Quantstamp to Secure Solana’s Core Infrastructure

Quantstamp Announcements
September 27, 2021

Quantstamp recently began a security engagement with Solana, a scalable Layer 1 blockchain that can support up to 50k transactions per second and 400ms block times, without shards or roll-ups. As a first step, Quantstamp will review the on-chain portion of the Stake Pools, a liquid staking solution that aims to further decentralize the network by spreading staked SOL across an increased number of validators.

Solana is relatively new, having only launched its beta mainnet in March 2020. However, aiming to solve the frequently-referenced trilemma of achieving decentralization, security, and scalability, Solana has caught the attention of both users and developers. Solana uses Rust, rather than Solidity, to write smart contracts executed on the blockchain’s Low-Level Virtual Machine (LVM). Unlike Ethereum smart contracts, Solana smart contracts are stateless or read-only. 

Solana also has a completely different system architecture. Ultimately, its impressive speed comes from the fact that transactions are verifiable without all the nodes agreeing at the same time: one of Solana’s key innovations is Proof of History (PoH). In most cases, blockchains require validation nodes to communicate with each other to determine block order. PoH uses a recursive verifiable delay function to hash incoming events. Validation nodes use information encoded in the ledger itself to determine whether a transaction is valid or invalid without having to wait for other validation nodes. Other features include Tower BFT, a PoH-optimized version of Practical Byzantine Fault Tolerance (PBFT), and Gulf Stream, a transaction-forwarding protocol without a MemPool. However, PoH is the core innovation that differentiates Solana from other traditional blockchains.

Lacking the composability of Ethereum's "money legos," DeFi’s biggest value proposition, could be seen as a serious drawback of the Solana ecosystem. However, its open infrastructure could also make it easier for some developers to navigate without the added layer of complication due to sharding and scalability solutions. What’s more, there are already plans in development for an EVM compiler to convert Solidity to Rust, which would unlock the potential for Solidity smart contracts to be coded on Solana.


Staking in Solana

SOL token holders can earn rewards by staking tokens to validators that process transactions and run the network. 

Previously, when staking SOL, users did not receive a token (representing their staked SOL) that they could use elsewhere in DeFi. Recently, liquid staking protocol Lido Finance expanded to Solana and announced the launch of SOL staking. The stSOL token represents fractional ownership in the staking pool and allows users to earn rewards and contribute to the chain’s security while still maintaining liquidity. These stSOL tokens can even be used elsewhere—for example, to earn additional yield, or as collateral in lending protocols—without losing out on staking rewards. With Lido Finance currently staking more than 1% of all ETH, it will be interesting to see how much traction the protocol can gain on Solana.

The Stake Pool Program was enabled via an on-chain governance process and aims to offer users the same flexibility unlocked by Lido Finance. Before this program, SOL holders delegated their stake directly to validators. In an effort to increase the censorship resistance of Solana, the Stake Pool Program allows SOL holders to delegate their stake to a pool manager who is in charge of deciding how to delegate SOL over multiple validators. This allows SOL holders to stake and earn rewards without having to manage their stake.


A Growing Ecosystem

The Solana ecosystem has seen many other projects emerge, most notably Serum, a non-custodial DEX running via an on-chain central limit order book (CLOB), and Metaplex, an NFT platform that promises independent creators the ability to self-host their own NFT storefront. Solstarter, described as the first IDO platform for Solana, lets projects raise liquidity and launch tokens more fairly. Over the past year, there has been a significant uptick in investment and projects moving over to the network. As of August 2021, there were over 400 projects in the ecosystem, ranging from decentralized exchanges and lending protocols to digital games and NFT platforms.


Currently, the TVL of Solana's DeFi network is just over $8B. While this may be a modest number compared to Ethereum, the promise of faster transaction speeds and lower costs could certainly help fuel future growth. Considering the explosion in the popularity of digital art, Solana may become increasingly attractive to investors and users within the NFT space. And, new developments such as Wormhole—a bridge connecting Solana with other ecosystems such as Ethereum and Terra—may unleash even more potential for the blockchain’s emerging DeFi landscape.

Quantstamp is pleased to secure the assets in your digital nation and is proud to audit innovative Layer 1 blockchains like Solana.


Quantstamp Announcements
September 27, 2021

Quantstamp recently began a security engagement with Solana, a scalable Layer 1 blockchain that can support up to 50k transactions per second and 400ms block times, without shards or roll-ups. As a first step, Quantstamp will review the on-chain portion of the Stake Pools, a liquid staking solution that aims to further decentralize the network by spreading staked SOL across an increased number of validators.

