Solana devs fix bug that allowed unlimited minting of certain tokens
The Solana Foundation has addressed a zero-day vulnerability that could have allowed token minting and withdrawals from user accounts. Discovered on April 16, the flaw affected Token-22 confidential tokens and involved issues with the Fiat-Shamir Transformation's hash generation. No exploits were reported, and validators adopted patches shortly after the discovery. The vulnerability involved two programs: Token-2022 and ZK ElGamal Proof. Concerns about centralization arose due to the foundation's handling of the issue, with some community members questioning the relationship between the foundation and validators. Solana Labs CEO Anatoly Yakovenko defended the coordination, comparing it to Ethereum's situation. Ethereum community member Ryan Berckmans argued that Ethereum's client diversity mitigates centralization risks, contrasting it with Solana's reliance on a single client. Solana plans to introduce a new client, Firedancer, to enhance network resilience.
