Solana 基金会披露 ZK ElGamal 第二个漏洞并禁用隐私转账

Binance News · 2025-06-27T01:17:05.000Z

据吴说报道，Solana 基金会披露 ZK ElGamal Proof 原生程序出现第二个零知识验证漏洞。安全研究员 suneal_eth 于 6 月 10 日报告漏洞，工程团队确认可伪造隐私转账证明。 6 月 11 日，团队通过多签升级 Token-2022 程序，禁用 Confidential Transfers。官方呼吁验证节点升级 Agave / Jito-Solana v2.2.16 或 Firedancer v0.505.20216，并在主网 epoch 805 激活特性开关，彻底关闭 ZK ElGamal 程序。官方强调链上尚无隐私转账规模化使用，暂无资金受损记录。基金会表示，重新启用隐私转账需待审计完成并发布安全版程序后再行激活。常规 SPL 代币和普通交易不受影响。

According to reports from Wu, the Solana Foundation disclosed a second zero-knowledge verification vulnerability in the ZK ElGamal proof native program. Security researcher suneal_eth reported the vulnerability on June 10, and the engineering team confirmed that privacy transfer proofs could be forged.
On June 11, the team upgraded the Token-2022 program through a multi-signature, disabling Confidential Transfers. The official call for validation nodes to upgrade to Agave / Jito-Solana v2.2.16 or Firedancer v0.505.20216 and activate the feature switch in mainnet epoch 805 to completely disable the ZK ElGamal program.
The officials emphasized that there has been no large-scale use of privacy transfers on-chain, and there are no records of financial loss. The foundation stated that re-enabling privacy transfers will wait until the audit is complete and a secure version of the program is released before activating again. Regular SPL tokens and ordinary transactions are not affected.

Solana Foundation Discloses Second Vulnerability in ZK ElGamal and Disables Privacy Transfers

Últimas Notícias