the workload for Jump though: The codebase has seen nearly-constant updates since July of 2022, according to the client’s GitHub. Today, only a pared-down version of Firedancer, named Frankendancer, is available on testnet — and that’s the subject of the Immunefi bug bounty. Frankendancer uses some Firedancer components alongside Agave’s code for execution and consensus.
Agave uses the Rust programming language, while Firedancer is being written in C, which is tougher to use but offers more fine-grained control over the code. Interestingly, Solana co-founder Anatoly Yakovenko has said he started building Solana in C but switched to Rust because he didn’t have the resources to build the blockchain from scratch at the time.
Some of the apparent difficulties with creating the client from scratch are implementing the QUIC network protocol — which is essentially a set of rules for how data gets passed around on Solana — and matching the Solana runtime, which is Solana’s concurrent transaction processor.
Solana boosters will hope the bug bounty is a harbinger of more concrete news to come. For some time, Firedancer has been held up as the coming Death Star that could do things like push Solana to one million TPS. With the bug bounty — and apparent external audits — these claims are getting closer to the real world.
And for bug searchers, those 200,000 lines of code await.
“Goodbye grass,” one Immunefi Discord member wrote of the contest.
— Jack Kubinec
From modularity to restaking, to the intersection of AI and crypto, to the long-awaited consumer-facing apps to the most recent Bitcoin-related innovations.
We’ll be breaking down all of these and more with the help of a few of the thought leaders in crypto at Permissionless.
Rebuilding a blockchain client from scratch takes a lot of work, it turns out:
This chart from Firedancer’s GitHub tells a pretty notable story: There have been thousands of weekly additions and deletions from the client’s code almost constantly since mid-2022. Two years in, the number of contributions to Firedancer’s code is near an all-time high.
For anyone keeping nerd score at home, the leading contributor to Firedancer is Richard Patel, who has made 892 code commits and over 200,000 additions. I’m hoping he’s developed a good wrist-stretching regimen, at least.
— Jack Kubinec
Last week, Multicoin Capital announced it would match up to $1 million in SOL donations to the Sentinel Action Fund over ten days (with a little under a week remaining). The Sentinel Action Fund backs conservative candidates who claim to support crypto innovation.
By matching donations, Multicoin aims to double the impact of contributions, mobilizing significant financial support for pro-crypto campaigns.
Many in the crypto community, including figures like Dan Spuller of the Blockchain Association, praised Multicoin's leadership for “stepping up for this fall's elections'.' Other positive reactions include @DremeaKal, who tweeted, "Fighting the good fight cheers." @MH3NFT shared, "Excited for this," and @TopoGigio_sol commented, "That’s an incredible initiative." @kanth added, "Thank you for doing this. You are helping the entire community. We are grateful."
Detractors made their positions strongly known as well. @SilvermanJacob criticized the initiative and those choosing to be single-issue voters, "because some billionaire tech execs got Trump to say 'crypto good.'" He also pointed out that Multicoin is supporting candidates who some voters believe are of questionable character, adding "Look who they're supporting: Insane Bernie Moreno and the former SEAL who keeps lying about shooting himself."
Indeed, Bernie Moreno faced accusations of shredding evidence in a wage theft lawsuit, which court records confirmed. The former Navy SEAL mentioned by Silverman is Tim Sheehy, a Republican candidate for the US Senate in Montana who admitted that a gunshot wound he said came from military service was actually the result of an accidental discharge.
The Sentinel Action Fund's connection to Senator Cynthia Lummis, a vocal crypto advocate, has also raised eyebrows in the past. Lummis has faced criticism for her ties to venture capitalists and wealthy crypto investors, leading some to question her motivations and the ethics of her support.
For crypto's single-issue voters, the challenge now lies in balancing the industry's needs with the controversies surrounding some of its political advocates. Whichever way the die is cast, the decisions made in these Congressional races will have lasting implications for the US crypto industry.
— Jeffrey Albus
A message from @metaproph3t, founder of MetaDAO: