DeFi Daily News
Sunday, June 29, 2025
Advertisement
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos
No Result
View All Result
DeFi Daily News
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos
No Result
View All Result
DeFi Daily News
No Result
View All Result
Home DeFi Web 3

rewrite this title Solana Patches Bug That Could Have Allowed Attackers to Mint and Swipe Tokens – Decrypt

Logan Hitchcock by Logan Hitchcock
May 5, 2025
in Web 3
0 0
0
rewrite this title Solana Patches Bug That Could Have Allowed Attackers to Mint and Swipe Tokens – Decrypt
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on Telegram
Listen to this article


rewrite this content using a minimum of 1000 words and keep HTML tags

In brief

Solana engineers patched a bug that affected Token-22 confidential tokens.
If exploited, an attacker could have minted unlimited quantities of tokens and withdrawn them from accounts.
The bug was patched quietly ahead of public disclosure, generating social media debate.

Solana network validators narrowly avoided catastrophe, rolling out a patch that killed a bug in a program that could have allowed exploiters to mint certain tokens in unlimited quantities—or withdraw them from any account. 

The vulnerability, which would have only affected Token-22 confidential tokens, was found in the ZK ElGamal Proof program, which certifies encrypted balances and verifies the accuracy of zero-knowledge proofs. 

“In the on-chain ZK ElGamal Proof program, some algebraic components were not included in a hash used to generate a transcript for the Fiat-Shamir Transformation,” a postmortem report from the Solana Foundation reads. “A sophisticated attacker could use these unhashed components to develop a forged proof of an unauthorized action that passes verification.”

In other words, an exploiter could have used the forged proof to mint unlimited quantities of Token-22 confidential tokens or withdraw them from accounts. 

The potential vulnerability was first reported to Anza Github Security Advisory on April 16 with a patch rolled out to validators directly the following day after evaluation and confirmation of the vulnerability from engineers at Anza, Firedancer, and Jito.



Anza is a Solana development shop comprised of former Solana Labs employees, while Jito is a noted infrastructure firm in the ecosystem. Firedancer is a Solana validator client in development from Jump Crypto.

Security firms Asymmetric Research, Neodyme, and OtterSec were also pulled in to provide support and review the patch. 

By the afternoon of April 18, a supermajority of validator operators adopted a fix, which included a second patch that was used to address a similar issue in another part of the codebase. With a patch now adopted, no funds are at risk and no known exploits of the vulnerability have been discovered.

Though the patch was quickly addressed and no funds are known to be exploited, the Solana Foundation faced some criticism across social media. Some users called out the behind-the-scenes upgrade, which took place two weeks before the Foundation addressed it publicly via the postmortem. 

“Am I hearing this right? There was a zero-day on Solana mainnet and >70% of the validators privately colluded to upgrade and patch the critical bug before it was even made public,” posted one pseudonymous Ethereum ecosystem developer on X (formerly Twitter).

The post drew pushback from notable Solana devs and Solana co-founder Anatoly Yakovenko in the process. Even longtime Ethereum developer Hudson Jameson weighed in, saying this approach was typical and necessary for fixing issues.

This is totally fine. Bitcoin, Zcash, and Ethereum have all had instances where the core devs needed to privately plan a secret bug fix. A good chain culture means having mature devs who can accomplish stealth fixes. https://t.co/ffKDqshki6 pic.twitter.com/DA8pENn08D

— Hudson Jameson (@hudsonjameson) May 5, 2025

“This is totally fine,” said Jameson on X. “Bitcoin, Zcash, and Ethereum have all had instances where the core devs needed to privately plan a secret bug fix. A good chain culture means having mature devs who can accomplish stealth fixes.”

“I was involved in distributing this patch to validators before it was released publicly,” said Tim Garcia, validator relations lead at the Solana Foundation. “I’m happy to hear suggestions on a better process. Unfortunately, doing the distribution in public before sufficient adoption is a non-starter.”

This is hardly the first time that Solana has faced centralization critiques; notably, last October, famed whistleblower Edward Snowden called out the layer-1 blockchain over centralization. Solana ecosystem leaders pushed back, with Yakovenko saying, “As usual, Solana is decentralized only by objectively measurable metrics, and centralized across all the other ones.”

