Recently, Solana faced a serious issue. A vulnerability was discovered in the security system that allowed attackers to mint an unlimited number of tokens or even withdraw tokens from other users' accounts without permission.
However, after the bug was fixed, investors criticized Solana. Let's look at the reasons behind this controversy.
Solana quietly fixes the vulnerability: Hero or Controller?
Solana recently published a report revealing a vulnerability in its ZK ElGamal Proof program. This native program verifies the correctness of complex zero-knowledge proofs, ensuring that encrypted balances on accounts and transactions are legitimate. The bug affected tokens using the Token-2022 standard.
The vulnerability allowed attackers to deceive the system. It made the system believe that illegal actions, such as minting an unlimited number of tokens or withdrawing from other people's wallets, were legitimate. In other words, if it had gone unnoticed, attackers could print infinite money or steal digital assets without detection.
«This vulnerability only affects confidential tokens Token-22 and allows an attacker to perform unauthorized actions, such as minting an unlimited number of tokens or withdrawing tokens from any account,» said Solana.
Fortunately, Solana quickly fixed the issue. They updated the software and retested it with teams from security research, such as Asymmetric Research, Neodyme, and OtterSec. Most importantly, there were no reports of exploitation of the vulnerability before it was patched.
Why is the community criticizing Solana?
While Solana acted quickly, its approach to the situation has drawn mixed reactions.
A developer named intern Fede from LambdaClass defended Solana. He claimed that those who criticize the platform do not understand the technology. He also stated that the reaction would likely have been the same if a similar incident occurred on Ethereum or Bitcoin.
In 2018, the Bitcoin network faced a severe inflation bug. Developers from Bitcoin Core had to quietly contact mining pools to fix the problem before informing the public.
However, many expressed concerns about Solana's transparency and decentralization.
For example, investor Clouted expressed concern about the secret fix. Solana applied the fix quietly and only later disclosed it. This raised concerns that if validators can privately coordinate to fix bugs, they could also collude to censor transactions or alter blockchain data — something a decentralized system should not allow.
«Am I hearing this right? There was a zero-day on the Solana mainnet, and over 70% of validators privately colluded to update and fix a critical bug before it was made public,» Clouted said.
Another user also expressed concern about a 'collusion' of validators for secretly updating the system. These comments reflect broader community concerns that Solana may be operating more centrally than users expect from a blockchain.
This vulnerability is a wake-up call — not just for Solana, but for the entire blockchain industry. While the issue was resolved promptly, it highlights the ongoing challenge of balancing security, transparency, and decentralization.#BinanceSquare #Write2Earn #Squar2earn #solana #Binance $SOL
