Its Fondazione Solana Recently, a critical vulnerability-errors that focused on its privacy disclosed, which could have devastating consequences for the ecosystem. A question defined ZK Elgamal proof a program that was exclusively concerned confidential transfers Token-22 chips and did not affect it Standard SPLs none of the main logic Token-2012 Program.
Error Heart Solana Network: Null-Knowledge Evidence (ZKP)
The vulnerability was related to implementation Zkp (Evidence of Zero knowledge)A complex cryptographic method that allows the transaction to prove the validity of the transaction without sensitive data such as sums or addresses. This system is essential to ensure privacy in block circuit transactions, but this is where it was named here.
According to the foundation, the problem arose due to some absence algebraic components In the process of hassle Fiat-Shamir Transformation, the main step to non-interactive evidence. In practice, this error allowed a qualified attacker Create the evidence of the lies It is still accepted by the chain controller.
Possible consequences: infinite signs and illegal withdrawals
If it was used, this error could have allowed malicious actors generate an unlimited number of characters or Money to take out of other accounts without permission. Potentially catastrophic risk for the integrity of network and user confidence.
However, it is important to emphasize that the vulnerability was Discovered in time And there is no evidence that it has never been used. According to the Solana Foundation, all financial resources remain safeTo.
The first warning sign came in April 16thif Anza The security team published a message about Github's the evidence of the conceptTo. The warning mobilized engineers immediately Solana, Anza, Firedancer and Jito Development teams who checked the error and immediately began relief.
The next day, April 17initial patch It was distributed to an eliger operator, followed by another patch issued the same evening to solve the related topic in the second part of the code. Both corrections were reviewed by three independent security companies: Asymmetric studies, neodyme and otterseecTo.
Fast adoption and no impact on users
Thanks to the timely collaboration of different teams and leading the transparency April 18 Most of the validators had already applied the patches, drastically reducing the risk of exploitation.
Solana Foundation, in a/an Post -death published laterHe confirmed that there were no attacks or losing money. However, the incident highlighted the importance of constant monitoring and certain security infrastructure, especially in the case of advanced functions, such as confidential transfers.
Token-22: Upgrades close to exam
Token-22 represents the Solana ecosystem, one of the most ambitious innovations, offer Advanced Privacy Functions Through the use of quantities through encryption and ZKP. However, this very complexity has made it possible to introduce such sophisticated vulnerability.
The error did not affect the standard SPL marks, which are the most used format in the Solana network, nor did it damage the main logic of the Token-2012 program. This indicates that the problem was limited to a specific extension of the system, reducing the potential impact.
A lesson for the entire block chain sector
Episode denotes an alarm speech for the entire cryptocurrency sectorwhere the introduction of ever -developed technologies also requires a proportional level of security. At the same time, providing important advantages in privacy, introduces new technical challenges to deal with extreme care.
The rapid and coordinated response of the Solana Foundation and its partners shows how effective the administration of vulnerabilities can prevent significant damage and strengthen the confidence in the network.
Conclusion: advanced security and preserved confidence in solana ecosystem
Despite the potential severity of the discovered error, the Solana Foundation has shown a high reaction and transparency capacity, which is the key elements of community confidence.
Due to the cooperation of development teams and external security companies neutralized before it could be usedAnd the integrity of the network remained intact.
This episode emphasizes the importance of a preventive approach to security, especially in a constantly developing context like blockchain. Technology is progressing, but also threats: only those who can face their readiness and competence can provide a solid and safe future for the entire ecosystem.
