PANews reported on May 5 that the Solana Foundation announced a serious 'zero-day' vulnerability affecting the confidential transfer feature on its network has been successfully fixed. The vulnerability was discovered on April 16, and the foundation immediately organized validators to coordinate a network update, completing the fix within two days.
This vulnerability involves the ZK proof system used to verify confidential transfers of Token-2022 standard tokens. If exploited, an attacker could theoretically forge proofs to mint an unlimited number of specific tokens or steal these tokens from user accounts.
The Solana Foundation stated that this vulnerability was not disclosed before the fix to ensure safety. There is currently no evidence that the vulnerability has been exploited, and all user funds are safe. It also pointed out that although the confidential transfer feature has been online for some time, its adoption rate is currently low.
