According to PANews, the Solana Foundation has announced the successful resolution of a critical zero-day vulnerability affecting the confidential transfer feature on its network. Discovered on April 16, the foundation swiftly coordinated with validators to update the network, completing the fix within two days.
The vulnerability was linked to the ZK proof system used for verifying confidential transfers of Token-2022 standard tokens. If exploited, attackers could theoretically forge proofs to mint unlimited amounts of specific tokens or steal them from user accounts.
The Solana Foundation chose not to disclose the vulnerability until the fix was implemented to ensure security. There is currently no evidence that the vulnerability was exploited, and all user funds remain secure. The foundation also noted that while the confidential transfer feature has been available for some time, its adoption rate is currently low.
