Liquid Stake with compassSOL for an 8.82% APY from staking, MEV + fees
Enjoy the freedom of liquid staking in Solana Defi while delegating your stake to the high performance Solana Compass validator. Stake or unstake at any time here, or with a Jupiter swap.
Benefit from our high staking returns and over 2 years experience operating a Solana validator, and receive additional yield from priority fees + MEV tips
Earn 7.1% APY staking with Solana Compass
Help decentralize and secure the Solana network delegating your stake to us and earn an impressive 7.1% APY yield on your SOL, while supporting us to create new guides and tools. Learn more
Stake your SOL
- Click to connect your wallet
- Enter the amount you wish to stake
- Kick back and enjoy your returns
- Unstake from your wallet or our staking dashboard
Earn 7.1% APY staking with Solana Compass
Help decentralize and secure the Solana network delegating your stake to us and earn an impressive 7.1% APY yield on your SOL, while supporting us to create new guides and tools.
Breakpoint 2023: Securing FireDancer
Published on 2023-11-09
FireDancer's security enhancements and strategies presented at Breakpoint 2023
Summary
At Breakpoint 2023, Felix Belam, a security researcher from Jump, revealed the sophisticated measures implemented to bolster the security and reliability of FireDancer, an independent Solana validator. The strides made towards making FireDancer robust involve two primary strategies: defense-in-depth approach and embedding security into the development lifecycle. These advancements not only enhance its security profile but also shape FireDancer into an exemplar of secure software design within blockchain networks. As FireDancer is still in development, this discussion is pivotal in understanding how modern validators are preparing to be foundational building blocks in the financial infrastructure of the future.
Key Points:
FireDancer's Purpose and Security Vision
FireDancer is an innovative independent Solana validator designed to augment the ecosystem's robustness and performance. With a vision to maintain an independent technical stack, the project emphasizes diversity within the blockchain network's supply chain, reducing exposure to single points of failure. This approach to security is critical when considering the network's vulnerability to compromised third-party libraries, standard language libraries, and even compiler bugs. Introducing a second validator increases security against a broad array of attacks that may no longer be existential risks but remain significant threats.
Defense-in-Depth Approach
Defense-in-depth is a multi-layered security strategy that acknowledges that software will inevitably encounter vulnerabilities but aims to minimize their potential impact. By isolating FireDancer's components into individual processes with disciplined communication protocols, the system enhances the difficulty for potential attackers. If one component is compromised, the architectural boundaries limit the breach's impact, making FireDancer a more resilient system overall. This clear separation solidifies each component's defense, ensuring a bug in one area does not spell a complete system compromise.
Embedded Security Team
The embedded security program is integral in identifying and preventing security flaws during the development stages. This proactive approach includes continuous collaboration between security and engineering teams, fostering a culture of early engagement and responsiveness to security concerns. Critical to this process is using industry-standard fuzz testing to expose vulnerabilities and conducting code reviews to catch issues missed by automated tests. This reflective practice uses the findings from reviews as a feedback loop to improve security mechanisms continually.
Upcoming Security Initiatives
With the goal of launching FireDancer on the mainnet, the team is scaling up their security measures, which include engaging industry-leading security firms for external audits and planning the introduction of a bug bounty program. These steps reinforce their commitment to security and offer fresh perspectives to identify and address any oversights. The bug bounty program, in particular, seeks to leverage the broader security community's expertise to refine the validator before the mainnet deployment.
Facts + Figures
- FireDancer aims to be an independent Solana validator to enhance ecosystem security.
- A defense-in-depth strategy is employed to mitigate the impact of any potential vulnerabilities within FireDancer.
- Each component of FireDancer runs in its own process, limiting the damage in case of a compromise.
- The embedded security strategy facilitates early vulnerability detection and continuous security integration.
- A bespoke fuzz testing infrastructure is pivotal to the security process, scaling with computational resources.
- The security team values the insights learned from code reviews to improve the security program.
- An upcoming bug bounty program will be announced to involve the security community in testing FireDancer.
- External security audits by top security companies are planned before FireDancer's mainnet launch.
Top quotes
- "...introducing a second validator to Solana and keeping it's tech stack as independent as possible from the main labs validator is a clear security win..."
- "All software will have security vulnerabilities sooner or later."
