BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Solana Fixes Zero-Day Vulnerability in Token-22 Confidential Tokens

Solana Patches Critical Zero-Day Vulnerability in Token-22 System, Sparks Centralization Debate

  • Solana Foundation has patched a zero-day vulnerability affecting Token-22 confidential tokens that could have allowed attackers to mint and steal tokens.
  • Validators quickly implemented patches for the security bug discovered on April 16, with no reported exploits occurring.
  • The private handling of the patch has sparked centralization debates between Solana and Ethereum community members.

The Solana Foundation has successfully fixed a zero-day vulnerability that could have allowed attackers to forge proofs, potentially enabling them to mint and withdraw certain tokens from user accounts. According to a May 3 post-mortem released by the Foundation, the security flaw, initially discovered on April 16, targeted Solana’s privacy-focused Token-22 confidential tokens.

- Advertisement -

No exploits of the vulnerability have been reported, and Solana validators have implemented the patched version, as confirmed by the Foundation. The vulnerability specifically affected two programs: Token-2022, which handles main application logic for token mints and accounts, and ZK ElGamal Proof, which verifies zero-knowledge proofs for account balances.

The security issue stemmed from certain algebraic components being omitted from the hash in the Fiat-Shamir Transformation’s transcript generation. This flaw could have allowed attackers to exploit these unhashed components by creating forged proofs to mint and steal Token-22 confidential tokens, which leverage zero-knowledge proofs for private transfers.

Swift Response from Solana Ecosystem

After identification on April 16, two patches were deployed to fix the issues, with a super majority of Solana validators implementing them approximately two days later. Development firms Anza, Firedancer, and Jito led the security patch effort, with assistance from Asymmetric Research, Neodyme, and OtterSec. The Foundation has assured users that all funds remain secure.

However, the private handling of the vulnerability has raised centralization concerns within the crypto community. A Curve Finance contributor questioned the Foundation’s close relationship with validators, asking, "Why does someone have a list of all validators and their contact details? What else are they talking about in those comms channels."

- Advertisement -

Solana Labs CEO Anatoly Yakovenko responded by suggesting that Ethereum community members could similarly coordinate to fix security issues, noting that more than 70% of Ethereum network validators are controlled by exchanges or staking operators.

Centralization Debate Intensifies

Ethereum community member Ryan Berckmans countered Yakovenko’s comparison, highlighting that Ethereum has better client diversity with its most popular client having at most 41% market share. In contrast, Solana currently has just one production-ready client, Agave.

"This means zero day bugs in the single Sol client are de facto protocol bugs. Change the single client program, change the protocol itself. The client is the protocol," Berckmans wrote.

Solana plans to launch a new client, Firedancer, in the coming months to improve network resilience. However, Berckmans argues that Solana would need at least three clients to achieve sufficient decentralization at the client level.

This isn’t the first time Solana has privately resolved a critical vulnerability. In August, the Foundation and network validators fixed another security flaw behind the scenes, with executive director Dan Albert stating that coordination ability doesn’t equate to centralization.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Crypto’s $2T Crash Awaits BlackRock Shock & FOMO

Bitcoin has stabilized near $60,000 after a downturn erased $2 trillion from the crypto...

Cambridge: Ethereum Energy Intensity Low, Overall Use High

Ethereum consumes roughly 7.87 GWh annually, the second-lowest energy intensity per market value among...

Saylor and Back oppose BIP-110 fork over Bitcoin security fears

Michael Saylor and Adam Back have publicly opposed BIP-110, a temporary Bitcoin fork proposal...

China, India groups target Pakistani police in cyber espionage

Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber...

AMD Stock Dips 10% Amid AI Volatility Ahead of Q3 Earnings

AMD stock fell nearly 10% from $580 on June 30 to roughly $516 by...

Must Read

Top 10 BEST Crypto Trading Books for New Traders

If you're thinking of diving into the crypto trading space, acquiring solid knowledge isn't just recommended - it's essential to protect your investment.Learning...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading