Pwning Blockchain for Fun and Profit: Exploiting an RCE Vulnerability in the Solana validator
Premiere: 4/17 10:10 - 10:40
Replays: 4/17 16:10 - 16:40, 4/17 22:10 - 22:40
While extensive research has been conducted on all kinds of smart contracts, analysis of the underlying
infrastructure powering blockchains remains relatively rare, despite its far greater impact. This talk
explores a RCE vulnerability in Solana's validator, discovered during its transition to a new runtime
optimization in version 1.16. We will delve into Solana’s architecture, its runtime VM, and the evolution of
its data storage model that led to this flaw. The bug enables attackers to compromise the blockchain
entirely, allowing actions like minting tokens, exfiltrating validator keys, and ultimately achieving RCE.
Attendees will gain technical insights into the vulnerability and its exploitation process, offering insights
and guidance for future researchers.
TOPIC / TRACK
CYBERSEC GLOBAL 2025: United as One
LEVEL
General General sessions explore new
cybersecurity knowledge and
non-technical topics, ideal for those with limited or no
prior cybersecurity knowledge.
SESSION TYPE
Live Stream Session
LANGUAGE
English
SUBTOPIC
Blockchain
Exploit of Vulnerability
Open Source Security
CYBERSEC 2025 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy 。