🫨 Surprise on the Solana network! 🫨 The Solana Foundation has just extinguished a potentially catastrophic fire: a zero-day vulnerability that could have allowed an attacker to create unlimited confidential tokens Token-22 and even steal user funds. Yes, as you will read... infinite coins! ♾️💰
The error was detected on April 16 and affected two key pieces of its infrastructure: Token-2022, responsible for minting tokens, and ZK ElGamal Proof, which verifies zero-knowledge proofs (yes, the ones that provide privacy to transactions). 🔐
The root of the problem was as technical as it was dangerous: certain mathematical elements were left out of the hash in the generation of the Fiat-Shamir proofs. In simple terms: that allowed faking a proof and the system believing it was valid. Boom, free tokens for the attacker. 💣👨💻
The good news: there is no evidence that anyone exploited this vulnerability and it has already been patched thanks to the joint work of teams like Anza, Firedancer, Jito, Asymmetric Research, Neodyme, and OtterSec. ⚙️🧠
But... not everything is joy in the community. The way the crisis was handled – privately between the Foundation and the validators – raised suspicions of excessive centralization. 🤐
A collaborator from Curve Finance held nothing back:
"Why do they have the contact information of all the validators? What else do they discuss in those chats?" 🕵️♂️
Even Anatoly Yakovenko, CEO of Solana Labs, got into the conversation to compare with Ethereum and its validators. According to him, 'they also coordinate when there are problems!'.
But the community was not entirely convinced... especially because Solana has only one active client (Agave), while Ethereum has several. 🧐
That said, there is hope: Firedancer, a new client for Solana, is on its way. It is expected to improve the decentralization and resilience of the network. But the most demanding say that at least three clients are needed to talk about a truly decentralized network. 🏗️
✍️ In summary:
• Critical error: Allowed minting and stealing confidential tokens
• It was not exploited
• It has already been fixed
But... is Solana too centralized? 🧩
📌 Sources: Cointelegraph, Solana Foundation, Curve Finance, Ryan Berckmans (Ethereum), Official statement
🤔 What do you think?
Is Solana acting responsibly or is it looking too much like a 'private club'? 😎
💬👉🏻 Leave it in the comments!
👍 Follow me for more daily crypto news and share this bomb 💣 of info with your crypto colleagues.
