• Solana validators quickly patched a critical zero-day bug within just two days of discovery.
• Vulnerability impacted Token-22 confidential transfers, but no exploits were reported.
• Solana Foundation privately coordinated fix, sparking community concerns on centralization.

The Solana Foundation confirmed fixing a “zero-day” bug that gave attackers unlimited token minting capabilities and the ability to withdraw tokens from user accounts. The issue, discovered on April 16, was resolved within two days after validators rapidly deployed two critical patches across the network.

According to the Foundation’s May 3 post-mortem report, the bug affected the ZK ElGamal Proof program, which validates zero-knowledge proofs tied to confidential transfers in Token-2022, now called Token-22. The flaw emerged from missing algebraic components in the Fiat-Shamir Transformation, used for cryptographic randomness, making it possible to craft forged proofs.

Despite the seriousness of the vulnerability, the Solana Foundation reported no known exploit or loss of funds. The patches were implemented by a group of development teams, including Anza, Firedancer, and Jito, with supp…

The post Solana Fixes Critical Zero-Day Bug That Could Have Enabled Unlimited Token Theft appeared first on Coin Edition.

• Solana validators quickly patched a critical zero-day bug within just two days of discovery.
• Vulnerability impacted Token-22 confidential transfers, but no exploits were reported.
• Solana Foundation privately coordinated fix, sparking community concerns on centralization.

The Solana Foundation confirmed fixing a “zero-day” bug that gave attackers unlimited token minting capabilities and the ability to withdraw tokens from user accounts. The issue, discovered on April 16, was resolved within two days after validators rapidly deployed two critical patches across the network.

According to the Foundation’s May 3 post-mortem report, the bug affected the ZK ElGamal Proof program, which validates zero-knowledge proofs tied to confidential transfers in Token-2022, now called Token-22. The flaw emerged from missing algebraic components in the Fiat-Shamir Transformation, used for cryptographic randomness, making it possible to craft forged proofs.

Despite the seriousness of the vulnerability, the Solana Foundation reported no known exploit or loss of funds. The patches were implemented by a group of development teams, including Anza, Firedancer, and Jito, with supp…

The post Solana Fixes Critical Zero-Day Bug That Could Have Enabled Unlimited Token Theft appeared first on Coin Edition.