Safety First: Marinade is preparing an upgrade to its liquid staking smart contract
Learn more about the smart contract upgrade that Marinade has been working on
Marinade introduced the Solana network’s first liquid staking protocol in August 2021. That was back when Solana was in mainnet v1.6.20. So many releases since then have brought us to v1.16.16, with tremendous improvements to the performance of the network.
While Marinade’s existing liquid staking smart contract continues to function as intended, the core team determined this year that an upgrade would be required to capitalize on the latest advancements, which include being ready for upcoming updates that are planned.
Of course, as the Marinade stake pool holds the highest TVL of any protocol on Solana, great care must be taken to ensure the proper transition to the new contract, and the team has spent several months collaborating with top devs and auditors in the ecosystem to ensure the new code is rock solid (and as always, open sourced). During development, the team executed the same anchor checks and constraints as the previous version. It was further verified by executing both versions of the contract against the same network state and instructions and confirmed similar results in the performance.
This isn’t the first time the smart contract has been upgraded. At the end of 2021, Marinade posted a blog with details on its first smart contract upgrade and gave time for the community to review it and raise any flags.
Similarly this time around, Marinade wants to alert the community of the upcoming upgrade and share what’s coming, including the open-source code and an audit report from Neodyme. Sec3 was also able to fully review the code and has completed their audit without additional findings, but their report is not available yet and will be posted to the docs as soon as possible.
So let’s share why the work has been put into the smart contract update, what improvements will be achieved, and how it will be implemented:
Highlights in the new staking contract
Marinade wouldn’t upgrade the smart contract if it didn’t result in improved performance and security. Here are a few of the highlights of what’s to come:
Upgrade to Anchor v0.27: Marinade’s original contract is based on the framework of Anchor v.0.14, which was very new at the time. The new contract is based on the more recent version, Anchor v0.27. This version is not only easier for developers and auditors to read and understand, but it also has improved functionality and interoperability. Outside developers will be able to use Marinade’s open-source tools even more easily and integrate Marinade into their protocols using CPI calls. It’s a big win for Solana builders who want to integrate liquid staking!
Redelegate stake pool SOL without a cooldown: This update will be critical to the rebalancing of the stake pool as Solana rolls out new features soon. SPL Native Stake Program “redelegate” function will enable the ability for stake pools to redelegate stake to a validator without having to unstake first back to SOL. While Marinade prides itself on an auto-rebalancing scoring system, having to cool down unstakes from validators affects performance for everyone. The new redelegate instruction will enable Marinade to move stake between validators without any cooldown, thus creating a way more active rebalancing, allowing Marinade to react quickly to changes in validator performance, keeping the stake always in the most productive validators.
When this new feature is released by Solana, Marinade will be ready to capitalize on behalf of its stakers.
Emergency Pause: Over the years as there have been various exploits in crypto, Marinade has looked into additional precautions that could mitigate any unforeseen attacks on its operations. One of those additional measures is an “emergency pause” function that allows a security council to pause the contract and freeze deposits and withdrawals if suspicious activity is detected. This function can act as a circuit breaker in case a vulnerability in the contract is identified and protect the funds in the pool while giving time for a fix to be created and deployed.
Stake account withdrawals: The new contract introduces a new option for the way delayed unstakes can occur for mSOL. Currently, stakers who use delayed unstake for mSOL receive a “delayed unstake ticket and when the epoch is over, must return to the dApp to claim their SOL. In the new version, it will be possible to have the delayed unstake function create a deactivating stake account for the staker who can then claim it directly from their wallet when the epoch ends.
Security Audits of the smart contract
“Neodyme would like to emphasize the high quality of Marinade’s work. Marinade’s team always responded quickly and competent to findings of any kind. Their in-depth knowledge of liquid-staking programs was apparent during all stages of the cooperation, including excellent and crucial knowledge of Solana’s stake program. Evidently, Marinade invested significant effort and resources into their product’s security.” — Security Audit — Marinade Liquid Staking, Neodyme AG September 26, 2023
The new contract has already been audited twice by the well-known firms Sec3 and Neodyme. Sec3’s audit reported some minor issues that caused the team to go and refactor and resend to both auditors.
Marinade publishes all of its audits in full on the docs as they are available. You can read them all as they are added in the docs on the audits page. (Neodyme’s is live while Sec3’s will be added shortly)
Marinade is also committed to open-source development and has shared the new contract on its GitHub repo.
Bug Bounty: Marinade has had a bug bounty in place for over two years. Visit the Bug Bounty page in the docs for details.
Final steps for the contract upgrade
Starting on November 7, the ecosystem community multisig will begin signing the transaction needed to proceed with the upgrade.
Once 6/13 signatures have been obtained, the transaction can be executed and the contract upgraded with no impact on the performance of the pool regardless of the status of the epoch. Also note that Marinade Native is not affected by this contract upgrade because it only has access to delegate your native stake account, and does not interact with the liquid staking contract.
Marinade users don’t have to do anything. Everything will update automatically.
If you have questions about the upgrade, you can get in touch with a Chef.
View Marinade Github | Visit Discord | View all Marinade contracts and addresses |