Currencies34582
Market Cap$ 4.02T-3.22%
24h Spot Volume$ 104.36B+6.34%
DominanceBTC54.54%+1.23%ETH13.29%-3.00%
ETH Gas0.22 Gwei
Cryptorank

Solana Fixes Confidential Token Vulnerability, Sparks Centralization Debate


by Sharmistha Suman
for TheNewsCrypto

Solana Fixes Confidential Token Vulnerability, Sparks Centralization Debate

  • Solana Foundation fixes bug affecting Token-2022 and ZK ElGamal Proof that could have permitted unauthorized minting. 
  • Due to this bug, the attackers could have targeted the unhashed components by creating a fake identity that easily passes verification. 

The Solana Foundation has recently encountered a bug that allowed hackers to mint some tokens and even take those tokens from users’ accounts. However, the bug has been reportedly fixed now. 

The Foundation’s analysis reveals that the vulnerability was first found on April 16, and it could have permitted a hacker to proceed with an invalid proof affecting the privacy of the blockchain platform, permitting Token-22 confidential tokens. 

Also, it mentioned that no known exploit of the vulnerability has been reported, and since then, the validators of Solana have adopted the patched version. The bug primarily bothered two programs, Token-2022 and ZK ElGamal Proof. 

Token-2022 is responsible for managing the main app logic for token mints and accounts. On the other hand, ZK ElGamal Proof verified the accuracy of zero-knowledge proofs to show precise account balances. 

As per the foundation, some algebraic components were removed from the hash in the Fiat-Shamir Transformation’s transcript generation, which identifies the creation of public randomness using a cryptographic hash function. 

Due to this bug, the attackers could have targeted the unhashed components by creating a fake identity that easily passes verification to mint and steal Token-22 confidential tokens. To resolve this major issue, two patches were placed. 

The Centralization Scrutiny

A lot of Solana validators, including Anza, Firedancer, and Jit,o adopted the patches after two days of encountering the issue. Other firms such as Asymmetric Research, Neodyme, and OtterSec also facilitated it. 

The Foundation also noted that no funds have been tampered with and it is safe till now. Regardless of this, the validators have raised centralization concerns within the crypto community. One of them was a Curve Finance contributor who was concerned about the close relationship of the Foundation with Solana validators. 

It mentioned that the main issue is that everything was done privately, and now the bad actors already know that these channels exist, and it is a centralized point of failure in a decentralized system. 

Highlighted Crypto News Today:

Arizona Governor Blocks Bill to Hold Bitcoin in State Reserves

Read the article at TheNewsCrypto

Read More

Galaxy, Multicoin, and Jump Crypto Plan $1B Vehicle for a Publicly-Traded Solana Treasury

Galaxy, Multicoin, and Jump Crypto Plan $1B Vehicle for a Publicly-Traded Solana Treasury

Crypto heavyweights Galaxy Digital, Multicoin Capital, and Jump Crypto are reportedly...
SOL Breakout Battle: Can Bulls Push Solana Past $211 for a $222 Run?

SOL Breakout Battle: Can Bulls Push Solana Past $211 for a $222 Run?

Solana is currently trading around the $200 mark. SOL’s daily trading volume has sur...

Solana Fixes Confidential Token Vulnerability, Sparks Centralization Debate


by Sharmistha Suman
for TheNewsCrypto

Solana Fixes Confidential Token Vulnerability, Sparks Centralization Debate

  • Solana Foundation fixes bug affecting Token-2022 and ZK ElGamal Proof that could have permitted unauthorized minting. 
  • Due to this bug, the attackers could have targeted the unhashed components by creating a fake identity that easily passes verification. 

The Solana Foundation has recently encountered a bug that allowed hackers to mint some tokens and even take those tokens from users’ accounts. However, the bug has been reportedly fixed now. 

The Foundation’s analysis reveals that the vulnerability was first found on April 16, and it could have permitted a hacker to proceed with an invalid proof affecting the privacy of the blockchain platform, permitting Token-22 confidential tokens. 

Also, it mentioned that no known exploit of the vulnerability has been reported, and since then, the validators of Solana have adopted the patched version. The bug primarily bothered two programs, Token-2022 and ZK ElGamal Proof. 

Token-2022 is responsible for managing the main app logic for token mints and accounts. On the other hand, ZK ElGamal Proof verified the accuracy of zero-knowledge proofs to show precise account balances. 

As per the foundation, some algebraic components were removed from the hash in the Fiat-Shamir Transformation’s transcript generation, which identifies the creation of public randomness using a cryptographic hash function. 

Due to this bug, the attackers could have targeted the unhashed components by creating a fake identity that easily passes verification to mint and steal Token-22 confidential tokens. To resolve this major issue, two patches were placed. 

The Centralization Scrutiny

A lot of Solana validators, including Anza, Firedancer, and Jit,o adopted the patches after two days of encountering the issue. Other firms such as Asymmetric Research, Neodyme, and OtterSec also facilitated it. 

The Foundation also noted that no funds have been tampered with and it is safe till now. Regardless of this, the validators have raised centralization concerns within the crypto community. One of them was a Curve Finance contributor who was concerned about the close relationship of the Foundation with Solana validators. 

It mentioned that the main issue is that everything was done privately, and now the bad actors already know that these channels exist, and it is a centralized point of failure in a decentralized system. 

Highlighted Crypto News Today:

Arizona Governor Blocks Bill to Hold Bitcoin in State Reserves

Read the article at TheNewsCrypto

Read More

Galaxy, Multicoin, and Jump Crypto Plan $1B Vehicle for a Publicly-Traded Solana Treasury

Galaxy, Multicoin, and Jump Crypto Plan $1B Vehicle for a Publicly-Traded Solana Treasury

Crypto heavyweights Galaxy Digital, Multicoin Capital, and Jump Crypto are reportedly...
SOL Breakout Battle: Can Bulls Push Solana Past $211 for a $222 Run?

SOL Breakout Battle: Can Bulls Push Solana Past $211 for a $222 Run?

Solana is currently trading around the $200 mark. SOL’s daily trading volume has sur...