시가총액: $3.4699T 0.900%
거래량(24시간): $145.2709B 18.480%
  • 시가총액: $3.4699T 0.900%
  • 거래량(24시간): $145.2709B 18.480%
  • 공포와 탐욕 지수:
  • 시가총액: $3.4699T 0.900%
암호화
주제
암호화
소식
cryptostopics
비디오
최고의 뉴스
암호화
주제
암호화
소식
cryptostopics
비디오
bitcoin
bitcoin

$109672.014679 USD

-0.05%

ethereum
ethereum

$2779.040461 USD

3.21%

tether
tether

$1.000027 USD

-0.02%

xrp
xrp

$2.286294 USD

-1.03%

bnb
bnb

$668.672191 USD

0.49%

solana
solana

$164.011110 USD

2.72%

usd-coin
usd-coin

$0.999787 USD

0.00%

dogecoin
dogecoin

$0.195365 USD

0.42%

tron
tron

$0.290361 USD

0.92%

cardano
cardano

$0.711293 USD

-0.19%

hyperliquid
hyperliquid

$41.168738 USD

5.18%

sui
sui

$3.450061 USD

1.27%

chainlink
chainlink

$15.153468 USD

3.69%

avalanche
avalanche

$22.109128 USD

0.87%

bitcoin-cash
bitcoin-cash

$441.105779 USD

3.36%

암호화폐 뉴스 기사

The Solana Foundation has disclosed and patched a zero-day vulnerability

2025/05/05 17:00

The Solana Foundation has disclosed and patched a zero-day vulnerability

The Solana Foundation has disclosed and patched a zero-day vulnerability that could have allowed attackers to mint confidential tokens and withdraw them from unsuspecting users’ accounts.

The flaw, which was silently resolved before any known exploit occurred, has swiftly sparked heated debates around Solana’s network decentralization as several key contributors, including Anza, Firedancer, Jito, Asymmetric Research, Neodyme, and OtterSec, came together to coordinate the patching process.

According to a May 3 post-mortem from the Solana Foundation, the vulnerability was first identified on April 16 and affected Solana’s privacy-focused "Token-22 confidential tokens." These tokens rely on zero-knowledge proofs (ZKPs) to ensure the privacy of transfers, a feature designed to enable advanced and confidential token functionalities within the Solana ecosystem.

On April 16, 2025, the Solana Foundation discovered a zero-day vulnerability in the Token-2022 standard's confidential transfers feature, which could have allowed attackers to forge zero-knowledge proofs to mint unlimited tokens or steal user assets. The Foundation privately…

The security gap originated in the Token-2022 and ZK ElGamal Proof programs, where a cryptographic flaw in the Fiat-Shamir Transformation process had implications for forging proofs. It occurred because certain algebraic components were not properly hashed, undermining the integrity of the proof verification mechanism.

In essence, the flaw might have enabled malicious actors to simulate valid balances and mint confidential tokens—an alarming loophole that, had it been exploited, could have seen batches of tokens spawn out of thin air.

Despite the critical nature of the vulnerability, no funds were lost, and a supermajority of validators had already adopted the patched version within two days.

Solana Patch Sparks Centralization Fears

The rapid behind-the-scenes patching process has nevertheless raised eyebrows among decentralization purists.

A contributor from Curve Finance sparked the discussion by inquiring about the Foundation's ability to swiftly contact validators and whether this level of influence undermines SOL's claims of being a decentralized network.

The concern: such close coordination could facilitate censorship or even orchestrated rollbacks, hallmarks of centralized control.

This seems like a massive vulnerability to have been discovered so quickly. Is there a reason why the snapshot on April 15th was used instead of the genesis snapshot? Wouldn't that have huge implications for liquidity on the chain?

Solana Labs CEO Anatoly Yakovenko responded by highlighting that Ethereum validators, many operated by large staking providers like Lido, Binance, Coinbase, and Kraken, could coordinate similarly in a severe emergency.

"If geth needs to push a patch, I’ll be happy to coordinate for them. We can ping them on the relevant Discord channels or email,” Yakovenko stated.

But not everyone agrees with the comparison.

Solana One Client Risk Exposed

A member of the Ethereum community, Ryan Berckmans, countered that Ethereum's client diversity serves as a safeguard against the kind of single-point-of-failure risks posed by SOL. He noted that Geth, Ethereum's dominant client, holds no more than 41% market share, while SOL currently operates with just one production-ready client, Agave.

"This means that a zero-day bug in the single Solana client is de facto a protocol bug. Change the single client program, change the protocol itself. This is a huge difference," Berckmans argued.

Solana's roadmap offers a partial answer. The highly anticipated Firedancer client, developed in collaboration with Jump Crypto and expected to launch in the coming months, promises enhanced performance and redundancy.

Still, as Berckmans pointed out, true decentralization at the client level may require at least three independent clients, a goal that Solana has yet to achieve.

While the vulnerability was patched swiftly before any real damage occurred, the incident highlights a growing tension in the blockchain world: the trade-off between security responsiveness and decentralization.

Solana's ability to act quickly in the face of a zero-day flaw is commendable, but it has also spotlighted its centralized levers of control.

As Solana continues to evolve with Firedancer on the horizon and more zero-knowledge capabilities in development, the community will be watching closely to see whether the network can strike a sustainable balance between performance, privacy, and decentralization.

부인 성명:info@kdj.com

제공된 정보는 거래 조언이 아닙니다. kdj.com은 이 기사에 제공된 정보를 기반으로 이루어진 투자에 대해 어떠한 책임도 지지 않습니다. 암호화폐는 변동성이 매우 높으므로 철저한 조사 후 신중하게 투자하는 것이 좋습니다!

본 웹사이트에 사용된 내용이 귀하의 저작권을 침해한다고 판단되는 경우, 즉시 당사(info@kdj.com)로 연락주시면 즉시 삭제하도록 하겠습니다.

2025年06月12日 에 게재된 다른 기사