Solana Foundation has confirmed security vulnerability in a token system centered on personal information. The defects that attackers could forge transactions and perform unauthorized token actions could end deadly, but were quickly identified and patched before exploitation.
Zero knowledge defects threatened confidential tokens.
In this weekend post post, Solana Foundation announced that Solana’s developers warned of unknown vulnerabilities in the ZK Elgamal Proof program on April 16.
Solana’s ZK Elgamal Proof program is a encryption framework that allows you to check the transaction by checking the transaction by checking the transaction without revealing the sensitive details.
If it is used, if there is a defect, the attacker forged the encryption proof and passing the verification so that the funds can be collected from the unauthorized mining of the SOL token or from all accounts.
According to the Solana Foundation, this vulnerability comes from missing elements during the Fiat-Shamir conversion process where certain algebra components are not properly hash.
This difference is open to the malicious actors to create zero knowledge evidence of the confidential token transmission used for the “confidential transmission” function of Token-2022.
The Token-2022 standard acts as a “backbone” of the Solana ecosystem, depending on numerous Defi protocols and stable coins. Violations can immediately cause the deadly collapse of the entire network.
The Foundation said that only confidential tokens could be affected, and the basic tokens -2022 program and standard SPL tokens were not affected.
The patch was deployed in 48 hours by adjusting the validation test.
The patch is known to have been distributed personally to an effective operator within two days of vulnerability.
According to the statement, the validity inspector manager contacted himself, and by April 18, most of the networks implemented modifications.
Solana’s announcement said, “The ZK Elgamal Proof program has been patched and the Solana valid tester manager has been patched.
In particular, the exploitation was not detected, and all the funds were safely maintained during the incident. Core Token -2022 Logic was not affected, and bugs were limited to the evidence verification class.
The zero day vulnerability has become a new standard.
Solana Foundation said developers did not know important vulnerabilities. In this case, it is classified as zero -day vulnerability, a security gap between software or hardware that suppliers or developers have not yet found. Without modifications, attackers can exploit vulnerabilities before the patch is released.
Cyber criminals can use this to get unauthorized access or confuse the system, so such defects are particularly dangerous.
Meanwhile, FIVE EYES Cyber Security Intelligence Alliance, composed of the United States, the United Kingdom, Canada, Australia and New Zealand, warned of the significant increase in attacks aimed at unknown vulnerabilities before 2024. According to them, the surge in the exploitation of zero -day vulnerability has become a “new normal.”
on the other way
- Zero knowledge evidence protects personal information, but it is difficult to solve the problem when vulnerability occurs.
Why this is important
This event emphasized the risk of zero -day vulnerabilities in complex encryption protocols by exposing important defects in one of Solana’s most privacy -centered systems.
Discover the trend encryption news of the Daily Coin.
Why is Cardano overcoming Ether Lee in Dev activity, so why is ADA still having trouble?
PI coin price for big discounts: PI network mining is worth it?