2025-12-21 17:23:49

The secp256k1 implementation of Solana has drawn community attention. It is reported that the development team referred to Ethereum's modexp scheme when building this encryption algorithm, and the performance is indeed impressive. However, the problem lies in the fact that only after deploying to the Mainnet was it discovered that this implementation has a significant denial-of-service (DoS) attack vector. Ironically, the developers apparently did not conduct an accurate cost assessment of this security risk and simply disabled the feature. This "enter a position and then pay" approach has sparked considerable discussion within the ecosystem and serves as a reminder for developers to maintain a more cautious balance between performance optimization and security protection.

SOL-5,53%

ETH-3,72%

View Original

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.

15 Likes

Reward
15
8
Repost
Share

Comment

0/400

AlphaWhisperer

· 2025-12-24 06:15

Release first, fix bugs later—this approach is really clever haha

View OriginalReply0

GamefiGreenie

· 2025-12-24 05:37

Get in a position first and buy the ticket later, this is Solana's consistent style, haha Now it’s awkward again, after flaunting performance, being educated on security by taking the opposite position How come they didn’t think about this when focusing on performance, such a big loophole What the ecosystem lacks the most is this kind of solid security audit To be honest, discovering it again on the Mainnet would be considered good luck.

View OriginalReply0

MEVSandwichVictim

· 2025-12-22 17:35

First launch and then fix bugs, this is Solana's traditional skill, haha Performance optimization and security protection are fundamentally like having both fish and bear's paws... Wait, directly shutting down the function? This operation is a bit rough Copying Ethereum's plan and still crashing, that's awkward Shutting down the function... is like covering one's ears while stealing a bell, right?

View OriginalReply0

rekt_but_vibing

· 2025-12-21 17:53

Enter a position first and then buy a ticket, this is the daily life of web3, haha.

View OriginalReply0

SerumSquirter

· 2025-12-21 17:52

This is a typical "land grabbing" mentality, rushing in as long as the performance is good, and dealing with problems later.

View OriginalReply0

ReverseTrendSister

· 2025-12-21 17:39

Enter a position first and then buy the ticket, this is the norm of web3... Performance optimization completely disregarding security and directly launching on Mainnet, it's a typical old trick.

View OriginalReply0

BearMarketHustler

· 2025-12-21 17:30

Uh... SOL is doing this again? Performance first, security second, this trick is getting old. --- Typical "launch first, aim later"; the ecosystem is just being experimented on. --- The key is they can boldly disable features; if it were me, I'd have gone bankrupt long ago. --- Jumping on the ETH scheme without thorough research before going to Mainnet, really daring. --- Only discovering vulnerabilities on the Mainnet... how insecure can one be? --- If you can't even handle DoS vulnerabilities, how can we talk about performance optimization? It's laughable. --- That's why I still prefer conservative chains; stable earnings without the hassle. --- Directly disabling features? It would be better not to boast about any performance innovation from the start. --- Deploying without proper cost assessment? This risk management is a bit ridiculous.

View OriginalReply0