Solana Quietly Patches Bug Allowing Unlimited Token Minting

Solana Devs Quietly Patch Critical Token-22 Bug, Sparking Transparency Debate

  • Solana developers quickly addressed a serious bug impacting Token-22 confidential tokens.
  • The vulnerability could have allowed unlimited token minting or unauthorized withdrawals.
  • The patch was issued privately before public disclosure, sparking debate over transparency.

Developers for the Solana blockchain moved rapidly last month to patch a critical software bug that posed a risk to Token-22 confidential tokens. This vulnerability, if exploited, could have allowed attackers to create unlimited quantities of certain tokens or withdraw funds from any account, according to an official Solana Foundation postmortem.

- Advertisement -

According to the report, the issue was discovered in Solana’s “ZK ElGamal Proof program.” This software helps to confirm encrypted token balances using zero-knowledge proofs—a way to verify data without revealing sensitive details. The problem involved missing components during the cryptographic process, which could have helped attackers forged proof of unauthorized actions that would pass system checks.

The vulnerability was first flagged in an April 16 security advisory. Solana validators—a group of participants who help run the blockchain—received a direct fix the very next day, after the problem was reviewed by engineers at Anza, Firedancer, and Jito. Security firms like Asymmetric Research, Neodyme, and OtterSec also assisted in testing and validating the fix.

By April 18, a “supermajority” of Solana validator operators installed the patch, closing the vulnerability. A secondary issue within the same program was also fixed. The Solana Foundation stated no funds were lost and that there had been no known exploits related to this incident.

The way the fix was handled attracted attention on social media. Some users criticized the quiet rollout, which took place two weeks before public disclosure. According to a statement on X (formerly Twitter), a pseudonymous Ethereum developer questioned if more than 70% of validators “privately colluded to upgrade and patch the critical bug before it was even made public.” Experienced blockchain developers, including longtime Ethereum contributor Hudson Jameson, responded that such private action is standard, explaining on X: Bitcoin, ZCash, and Ethereum have all had instances where the core devs needed to privately plan a secret bug fix. A good chain culture means having mature devs who can accomplish stealth fixes.”

Tim Garcia, validator relations lead at the Solana Foundation, added on X that “doing the distribution in public before sufficient adoption is a non-starter.” He welcomed suggestions for improving the process but emphasized the importance of security.

The Solana ecosystem, which currently includes over 1,200 validators according to its official stats, has previously faced concerns about centralization from critics. Leaders at Solana have stated the network remains decentralized according to measurable metrics.

- Advertisement -

Edited by Andrew Hayward.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest

Congress Debates Stablecoin Bill Amid Rising Bank and Crypto Tensions

U.S. lawmakers are moving forward with the Senate Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act, with debates set to resume after...

American Engineer Drugged, Robbed in Sophisticated London Crypto Heist

An American software engineer lost approximately $123,000 in cryptocurrency after being drugged and robbed in London.The victim was targeted by an impersonator posing as...

Max Keiser Doubts New Bitcoin Treasuries’ Discipline in Bear Market

Bitcoin-focused companies are increasingly copying the treasury strategy used by Michael Saylor's Strategy.Max Keiser raised doubts about whether these newer companies can maintain commitment...

South Korea Election Puts Crypto Policy at Center of Debate

Nearly one-third of South Koreans hold digital assets, making crypto a vital issue in the upcoming presidential election.Both major parties support crypto exchange-traded funds...

Scottsdale Residents Lose $6M to Crypto Scams; Police Respond

Scottsdale residents have reported losing over $6 million to cryptocurrency Scams in 2024.Authorities say actual losses could be higher, as not all cases are...

Must Read

10 Best Crypto Audiobooks You Don’t Want to Miss

So, you are getting tired of reading books and you want to switch to audiobooks that talk about cryptocurrencies. Well, today we are going...