PANews reported on May 5 that the Solana Foundation announced that a serious "zero-day" vulnerability affecting the confidential transmission function on its network has been successfully fixed. The vulnerability was discovered on April 16, and the Foundation immediately secretly organized validators to coordinate network updates and completed the repair work within two days.
This vulnerability involves the ZK proof system used to verify the confidential transfer of tokens in the Token-2022 standard. If exploited, an attacker could theoretically mint a specific token infinitely by forging proofs, or steal these tokens from user accounts.
The Solana Foundation stated that the vulnerability was not disclosed until the fix was completed to ensure safety. There is currently no evidence that the vulnerability has been actually exploited and all user funds are safe. It also pointed out that although the confidential transfer function has been online for some time, the current adoption rate is not high.
