Solana Patches Bug That Could Have Allowed Attackers to Mint and Swipe Tokens
Solana network validators implemented a patch to fix a critical vulnerability in the ZK ElGamal Proof program, which could have allowed unlimited minting or withdrawal of Token-22 confidential tokens. The issue was identified on April 16 and addressed by a supermajority of validators by April 18, ensuring no funds were at risk. The vulnerability stemmed from missing algebraic components in a hash used for the Fiat-Shamir Transformation, enabling potential exploitation through forged proofs. Despite the swift resolution, the Solana Foundation faced criticism for the private nature of the upgrade before public disclosure. Some community members expressed concerns over centralization, while others defended the necessity of discreet bug fixes, citing similar practices in other blockchain ecosystems. Solana has 1,279 validators currently.
