The Stellar Development Foundation disclosed a bug in Soroban Live State Prioritization (introduced in Protocol 23) that corrupted 478 data entries starting September 4, 2025. The issue was in the eviction mechanism that moved outdated versions of persistent entries to hot-archive storage instead of the latest versions, affecting network data consistency.
On October 9, 2025, the Stellar Development Foundation identified a critical bug in the Soroban Live State Prioritization feature introduced in Whisk Protocol 23. The bug occurred during the eviction process—when the network moves infrequently-used data from live state to hot-archive storage—causing it to archive outdated versions of persistent entries instead of the latest ones. This corruption began on September 4 and went undetected for 35 days, affecting 478 data entries. The Foundation contained the issue by October 10 and deployed fixes by October 23. While most corrupted entries were repaired, 84 remained corrupted requiring protocol and issuer mitigations. The root cause traced back to a performance optimization in April 2024 that removed version checks, which became problematic when persistent eviction was implemented in June 2025. SDF outlined lessons learned and committed to improvements in monitoring, validator coordination, code quality standards, testing rigor, and security audit collaboration.
