Stakeholder Communication
Solana projects have unusual stakeholders: token holders, Discord moderators, audit firms, and RPC vendors - not only executives and customers. Clear communication under stress preserves trust when transactions fail or incidents hit.
Recipe
Quick-reference recipe card - copy-paste ready.
## Status update template
**Status:** Investigating / Mitigating / Resolved
**User impact:** Deposits paused; funds in vault not affected (as of 14:02 UTC)
**Actions taken:** Pause tx `3Fm...`; engineering on patch
**Next update:** 30 minutes or when status changes
**Unknown:** Root cause under analysisWhen to reach for this:
- Weekly exec or investor update
- Incident bridge comms
- Audit finding remediation status
- Launch delay announcement
- Tokenomics parameter change explanation
Working Example
## Exec email (launch delay)
Subject: Mainnet lending delayed 2 weeks - audit finding
**Decision:** Move launch from Aug 1 to Aug 15.
**Why:** Auditor AF-7 (CPI reentrancy) requires code change + re-review.
User funds are not at risk - we have not deployed to mainnet.
**Trade-off:** Marketing campaign paused; community AMA Thursday.
**Ask:** Approve audit re-engagement budget $X.Community Discord shorter version:
Update: Mainnet launch moved to ~Aug 15 while we fix an audit item on withdraw safety.
Devnet unchanged. AMA Thu 2pm UTC. No user funds on mainnet yet.
What this demonstrates:
- Exec detail vs community brevity same facts
- No false precision on root cause during investigation
- Explicit trade-offs and asks
Deep Dive
Stakeholder Matrix
| Stakeholder | Cares about | Channel | Cadence |
|---|---|---|---|
| Exec / board | Risk, dates, $ | Weekly | |
| Community | Launch, token utility | Discord/X | As needed |
| Auditors | Diffs, repro, scope | Secure share | Per finding |
| Legal | Regulatory, disclosure | Counsel | Incidents |
| RPC vendor | Traffic, incidents | Slack/TAM | Outages |
Bad News Rules
- Disclose impact before internal blame
- Do not promise compensation before policy review
- Separate "paused" from "exploited" until confirmed
Gotchas
- Engineering jargon to community - "CPI reentrancy" without plain impact. Fix: "Withdraw safety bug" + user action.
- Multiple voices in incident - Contradictory timelines. Fix: Single incident commander approves posts.
- Over-sharing exploit recipe - Copycat attacks. Fix: High-level until patch live.
- Silent auditor ping - Firm escalates to exec. Fix: Weekly audit status in shared tracker.
- Token price talk by engineers - Legal and distraction risk. Fix: Redirect to product/comms.
Alternatives
| Alternative | Use When | Don't Use When |
|---|---|---|
| Public post-mortem | DeFi transparency norms | Active law enforcement investigation |
| Office hours AMA | Community anxiety high | Sev-1 first hour |
| Status page | SaaS + dApp hybrid | Discord-only community |
FAQs
Update frequency in incident?
30 min or on state change until mitigated; then daily until RCA.
Who talks to press?
Designated comms lead only; engineers do not ad-hoc tweet.
Token holder telegram?
Same facts as Discord; watch for scam impersonators during incidents.
Auditor secure channel?
Encrypted zip of repro + branch name; never public GitHub issue for exploit.
Partial outage wording?
"Withdrawals delayed; balances readable" - specific user experience.
Good news sharing?
Verifiable deploy hash + audit completion - credibility matters.
Disagree with PM messaging?
Escalate privately before public post; unified voice outward.
International community?
Translate key incident posts; English technical post-mortem canonical.
VC diligence?
DORA, audit status, incident history - factual deck appendix.
After resolved?
Resolved post + post-mortem link within 72h for Sev-1.
Related
- Blameless Post-Mortems & RCA - post-incident doc
- On-Chain Incident Response - internal playbook
- Estimation & Risk - honest timelines
Stack versions: This page was written for Agave 4.1.1, Solana CLI 3.0.10, Anchor 0.32.1, anchor-lang 0.32.1, Rust 1.91.1, @solana/kit 7.0.0, Surfpool 0.12.0, and LiteSVM 0.6.x.