Solana devs fix bug that allowed unlimited minting of certain CEO

Solana devs fix bug that allowed unlimited minting of certain

CEO

The Solana Foundation has confirmed that a zero-day vulnerability that allowed an attacker to potentially mint certain tokens and even withdraw those tokens from user accounts has been fixed. 

A May 3 post-mortem from the Solana Foundation said that the security vulnerability, first discovered on April 16, could have allowed an attacker to forge an invalid proof affecting Solana’s privacy-enabling “Token-22 confidential tokens.”

There is no known exploit of the vulnerability, and Solana validators have since adopted the patched version, the foundation said.

Solana zero-day security bug affected Token-22 confidential tokens

The Solana Foundation said the security vulnerability concerned two programs: Token-2022 and ZK ElGamal Proof.

Token-2022 handles the main application logic for token mints and accounts, while ZK ElGamal Proof verifies the correctness of zero-knowledge proofs to show accurate account balances.

The foundation said certain algebraic components were omitted from the hash in the Fiat-Shamir Transformation's transcript generation, which specifies how provers create public randomness using a cryptographic hash function. 

The flaw could have enabled an attacker to exploit the unhashed components by crafting a forged proof that passes verification to mint and steal Token-22 confidential tokens.

Token-22 confidential tokens, or “Extension Tokens,” leverage zero-knowledge proofs for private transfers and aim to enable advanced token functionality. 

The vulnerability was first identified on April 16, and two patches were deployed to resolve the issues. A super majority of Solana validators adopted the patches around two days later.

Solana development firms Anza, Firedancer and Jito were the main parties behind the security patch, while Asymmetric Research, Neodyme and OtterSec also assisted.

The foundation confirmed that all funds remain safe.