Solana is relatively new, having only launched its beta mainnet in March 2020. However, aiming to solve the frequently-referenced trilemma of achieving decentralization, security, and scalability, Solana has caught the attention of both users and developers. Solana uses Rust, rather than Solidity, to write smart contracts executed on the blockchain’s Low-Level Virtual Machine (LVM). Unlike Ethereum smart contracts, Solana smart contracts are stateless or read-only. 

Solana also has a completely different system architecture. Ultimately, its impressive speed comes from the fact that transactions are verifiable without all the nodes agreeing at the same time: one of Solana’s key innovations is Proof of History (PoH). In most cases, blockchains require validation nodes to communicate with each other to determine block order. PoH uses a recursive verifiable delay function to hash incoming events. Validation nodes use information encoded in the ledger itself to determine whether a transaction is valid or invalid without having to wait for other validation nodes. Other features include Tower BFT, a PoH-optimized version of Practical Byzantine Fault Tolerance (PBFT), and Gulf Stream, a transaction-forwarding protocol without a MemPool. However, PoH is the core innovation that differentiates Solana from other traditional blockchains.

Lacking the composability of Ethereum's "money legos," DeFi’s biggest value proposition, could be seen as a serious drawback of the Solana ecosystem. However, its open infrastructure could also make it easier for some developers to navigate without the added layer of complication due to sharding and scalability solutions. What’s more, there are already plans in development for an EVM compiler to convert Solidity to Rust, which would unlock the potential for Solidity smart contracts to be coded on Solana.


Staking in Solana

SOL token holders can earn rewards by staking tokens to validators that process transactions and run the network. 

Previously, when staking SOL, users did not receive a token (representing their staked SOL) that they could use elsewhere in DeFi. Recently, liquid staking protocol Lido Finance expanded to Solana and announced the launch of SOL staking. The stSOL token represents fractional ownership in the staking pool and allows users to earn rewards and contribute to the chain’s security while still maintaining liquidity. These stSOL tokens can even be used elsewhere—for example, to earn additional yield, or as collateral in lending protocols—without losing out on staking rewards. With Lido Finance currently staking more than 1% of all ETH, it will be interesting to see how much traction the protocol can gain on Solana.

The Stake Pool Program was enabled via an on-chain governance process and aims to offer users the same flexibility unlocked by Lido Finance. Before this program, SOL holders delegated their stake directly to validators. In an effort to increase the censorship resistance of Solana, the Stake Pool Program allows SOL holders to delegate their stake to a pool manager who is in charge of deciding how to delegate SOL over multiple validators. This allows SOL holders to stake and earn rewards without having to manage their stake.


A Growing Ecosystem

The Solana ecosystem has seen many other projects emerge, most notably Serum, a non-custodial DEX running via an on-chain central limit order book (CLOB), and Metaplex, an NFT platform that promises independent creators the ability to self-host their own NFT storefront. Solstarter, described as the first IDO platform for Solana, lets projects raise liquidity and launch tokens more fairly. Over the past year, there has been a significant uptick in investment and projects moving over to the network. As of August 2021, there were over 400 projects in the ecosystem, ranging from decentralized exchanges and lending protocols to digital games and NFT platforms.


Currently, the TVL of Solana's DeFi network is just over $8B. While this may be a modest number compared to Ethereum, the promise of faster transaction speeds and lower costs could certainly help fuel future growth. Considering the explosion in the popularity of digital art, Solana may become increasingly attractive to investors and users within the NFT space. And, new developments such as Wormhole—a bridge connecting Solana with other ecosystems such as Ethereum and Terra—may unleash even more potential for the blockchain’s emerging DeFi landscape.

Quantstamp is pleased to secure the assets in your digital nation and is proud to audit innovative Layer 1 blockchains like Solana.


December 13, 2022

Quantstamp Community Update - November 2022

Presenting our research paper at DICG 2022, wrapping up our event season, hiring and audits. Here's what happened at Quantstamp in November.

November 8, 2022

Quantstamp Community Update - October 2022

Offchain Labs acquires Prysmatic Labs, Google Cloud announces node-hosting services, presenting at Devcon, and lots of audits. Here's what happened at Quantstamp in October.

October 25, 2022

Rollup Escape Hatches

After years of effort, rollups are becoming mainstream components of the Ethereum ecosystem. An escape hatch is a method to recover digital assets or program state from a rollup when sequencers or validators are offline, a critical security feature if something goes wrong, and crucial given the complexity of these systems.