_{Brought to you by:}

Howdy!

It’s the last day of Permissionless, where I’m hearing a lot of conversations about how to create real value accrual for tokens. Onstage, Variant’s Jake Chervinsky put it succinctly when he said tokens should focus on ownership, not optics. 

Today, we’ve got Firedancer beginning its delegation program and the story behind Solana’s recent critical bug:

Firedancer begins delegating stake to Solana validators

Firedancer has quietly delegated stake to 32 Solana validators to kick off its new delegation program, according to the client’s website.

Delegation, or staking some of an organization’s crypto with a number of validators based on some criteria, has been used by the Solana Foundation to help smaller validators get started on the network. Firedancer may be hoping the delegation program can help convince validators to start running its Frankendancer client, which currently accounts for just 8% of all staked SOL. That proportion is up from 5-6% around a month ago. 

Firedancer is a from-scratch rewrite of Solana’s software being created by Chicago-based trading firm Jump. Firedancer would be Solana’s first true alternative client from the original built by Solana Labs, which is now known as Agave. With two clients, Solana would be protected from having a single point of failure on the client side — which can cause things like network downtime.

A limited version of the client, called Frankendancer because it combined chunks of the Agave client with Jump-written code like Frankenstein’s monster, went live in late 2024. Full Firedancer is live in non-voting mode. The participants in Firedancer’s delegation program are running Frankendancer.

Onchain data shows an account labeled as having been funded by Jump Crypto delegated roughly 20,000 SOL to the approved validators. One validator, Watchtower, received over 1.2 million SOL. In a Discord message, Solana Foundation validator relations lead Tim Garcia said a user named italo, who is associated with Watchtower, is running the delegation program for Firedancer.

The Firedancer delegation participants I spoke to had generally positive things to say about the client. 

H2O Nodes noted that Frankendancer is more stable now than the original Solana client was when it started running a validator in 2022. Ian Unsworth from Kairos Research said the firm’s validator has been packing more compute units into blocks since switching to Frankendancer, which translates to incrementally higher rewards compared to the network average. RockawayX founder and CEO Viktor Fischer agreed — estimating that Frankendancer offers 10-15% higher performance when measured by average compute units. 

Unsworth said Frankendancer is yet to face a true stress test, but added that the reported forthcoming pump.fun token could spike network activity and push Frankendancer’s limits.

Firedancer has said that it plans to delegate 2 million SOL to around 100 validators in the first phase of its delegation program. It also noted every iteration of the program will run for around 3 months. 

Notably, Firedancer’s initial delegation standard of 20,000 SOL per validator is less generous than the Solana Foundation’s Delegation Program. The Solana Foundation stakes 35 million SOL across 569 validators, for an average of roughly 60,000 SOL per validator.

— Jack Kubinec

P.S. Fill out our short audience survey and help us build a better Lightspeed. Thank you!

_{Brought to you by:}

Katana is a DeFi chain built for higher sustainable yield and deep liquidity.

It concentrates liquidity into core applications and channels the chain’s revenue back to the users. Creating a better DeFi experience that benefits the active users on the chain.

Earn KAT tokens: Pre-deposit with turtle club 

Early this morning, the Solana Foundation published a post-mortem on a critical bug in the ZK ElGamal Proof program.

Usually, when a person sends a tx, all related details are recorded publicly onchain. This isn't problematic for regular users, but let's say you're a business account, a treasury wallet, or anyone handling sensitive payments.

In that case, exposing financial behavior can lead to competitors' front-running treasury movements, traders tracking strategic deployments, or malicious actors targeting wallets they know are handling high-value flows.

The ZK ElGamal Proof program deals with this by letting users prove a transfer is valid without revealing the amount sent or received.

On June 10, security researcher @suneal_eth reported a vulnerability to Anza's GitHub advisory. 

Engineers from Anza, Jito, and Firedancer confirmed that a missing component in the hashing step of the Fiat-Shamir transcript allowed attackers to forge valid-looking proofs.

Basically, the flaw would have enabled unauthorized minting or draining of confidential balances. This marks the second vulnerability discovered in the ZK ElGamal system.

Rather than patching in place, Solana disabled confidential transfers via a Token-2022 program update on June 11. Later, client updates contained a feature flag to deactivate the ZK ElGamal Proof program entirely, which was triggered at the start of epoch 805 on June 19.

According to the post-mortem, the program will remain offline pending further audits and fixes. This process is estimated to take “at least a few months.”

Confidential transfers are still in early testing. While several major stablecoins (PYUSD, AUSD, and USDG) have initialized the feature, none appear to have activated it for end-users. Thus, no real value was at risk.

— Jeffrey Albus