avatar

Solana validators patch zero-day bug that could have led to unlimited minting of certain tokens

Solana validators patch zero-day bug that could have led to unlimited minting of certain tokens

Reported by The Block: The Solana Foundation announced that a recent zero-day vulnerability affecting confidential transfers on Solana has been patched after validators coordinated a network update.

The bug, which was discovered on April 16 and fixed within two days, could have given an attacker unlimited control over certain Solana tokens.

A recent "zero-day" vulnerability affecting certain tokens on the Solana blockchain was patched after the Solana Foundation, which stewards the network, privately organized validators to deploy a critical fix.

According to the Foundation's post-mortem, the vulnerability was first identified on April 16, and was fully patched two days later following two fixes deployed to the network by a majority of Solana's validators. The validators were privately organized by the Solana Foundation, which did not seek to publicize the vulnerability before a fix could be made.

The severe vulnerability affected the ZK ElGamal Proof program, the system which verifies zero-knowledge proofs that power confidential transfers of certain tokens that follow Solana's Token-2022 standard. An attacker could have theoretically minted an unlimited number of tokens or stolen tokens from any user's account using sophisticated forged proofs.

Though the confidential transfers feature has been supported on Solana since October 2023, the feature has seen little adoption. Though some reports indicate Paxos' USDP stablecoin leverages the feature, Paxos denied the reports in a statement to The Block. "Confidential transfers are currently not live on any Paxos-issued stablecoins," a spokesperson said. "Therefore this Solana patch did not impact Paxos nor its products."

"All funds are safe, and there is no known exploit of the potential vulnerability," the Foundation's post states. It is currently unclear who initially flagged the vulnerability and whether or not they will be entitled to a bug bounty; the Solana Foundation could not be immediately reached for comment.

Solana co-founder Anatoly Yakovenko defended the Foundation's efforts to coordinate the upgrade from critics on X. "It’s the same people to get to 70% [consensus] on ethereum," Yakovenko said. "All the lido validators (chorus one, p2p, etc..) binance, coinbase, and kraken."

Source

Solana

Related News
Canada to launch spot Solana ETFs this week: report Canada to launch spot Solana ETFs this week: report
Solana's key SIMD-228 proposal fails to pass validator vote, token emissions unchanged Solana's key SIMD-228 proposal fails to pass validator vote, token emissions unchanged
Transaction fees generated on Solana network fall to lowest weekly amount since September Transaction fees generated on Solana network fall to lowest weekly amount since September
Chainalysis expands Solana coverage to include Pump.fun memecoins Chainalysis expands Solana coverage to include Pump.fun memecoins
Solana climbs above $200, bitcoin hits new high amid extended post-election rally Solana climbs above $200, bitcoin hits new high amid extended post-election rally
Latest News More More
Ethereum developers activate Pectra upgrade with 11 changes to improve UX, validator ops and Layer 2 scaling
22 Hours Ago Riot Platforms sells mined bitcoin for first time since January 2024, nets $38.8 million
April 29 Circle secures in-principle approval to operate as money services provider in Abu Dhabi
April 29 Mastercard moves to integrate stablecoins into global payments network
April 28 Bitget will legally pursue 8 accounts suspected of profiting $20 million from VOXEL trading manipulation

About TokenInsight

Services

Products

Support

Google Play
Google Play
Google Play
2018 – 2023 © TokenInsight Ltd. All rights reserved
Disclaimer Terms of Service Privacy Policy
delate
Use TokenInsight App All Crypto Insights Are In Your Hands
Open