Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Agave and Jito are Solana validator clients. Solana executes eBPF bytecode from an ELF file when being executed.

The development toolchain aligns the ELF program. During the ELF sanitization process for uploads, there is no alignment check. When calling CALL_REG opcode, it assumes a jump aligned to an instruction boundary. However, with the misaligned code, it causes the VM to jump to an invalid address, crashing the node.

This vulnerability could be exploited by an attacker who writes a program that executes the CALL_REG opcode, manipulates the programs ELF file to misalign its .text section and finally deploys and invokes this program on the solana network normally.

To deploy the patch, a super majority of the network is needed. Core contributors privately contacted large validators with the patched code. Once the network was safe, the updated code was put on Github.

The article was okay. I wish more code snippets and explanations on how the VM works.