Exactly. OP certainly is talented and did a great job up there. However, Solana is simply too important to fail like this. Literally billions of dollars are on stake, and running a fuzzer for 2 days should NOT be this much impactful. It would not be this absurd if OP had to spend much more time and effort than this.

In other words, Solana should have adopted advanced security measures far before this happened. Using BPF requires a compiler toolchain and VM, which are sophisticated by nature. There's no security-by-correctness here, so one should fallback to the next line of defense - practical correctness by stress test - where fuzzer becomes a necessity. There have to be various fuzzers running regularly somewhere in Solana.

Also, one should note that how Solana uses BPF is well outside the original intention of BPF, which is mainly used deep inside system. BPF in system has much smaller attack surface, much easier recovery scenario, and relatively smaller impact upon failure. When it comes to Solana, BPF is wide open to the wild, a faulty BPF program can cause a lot of damage, which are often (or mostly) irreversible. That mean Solana has to be the one who perform extensive researches on BPF. No one else needs to harden BPF to the level that Solana needs it to be.