Solana Patches Bug That Could Have Allowed Attackers to Mint and Swipe Tokens

Solana network validators narrowly avoided catastrophe, rolling out a patch that killed a bug in a program that could have allowed exploiters to mint certain tokens in unlimited quantities—or withdraw them from any account. 

The vulnerability, which would have only affected Token-22 confidential tokens, was found in the ZK ElGamal Proof program, which certifies encrypted balances and verifies the accuracy of zero-knowledge proofs. 

“In the on-chain ZK ElGamal Proof program, some algebraic components were not included in a hash used to generate a transcript for the Fiat-Shamir Transformation,” a postmortem report from the Solana Foundation reads. “A sophisticated attacker could use these unhashed components to develop a forged proof of an unauthorized action that passes verification.”

In other words, an exploiter could have used the forged proof to mint unlimited quantities of Token-22 confidential tokens or withdraw them from accounts. 

The potential vulnerability was first reported to Anza Github Security Advisory on April 16 with a patch rolled out to validators directly the following day after evaluation and confirmation of the vulnerability from engineers at Anza, Firedancer, and Jito.

Anza is a Solana development shop comprised of former Solana Labs employees, while Jito is a noted infrastructure firm in the ecosystem. Firedancer is a Solana validator client in development from Jump Crypto.

Security firms Asymmetric Research, Neodyme, and OtterSec were also pulled in to provide support and review the patch. 

By the afternoon of April 18, a supermajority of validator operators adopted a fix, which included a second patch that was used to address a similar issue in another part of the codebase. With a patch now adopted, no funds are at risk and no known exploits of the vulnerability have been discovered.

Though the patch was quickly addressed and no funds are known to be exploited, the Solana Foundation faced some criticism across social media. Some users called out the behind-the-scenes upgrade, which took place two weeks before the Foundation addressed it publicly via the postmortem. 

“Am I hearing this right? There was a zero-day on Solana mainnet and >70% of the validators privately colluded to upgrade and patch the critical bug before it was even made public,” posted one pseudonymous Ethereum ecosystem developer on X (formerly Twitter).

The post drew pushback from notable Solana devs and Solana co-founder Anatoly Yakovenko in the process. Even longtime Ethereum developer Hudson Jameson weighed in, saying this approach was typical and necessary for fixing issues.

“This is totally fine,” said Jameson on X. “Bitcoin, Zcash, and Ethereum have all had instances where the core devs needed to privately plan a secret bug fix. A good chain culture means having mature devs who can accomplish stealth fixes.”

“I was involved in distributing this patch to validators before it was released publicly,” said Tim Garcia, validator relations lead at the Solana Foundation. “I’m happy to hear suggestions on a better process. Unfortunately, doing the distribution in public before sufficient adoption is a non-starter.”

This is hardly the first time that Solana has faced centralization critiques; notably, last October, famed whistleblower Edward Snowden called out the layer-1 blockchain over centralization. Solana ecosystem leaders pushed back, with Yakovenko saying, “As usual, Solana is decentralized only by objectively measurable metrics, and centralized across all the other ones.”

Solana currently boasts 1,279 validators, according to its website. 

Edited by Andrew Hayward