When it comes to processing transactions on a blockchain, scalability isn’t everything.
That’s the biggest takeaway from the crash that knocked the Solana blockchain offline for seven hours. And it’s not the first crash the blockchain has had this year, suffering six serious outages in January alone.
But instead of sending transaction fees through the roof like on ethereum, which was crippled by a non-fungible token (NFT) minting project this weekend, Solana shut down altogether.
In a postmortem, the blockchain, whose SOL cryptocurrency is No. 7 by market capitalization at $21.4 billion, revealed that it was down for seven hours over the weekend when swarming bots overloaded the blockchain while trying to win a limited edition NFT during a minting event on Metaplex Candy Machine, a non-fungible token minting platform.
See: PYMNTS NFT Series: What Are NFTs and Why Are They Crypto’s Newest ‘Next Big Thing?’
While Solana can handle 65,000 transactions per second — the same top TPS capability as Visa — its developers have claimed that it can handle a theoretical 710,000 TPS
Read more: PYMNTS Blockchain Series: What Is Solana?
But Solana was hit with 6 million transactions requests per second, generating 100 Gbps of data at individual validator nodes that run the blockchain’s consensus mechanism, Solana’s developers said. That was so much that node operators’ servers maxed out their memory and crashed enough of the 1,730 nodes that the blockchain didn’t have enough votes to approve new blocks.
As unconfirmed blocks built up, the blockchain began repeatedly forking — basically splitting in two, see the link below for more detail. When too many forks built up, the only way to resolve the problem was to shut down the entire blockchain, Solana explained.
Also read: PYMNTS Crypto Basics Series: What’s a Consensus Mechanism?
“There is no evidence of a denial-of-service attack, but instead evidence indicates bots tried to programmatically win a new NFT being minted using the popular Candy Machine program,” they explained. And because the first user to request a mint was able to do so, there was an enormous “economic incentive to send a huge number of transactions in hopes of winning the mint.”
The top smart-contract blockchain, ethereum, also suffered an overload this weekend, but instead of crashing altogether, its slowed dramatically and transaction fees skyrocketed to unheard-of heights, ranging from $4,000 to $10,00 each during an NFT minting sale by the developer of top NFT avatar project Bored Ape Yacht Club.
See more: Bored Apes NFT Rampage Spikes Transaction Fees to $200M for 55,000 Sales
In both cases, the immediate problem was that the price of popular NFT lines can be high, with top chains like CryptoPunks and Bored Ape Yacht Club generally selling for a minimum of $200,000, but more than 150 projects’ NFTs sell for at least $1,000.
Not Ready?
There are fixes coming for the specific problem.
Solana NFT minter Metaplex has introduced a bot-focused penalty fee of 0.01 SOL — currently about $0.89 — for each invalid transaction attempt, with safeguards designed to prevent humans from getting hit with penalties for legitimate minting attempts.
Candy Machine is used by a majority of new #SolanaNFT projects to launch their collections. In this change, a 0.01 SOL penalty will be collected when a wallet attempts to complete an invalid transaction, which is typically done by bots that are blindly trying to mint.
— Metaplex (@metaplex) May 1, 2022
While this fix will likely prevent bot swarms like the one that hit Candy Machine, it is being instituted by Metaplex for NFT minting projects on its platform. So, it doesn’t go across Solana, which is clearly vulnerable to DoS attacks.
Solana is instituting several other fixes, some highly technical but another one simply making it easy for projects to add additional fees.
But there’s a bigger problem that goes across blockchains as a whole. Simply put, the lack of middlemen can be a security problem. As most blockchains are open projects on which anyone can build a platform or DApp, there’s effectively no control over who has access to the transaction network.
And as most cryptocurrencies can be divided into very small pieces — each bitcoin has 100 million satoshis, for example — sending transaction can be done very cheaply if there are no safeguards.
It’s one thing to hit Visa.com, for example, with a DDoS attack, but it’s quite another to actually overwhelm the network itself with transactions, which have to go through an approved API or point-of-sale device.
Decentralized networks don’t have this luxury. And as more than a few blockchain themselves are or will be governed by voting-controlled decentralized autonomous organizations (DAOs) instituting fixes could take time than it did on Solana, whose developers were simply able to shut it down and fix the problem.
Read more: PYMNTS DeFi Series: Unpacking DeFi and DAO
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More