시가총액: $3.4391T 4.130%
거래량(24시간): $122.6091B 38.090%
  • 시가총액: $3.4391T 4.130%
  • 거래량(24시간): $122.6091B 38.090%
  • 공포와 탐욕 지수:
  • 시가총액: $3.4391T 4.130%
암호화
주제
암호화
소식
cryptostopics
비디오
최고의 뉴스
암호화
주제
암호화
소식
cryptostopics
비디오
bitcoin
bitcoin

$109731.956184 USD

3.84%

ethereum
ethereum

$2692.478025 USD

7.88%

tether
tether

$1.000259 USD

-0.02%

xrp
xrp

$2.310195 USD

2.85%

bnb
bnb

$665.398326 USD

2.29%

solana
solana

$159.672203 USD

5.06%

usd-coin
usd-coin

$0.999804 USD

-0.01%

dogecoin
dogecoin

$0.194571 USD

6.55%

tron
tron

$0.287722 USD

1.47%

cardano
cardano

$0.712553 USD

7.00%

hyperliquid
hyperliquid

$39.140056 USD

10.60%

sui
sui

$3.406832 USD

5.85%

chainlink
chainlink

$14.613780 USD

6.44%

avalanche
avalanche

$21.918622 USD

5.88%

stellar
stellar

$0.276535 USD

3.81%

암호화폐 뉴스 기사

The Foundation Solana recently disclosed a critical vulnerability

2025/05/05 18:00

The Foundation Solana recently disclosed a critical vulnerability

The Solana Foundation has recently disclosed a critical vulnerability in its privacy-focused token system, an issue that could have had devastating consequences for the ecosystem.

The bug, identified in the ZK ElGamal Proof program, exclusively affected the confidential transfers of Token-22 tokens and did not impinge upon the standard SPL tokens nor the main logic of the Token-2022 program.

At the heart of the problem was an error in the implementation of zero-knowledge proofs (ZKPs), a sophisticated cryptographic method used to prove the validity of a transaction without revealing sensitive data such as amounts or addresses. This system is crucial for ensuring privacy in blockchain transactions, but it was precisely here that the bug was nested.

As explained by the Solana Foundation, the issue arose due to the lack of some algebraic components in the hashing process during the Fiat-Shamir transformation, a key step to render the proofs non-interactive. In essence, this flaw enabled a skilled attacker to forge proofs that would still be accepted by the on-chain verifier.

If exploited, this vulnerability could have allowed malicious actors to mint an infinite number of tokens or withdraw funds from other accounts without authorization—a potentially catastrophic risk for the integrity of the network and user trust.

However, it’s important to emphasize that the vulnerability was discovered in time and there is no evidence that it was ever exploited. All funds, according to the Solana Foundation, remain safe.

The first warning sign came on April 16, when the Anza security team published a notice on GitHub, accompanied by a working proof-of-concept. The alert immediately mobilized the engineers from the Solana, Anza, Firedancer, and Jito development teams, who verified the bug and promptly began mitigation operations.

The following day, April 17, an initial patch was distributed to the validator operators, followed by a second patch released that same evening to address a related issue in another part of the code. Both fixes were reviewed by three independent security firms: Asymmetric Research, Neodyme, and OtterSec.

Thanks to the timely collaboration between the various teams and the transparency in managing the incident, by April 18 the majority of the validators had already implemented the patches, drastically reducing the risk of exploit.

The Solana Foundation, in a post-mortem published later, confirmed that there were no attacks or loss of funds. The incident, however, highlighted the importance of constant monitoring and a solid security infrastructure, especially for advanced features like confidential transfers.

부인 성명:info@kdj.com

제공된 정보는 거래 조언이 아닙니다. kdj.com은 이 기사에 제공된 정보를 기반으로 이루어진 투자에 대해 어떠한 책임도 지지 않습니다. 암호화폐는 변동성이 매우 높으므로 철저한 조사 후 신중하게 투자하는 것이 좋습니다!

본 웹사이트에 사용된 내용이 귀하의 저작권을 침해한다고 판단되는 경우, 즉시 당사(info@kdj.com)로 연락주시면 즉시 삭제하도록 하겠습니다.

2025年06月11日 에 게재된 다른 기사