Solana has quietly patched a vulnerability that could potentially allow attackers to mint and steal certain tokens.
A skilled fraudster could create fake proofs that would still be accepted by the blockchain verifier, allowing unauthorized transactions such as issuing unlimited tokens or withdrawing tokens from other people's accounts.
Shaurya Malwa | Edited by Parikshit Mishra May 5, 2025 7:10 AM
Key points:
- The Solana Foundation discovered a vulnerability in its token system that could facilitate unauthorized minting or withdrawal of funds.
- The vulnerability was related to ZK's ElGamal Proof program and affected private transfers, but not standard SPL tokens.
The Solana Foundation has disclosed a previously unknown vulnerability in its privacy-focused token system that could allow attackers to create bogus zero-knowledge proofs that would lead to the unauthorized issuance or withdrawal of tokens.
The vulnerability was first reported on April 16 via the Anza security advisory on GitHub, accompanied by a working proof of concept. Engineers from Solana's Anza, Firedancer, and Jito development teams reviewed the issue and immediately began developing a fix, according to a report published Saturday.
The issue arose due to the ZK ElGamal Proof program, which verifies the zero-knowledge proofs (ZKPs) used for private transfers of Solana Token-22. These extension tokens allow for private balances and transfers by encrypting amounts and using cryptographic proofs to verify them.
ZKP is a cryptographic method that allows someone to prove that they have information or access to something, such as a password or age, without revealing the information itself.
In cryptographic applications, they can be used to confirm the validity of a transaction without specifying specific amounts or addresses (which could otherwise be used by attackers to carry out attacks).
The bug was caused by missing some algebraic components in the hashing process of the Fiat-Shamir transformation, a standard method for making zero-knowledge proofs non-interactive. (Non-interactivity means turning the process of transmitting data into a one-time proof that anyone can verify.)
A skilled fraudster could create invalid evidence that a blockchain verifier would still accept.
This would open the door to unauthorized activities such as issuing unlimited amounts of tokens or withdrawing tokens from other accounts.
Thus, the vulnerability did not affect standard SPL tokens or the core logic of the Token-2022 program.
Starting on April 17, fixes were distributed privately to validator operators. Later that evening, a second patch was released to fix a related issue in another part of the codebase.
Both fixes were verified by independent security firms Asymmetric Research, Neodyme, and OtterSec. By April 18, the vast majority of validators had accepted the proposed fixes.
According to the postmortem, there is no evidence that the vulnerability was exploited and all funds remain secure.
