Solana Foundation has confirmed that zero -day vulnerabilities, in which attackers can potentially mint specific tokens, can withdraw the tokens from the user account.
The security vulnerabilities, first discovered on April 16, after the death of Solana Foundation on May 3, said that the attacker could create wrong evidence that affects “Token-22 confidential tokens” that affect Solana’s privacy.
The vulnerability of this vulnerability is unknown, and the Solana validic test has adopted a patch version, the Foundation said.
Solana Zero -Day Security Bug affected tokens -22 confidential tokens.
Solana Foundation relates to two programs: Token-2022 and ZK Elgamal Proof.
Token-2022 handles major application logic for token private and accounts, while ZK Elgamal Proof confirms the accuracy of zero knowledge to display the exact account balance.
The Foundation has omitted certain algebra components in the hash in the production of the Fiat-Shamir Transformation, which specifies a method for creating a public satellite using the encryption hash function.
The defect allowed the attacker to exploit the untrained components by delivering verification to the MINT and making forged evidence of stealing the Token-22 confidential tokens.
TOKEN-22 confidential tokens or “expansion tokens” utilize zero knowledge proof of personal transmission and enable advanced token function.
The vulnerability was first identified on April 16 and two patches were deployed to solve the problem. The majority of Solana’s validation tests adopted the patch two days later.
SOLANA Developers ANZA, FIREDANCER and JITO were the main parties of the security patch, and also supported asymmetric research, neodyme and ottersec.
The Foundation has confirmed that all funds are maintained safe.
relevant: Bloomberg Intelligence improves the chance of approval of Solana ETF to 90%.
Despite modifications, the individual handling of Solana Foundation raised the problem with Solana Validators from some people in the encryption community.
This included Curve Finance contributions that raised concerns about close relationships with Foundation and Solana Validators.
“Why do someone have all validation lists and contact details? What are you talking about on that Comms channel?” They were afraid that they could potentially collide with censorship or roll back.
Solana Labs’s CEO Anatoly Yakovenko said he did not refuse this claim, but the Ether Leeum community members could adjust to solve similar security bugs.
Yakovenko said more than 70% of Ether Leeum Network’s validation tests are controlled by staying operators such as Crypto and Rido, Yakovenko insisted on his point.
“People like 70%of Ethereum. If all LIDO validation (Chorus One, P2P, etc.) Binance, Coinbase and Krake. Geth will be willing to adjust.”
In August, Solana Foundation and Network Validators solved another important vulnerability behind the scenes. At the time, Dan Albert, executive director of the Foundation, said that the ability to adjust the patch does not mean that Solana has been centralized.
The community member said Ether Lee would not fall into the same problem.
Ryan Berckmans, a member of Ether Leeum Community, pointed out that Ether Lee has sufficient customer diversity, claiming that Ether Lee is suffering from the same centralization as Solana.
Berckmans pointed out that Geth, the most popular Ether Leeum client, has a market share of up to 41%in Ether Leeum, Solana has an AGAVE, a preparatory customer.
“This means that the Zero Dayberg of a single SOL client is virtually a protocol bug. Change a single client program and change the protocol itself. The client is a protocol.”
Meanwhile, Solana will launch a new customer, FireDancer, in the next few months, which is expected to improve the elasticity and operation time of the network.
But Berckmans said Solana should be fully distributed by three customers at the customer level.
magazine: Memecoins is DED. However, despite the sharp drop in Solana ‘100x’