Solana 基金会披露 ZK ElGamal 第二个漏洞并禁用隐私转账

Binance News · 2025-06-27T01:17:05.000Z

据吴说报道，Solana 基金会披露 ZK ElGamal Proof 原生程序出现第二个零知识验证漏洞。安全研究员 suneal_eth 于 6 月 10 日报告漏洞，工程团队确认可伪造隐私转账证明。 6 月 11 日，团队通过多签升级 Token-2022 程序，禁用 Confidential Transfers。官方呼吁验证节点升级 Agave / Jito-Solana v2.2.16 或 Firedancer v0.505.20216，并在主网 epoch 805 激活特性开关，彻底关闭 ZK ElGamal 程序。官方强调链上尚无隐私转账规模化使用，暂无资金受损记录。基金会表示，重新启用隐私转账需待审计完成并发布安全版程序后再行激活。常规 SPL 代币和普通交易不受影响。

According to reports from Wu, the Solana Foundation disclosed a second zero-knowledge proof vulnerability in the ZK ElGamal Proof native program. Security researcher suneal_eth reported the vulnerability on June 10, and the engineering team confirmed the ability to forge privacy transfer proofs.
On June 11, the team upgraded the Token-2022 program through a multi-signature, disabling Confidential Transfers. The official call is for validator nodes to upgrade to Agave / Jito-Solana v2.2.16 or Firedancer v0.505.20216, and to activate the feature switch in mainnet epoch 805, completely shutting down the ZK ElGamal program.
The official emphasized that there is currently no large-scale use of privacy transfers on-chain, and there are no records of lost funds. The foundation stated that re-enabling privacy transfers will wait until the audit is completed and a secure version of the program is released before activation. Regular SPL tokens and ordinary transactions are not affected.

Solana Foundation Discloses Second Vulnerability in ZK ElGamal and Disables Privacy Transfers

Latest News