Solana currently boasts 1,279 validators, according to its website. 

Edited by Andrew Hayward

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.

and include conclusion section that’s entertaining to read. do not include the title. Add a hyperlink to this website http://defi-daily.com and label it “DeFi Daily News” for more trending news articles like this



Source link

Tags: AllowedAttackersbugDecryptMintPatchesrewriteSolanaswipetitletokens
ShareTweetShare
Previous Post

rewrite this title Here’s your first look at Live for Google AI Mode (APK teardown)

Next Post

rewrite this title Best USB-C monitors 2025: These displays have a hidden talent

Next Post
rewrite this title Best USB-C monitors 2025: These displays have a hidden talent

rewrite this title Best USB-C monitors 2025: These displays have a hidden talent

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Search

No Result
View All Result
  • Trending
  • Comments
  • Latest
rewrite this title SEI Leads Crypto Market With 43% Weekly Surge – alt=

rewrite this title SEI Leads Crypto Market With 43% Weekly Surge – $0.5 Reclaim In The Horizon?

June 28, 2025
rewrite this title with good SEO Bitcoin Could Explode On Bessent’s 0 Billion Deregulation Shock

rewrite this title with good SEO Bitcoin Could Explode On Bessent’s $250 Billion Deregulation Shock

May 28, 2025
Configuring Web3j for Android Development

Configuring Web3j for Android Development

July 24, 2024
Boeing machinists refuse latest offer, prolonging bruising six-week strike

Boeing machinists refuse latest offer, prolonging bruising six-week strike

October 23, 2024
They’re Going ALL IN on Crypto: This is What Wall St is Buying!

They’re Going ALL IN on Crypto: This is What Wall St is Buying!

June 25, 2025
Changelly Collaborates with BRLA Digital and Announces Zero-Fee Campaign – Cryptocurrency Insights & Trading Guidance on Changelly’s Blog

Changelly Collaborates with BRLA Digital and Announces Zero-Fee Campaign – Cryptocurrency Insights & Trading Guidance on Changelly’s Blog

July 25, 2024
rewrite this title The 6 Doomsday Scenarios That Keep AI Experts Up at Night – Decrypt

rewrite this title The 6 Doomsday Scenarios That Keep AI Experts Up at Night – Decrypt

June 29, 2025
rewrite this title LeBron James exercises 2025-26 player option

rewrite this title LeBron James exercises 2025-26 player option

June 29, 2025
rewrite this title U.S. Border Control Issues Major 'Warning' for July 4

rewrite this title U.S. Border Control Issues Major 'Warning' for July 4

June 29, 2025
rewrite this title with good SEO Bitcoin Bears Are Taking Fresh Market Positions, But Are They Safe?

rewrite this title with good SEO Bitcoin Bears Are Taking Fresh Market Positions, But Are They Safe?

June 29, 2025
rewrite this title ARDC: 9% Yield On Fixed Income (NYSE:ARDC)

rewrite this title ARDC: 9% Yield On Fixed Income (NYSE:ARDC)

June 29, 2025
rewrite this title US entrepreneur Hayden Davis testifies in LIBRA case in New York as legal proceedings advance

rewrite this title US entrepreneur Hayden Davis testifies in LIBRA case in New York as legal proceedings advance

June 29, 2025
DeFi Daily

Stay updated with DeFi Daily, your trusted source for the latest news, insights, and analysis in finance and cryptocurrency. Explore breaking news, expert analysis, market data, and educational resources to navigate the world of decentralized finance.

  • About Us
  • Blogs
  • DeFi-IRA | Learn More.
  • Advertise with Us
  • Disclaimer
  • Privacy Policy
  • DMCA
  • Cookie Privacy Policy
  • Terms and Conditions
  • Contact us

Copyright © 2024 Defi Daily.
Defi Daily is not responsible for the content of external sites.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos

Copyright © 2024 Defi Daily.
Defi Daily is not responsible for the content of external sites.