- "Tiles are core building block of firedancer. And tile isolation is natural outcome of its architecture."
- "We consider most tiles to be compromised. This means that we consider the shared memory interface between two tiles as a security boundary."
- "Fuzzing is kind of the gold standard in the industry to automatically identify vulnerabilities in complex C software..."
- "Our experience actually has shown that there's only a partial overlap between the bugs found by fuzzing, and the ones found by code review."
- "Fire Dancer is still alpha software and very much in development."
Questions Answered
What is FireDancer?
FireDancer is a new independent Solana validator designed to improve the robustness and performance of the ecosystem. It aims to provide a diversified technical stack for the blockchain network, offering a more secure alternative to existing validators.
Why is a defense-in-depth strategy important for FireDancer?
A defense-in-depth strategy is crucial for FireDancer as it assumes vulnerabilities will occur and aims to minimize the impact and reach of any potential exploits. This layered approach adds robustness and ensures that even if one component is compromised, it does not lead to total system failure.
How does FireDancer's architecture enhance security?
FireDancer’s architecture enhances security by isolating components into separate processes. This limits the capacity of an attacker to impact the validator as a whole, making it difficult for an exploit in one component to propagate throughout the system.
What are the significant challenges FireDancer faces in terms of security?
One challenge for FireDancer is its requirement to mimic the behavior of the main Solana Labs validator accurately, which adds complexity to the project. Additionally, its codebase in C lacks built-in memory safety features that languages like Rust offer, increasing the potential for memory safety vulnerabilities.
How is the security team preparing FireDancer for mainnet launch?
To prepare FireDancer for the mainnet launch, the security team plans to engage with top security firms for external audits and announce a bug bounty program. Both these initiatives are aimed at identifying and resolving any security issues to ensure a robust validator before going live on the mainnet.
On this page
Related Content
Breakpoint 2023 Highlights
An overview of Solana's achievements and the future of decentralized networks presented at Breakpoint 2023.
Breakpoint 2023: Finding Utility for NFTs
An in-depth look into the expanding utility and application of NFTs in Web3.
Breakpoint 2023: Building a Creator Community
Industry experts discuss empowerment and innovation in the NFT creator community.
Breakpoint 2023 Recap - Day 1
Breakpoint 2023 commences with the live launch of Firedancer on testnet.
Breakpoint 2023: Auditor's Panel
Insights from leading blockchain auditors on the importance of security in the Solana ecosystem.
Breakpoint 2023: Gaming in Web3 Panel
Leaders in the Web3 gaming space discuss the challenges and opportunities within the industry.
Breakpoint 2023: OpenBook v2
Rebuilding Decentralized Finance Post-FTX Crisis: The Launch of OpenBook v2
Breakpoint 2023: When Are You Going to Get Serious About Security?
A compelling call for developers to prioritize security in the Web3 ecosystem.
Breakpoint 2023: Building Blocks of a Regenerative Economy
An insightful discussion on blockchain's role in establishing a regenerative economy.
Breakpoint 2023: tBTC comes to Solana
Discussions on the integration of tBTC, a decentralized Bitcoin, into the Solana ecosystem.
Breakpoint 2023: Closing Remarks
A heartfelt closure to Breakpoint 2023 emphasizing community contribution and project growth.
Breakpoint 2023: Star Atlas Session
A visionary presentation on Star Atlas's intersection of gaming and blockchain on the Solana platform.
How to Instantly Unstake + Withdraw SOL from Solana Staking
Learn how to unstake SOL from Solana staking and withdraw your SOL from Solana staking.
- Our Validator
- Borrow / Lend
- Liquidity Pools
- Token Swaps & Trading
- Yield Farming
- Solana Explained
- Is Solana an Ethereum killer?
- Transaction Fees
- Why Is Solana Going Up?
- Solana's History
- What makes Solana Unique?
- What Is Solana?
- How To Buy Solana
- Solana's Best Projects: Dapps, Defi & NFTs
- Choosing The Best Solana Validator
- Staking Rewards Calculator
- Liquid Staking
- Can You Mine Solana?
- Solana Staking Pools
- Staking On Solana
- How To Unstake Solana
- How To Unstake Solana
- How validators earn
- Best Wallets For Solana