Solana on high alert, a critical flaw discovered that could have allowed the forgery and theft of tokens
The Foundation #solana has revealed the detection and mitigation of a previously unknown vulnerability within its privacy-centric token system.
This security flaw, which resided in the ZK ElGamal Proof program, could have allowed malicious attackers to forge zero-knowledge proofs (ZKP), which in turn could have enabled unauthorized minting or withdrawal of private Token-22 tokens from Solana.
The vulnerability was initially reported on April 16 through Anza's security notice on GitHub, accompanied by a functional proof of concept.
Engineers from the development teams of Solana, Anza, Firedancer, and Jito worked together to verify the error and develop a solution immediately.
The vulnerability did not affect standard SPL tokens or the main logic of the Token-2022 program.
There are no indications that the error was exploited and all funds remain secure, according to the report.
