Lightspeed Newsletter: Solana’s new client is opening up a bug bounty

Plus, Multicoin Capital’s SOL donation match for the Sentinel Action Fund


CryptoFX/Shutterstock modified by Blockworks


Today, enjoy the Lightspeed newsletter on Tomorrow, get the news delivered directly to your inbox. Subscribe to the Lightspeed newsletter.


The Solana ETF bandwagon moved a bit further down the road yesterday, as Cboe filed 19b-4s to list and trade VanEck and 21Shares’ proposed ETFs. Prolific ETF poster Nate Geraci said the “decision clock starts ticking” once the SEC acknowledges the filings. 

But we’re all about the tech over at Lightspeed, so let’s pop the hood open for a minute:

Firedancer looks to put out fires

For the first time in some time, we got news about Firedancer this week. The Jump Crypto-created Solana validator client — boasted of as lightning-fast — is running a $1 million bug bounty program through Immunefi from tomorrow until late August.

That’s notable because debugging only seems useful for far-along code, and Firedancer comes up repeatedly whenever I ask someone on the technical side of Solana why they’re bullish on the network. 

The bug bounty — which offers money to anyone who finds flaws in Firedancer v0.1 — will ask participants to trawl over roughly 200,000 lines of new code, Immunefi CEO Mitchell Amador told me. Amador said since the codebase is “memory-unsafe,” he expects bug bounty searchers to find some “denial of service conditions.” He added that participants should test the durability of Firedancer’s security.

Solana’s blockchain is created and secured by validators, and these validators run software clients, which are versions of the Solana program. Currently, Solana’s two clients are the original Solana Labs-created client, named Agave, as well as Jito-Solana, which is a fork of the Labs code with some MEV modifications created by Jito.

Ideally, you’d have even more clients: As I’ve written before, clients being forced to compete for validators could incentivize client upgrades to stay faithful to validators’ wishes — and give validators who don’t like choices made by their client’s developers alternative options. 

Firedancer is written from scratch in a different programming language from Agave and Jito-Solana, which could also make Solana harder to attack, Jump claims.

Eschewing the Bisquick method of client-building has created quite the workload for Jump though: The codebase has seen nearly-constant updates since July of 2022, according to the client’s GitHub. Today, only a pared-down version of Firedancer, named Frankendancer, is available on testnet — and that’s the subject of the Immunefi bug bounty. Frankendancer uses some Firedancer components alongside Agave’s code for execution and consensus.

Agave uses the Rust programming language, while Firedancer is being written in C, which is tougher to use but offers more fine-grained control over the code. Interestingly, Solana co-founder Anatoly Yakovenko has said he started building Solana in C but switched to Rust because he didn’t have the resources to build the blockchain from scratch at the time. 

Some of the apparent difficulties with creating the client from scratch are implementing the QUIC network protocol — which is essentially a set of rules for how data gets passed around on Solana — and matching the Solana runtime, which is Solana’s concurrent transaction processor. 

Solana boosters will hope the bug bounty is a harbinger of more concrete news to come. For some time, Firedancer has been held up as the coming Death Star that could do things like push Solana to one million TPS. With the bug bounty — and apparent external audits — these claims are getting closer to the real world. 

And for bug searchers, those 200,000 lines of code await.

“Goodbye grass,” one Immunefi Discord member wrote of the contest.

Jack Kubinec

Zero In 

Rebuilding a blockchain client from scratch takes a lot of work, it turns out.

This chart from Firedancer’s GitHub tells a pretty notable story: There have been thousands of weekly additions and deletions from the client’s code almost constantly since mid-2022. Two years in, the number of contributions to Firedancer’s code is near an all-time high.

For anyone keeping nerd score at home, the leading contributor to Firedancer is Richard Patel, who has made 892 code commits and over 200,000 additions. I’m hoping he’s developed a good wrist-stretching regimen, at least.

Jack Kubinec

The Pulse

Last week, Multicoin Capital announced it would match up to $1 million in SOL donations to the Sentinel Action Fund over ten days (with a little under a week remaining). The Sentinel Action Fund backs conservative candidates who claim to support crypto innovation. 

By matching donations, Multicoin aims to double the impact of contributions, mobilizing significant financial support for pro-crypto campaigns.

Many in the crypto community, including figures like Dan Spuller of the Blockchain Association, praised Multicoin’s leadership for “stepping up for this fall’s elections’.’ Other positive reactions include @DremeaKal, who tweeted, “Fighting the good fight cheers.” @MH3NFT shared, “Excited for this,” and @TopoGigio_sol commented, “That’s an incredible initiative.” @kanth added, “Thank you for doing this. You are helping the entire community. We are grateful.”

Detractors made their positions strongly known as well. @SilvermanJacob criticized the initiative and those choosing to be single-issue voters, “because some billionaire tech execs got Trump to say ‘crypto good.'” He also pointed out that Multicoin is supporting candidates who some voters believe are of questionable character, adding “Look who they’re supporting: Insane Bernie Moreno and the former SEAL who keeps lying about shooting himself.”

Indeed, Bernie Moreno faced accusations of shredding evidence in a wage theft lawsuit, which court records confirmed. The former Navy SEAL mentioned by Silverman is Tim Sheehy, a Republican candidate for the US Senate in Montana who admitted that a gunshot wound he said came from military service was actually the result of an accidental discharge.

The Sentinel Action Fund’s connection to Senator Cynthia Lummis, a vocal crypto advocate, has also raised eyebrows in the past. Lummis has faced criticism for her ties to venture capitalists and wealthy crypto investors, leading some to question her motivations and the ethics of her support.

For crypto’s single-issue voters, the challenge now lies in balancing the industry’s needs with the controversies surrounding some of its political advocates. Whichever way the die is cast, the decisions made in these Congressional races will have lasting implications for the US crypto industry.

Jeffrey Albus

One Good DM

A message from @metaproph3t, founder of MetaDAO:

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.


Upcoming Events

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Research Report Templates.png


ZKPs enable efficient offchain transaction processing and validation, resulting in increased throughput and reduced fees. Solana's ZK Compression leverages ZKPs to minimize onchain storage costs, while Sui's zkLogin streamlines user onboarding by replacing complex key management with familiar OAuth credentials.


North Korea suspected in breach of Indian exchange’s multisig wallet


Plus, Sanctum’s CLOUD token has officially launched — but not without problems


It’s not yet clear whether Donald Trump is pumping bitcoin. But an unofficial memecoin is still seeing benefit.


StarkWare takes a step towards making StarkNet for Bitcoin


The numbers point to one conclusion: Risk is back, or at least it was during the first half of the year