• Solana Foundation fixes bug affecting Token-2022 and ZK ElGamal Proof that could have permitted unauthorized minting. 
  • Due to this bug, the attackers could have targeted the unhashed components by creating a fake identity that easily passes verification. 

The Solana Foundation has recently encountered a bug that allowed hackers to mint some tokens and even take those tokens from users’ accounts. However, the bug has been reportedly fixed now. 

The Foundation’s analysis reveals that the vulnerability was first found on April 16, and it could have permitted a hacker to proceed with an invalid proof affecting the privacy of the blockchain platform, permitting Token-22 confidential tokens. 

Also, it mentioned that no known exploit of the vulnerability has been reported, and since then, the validators of Solana have adopted the patched version. The bug primarily bothered two programs, Token-2022 and ZK ElGamal Proof. 

Token-2022 is responsible for managing the main app logic for token mints and accounts. On the other hand, ZK ElGamal Proof verified the accuracy of zero-knowledge proofs to show precise account balances. 

As per the foundation, some algebraic components were removed from the hash in the Fiat-Shamir Transformation’s transcript generation, which identifies the creation of public randomness using a cryptographic hash function. 

Due to this bug, the attackers could have targeted the unhashed components by creating a fake identity that easily passes verification to mint and steal Token-22 confidential tokens. To resolve this major issue, two patches were placed. 

The Centralization Scrutiny

A lot of Solana validators, including Anza, Firedancer, and Jit,o adopted the patches after two days of encountering the issue. Other firms such as Asymmetric Research, Neodyme, and OtterSec also facilitated it. 

The Foundation also noted that no funds have been tampered with and it is safe till now. Regardless of this, the validators have raised centralization concerns within the crypto community. One of them was a Curve Finance contributor who was concerned about the close relationship of the Foundation with Solana validators. 

It mentioned that the main issue is that everything was done privately, and now the bad actors already know that these channels exist, and it is a centralized point of failure in a decentralized system. 

Highlighted Crypto News Today:

Arizona Governor Blocks Bill to Hold Bitcoin in State Reserves