The Solana Foundation has revealed a security vulnerability within its privacy-focused token system, which could have allowed attackers to create fraudulent zero-knowledge proofs (ZKPs). These forged proofs would have enabled malicious actors to mint tokens without authorization or withdraw tokens from other accounts.
The bug, which was first reported on April 16 via Anza’s GitHub security advisory, included a working proof-of-concept. Solana’s development teams—Anza, Firedancer, and Jito—verified the issue and immediately began addressing it, as outlined in a post-mortem published on Saturday.
The flaw was linked to the ZK ElGamal Proof program, responsible for validating ZKPs used in Solana’s Token-22 confidential transfers. These extension tokens are designed to enhance privacy by encrypting transaction amounts and utilizing cryptographic proofs for validation.
ZKPs are a type of cryptographic technique that allows users to prove they possess specific knowledge (e.g., access to a password or age) without revealing the actual data itself. In cryptocurrency systems, this method ensures transaction validity without exposing sensitive information such as transaction amounts or addresses, which could otherwise be exploited by attackers.
The vulnerability occurred due to missing algebraic components during the Fiat-Shamir transformation process—an established method for converting zero-knowledge proofs into a non-interactive format, allowing for one-time verifications. As a result, an attacker could have crafted invalid proofs that would be accepted by the on-chain verifier.
Had it been exploited, the bug could have allowed unauthorized minting of tokens or the withdrawal of tokens from other users’ accounts. However, the flaw did not impact standard SPL tokens or the core logic of the Token-2022 program.
To mitigate the issue, patches were privately distributed to validator operators starting on April 17. A second patch was issued later that evening to address a related issue. Both patches were audited by third-party security firms Asymmetric Research, Neodyme, and OtterSec, and by April 18, most validators had adopted the fix.
According to the post-mortem, there is no evidence that the vulnerability was exploited, and all funds are secure.
