시가총액: $3.3026T 0.250%
거래량(24시간): $88.7887B 4.230%
  • 시가총액: $3.3026T 0.250%
  • 거래량(24시간): $88.7887B 4.230%
  • 공포와 탐욕 지수:
  • 시가총액: $3.3026T 0.250%
암호화
주제
암호화
소식
cryptostopics
비디오
최고의 뉴스
암호화
주제
암호화
소식
cryptostopics
비디오
bitcoin
bitcoin

$105660.503371 USD

0.08%

ethereum
ethereum

$2495.659205 USD

-0.75%

tether
tether

$1.000503 USD

-0.01%

xrp
xrp

$2.246230 USD

3.27%

bnb
bnb

$650.510663 USD

0.05%

solana
solana

$151.975391 USD

1.31%

usd-coin
usd-coin

$0.999922 USD

-0.01%

dogecoin
dogecoin

$0.182596 USD

-0.78%

tron
tron

$0.283540 USD

-1.07%

cardano
cardano

$0.665910 USD

0.95%

hyperliquid
hyperliquid

$35.388743 USD

1.47%

sui
sui

$3.218472 USD

-0.93%

chainlink
chainlink

$13.729857 USD

-0.67%

avalanche
avalanche

$20.700353 USD

1.21%

unus-sed-leo
unus-sed-leo

$9.242919 USD

0.14%

암호화폐 뉴스 기사

Solana Labs Patches Zero-Day Vulnerability That Could Have Allowed an Attacker to Mint and Steal Certain Tokens

2025/05/05 11:03

The Solana Foundation has confirmed that a zero-day vulnerability that allowed an attacker to potentially mint certain tokens and even withdraw those tokens from user accounts has been fixed.

A May 3 post-mortem from the Solana Foundation said that the security vulnerability, first discovered on April 16, could have allowed an attacker to forge an invalid proof affecting Solana’s privacy-enabling “Token-22 confidential tokens.”

There is no known exploit of the vulnerability, and Solana validators have since adopted the patched version, the foundation said.

Solana zero-day security bug affected Token-22 confidential tokens

The Solana Foundation said the security vulnerability concerned two programs: Token-2022 and ZK ElGamal Proof.

Token-2022 handles the main application logic for token mints and accounts, while ZK ElGamal Proof verifies the correctness of zero-knowledge proofs to show accurate account balances.

The foundation said certain algebraic components were omitted from the hash in the Fiat-Shamir Transformation's transcript generation, which specifies how provers generate public randomness using a cryptographic hash function.

The flaw could have enabled an attacker to exploit the unhashed components by crafting a forged proof that passes verification to mint and steal Token-22 confidential tokens.

Token-22 confidential tokens, or “Extension Tokens,” leverage zero-knowledge proofs for private transfers and aim to enable advanced token functionality.

The vulnerability was first identified on April 16, and two patches were deployed to resolve the issues. A super majority of Solana validators adopted the patches around two days later.

Solana development firms Anza, Firedancer and Jito were the main parties behind the security patch, while Asymmetric Research, Neodyme and OtterSec also assisted.

The foundation confirmed that all funds remain safe.

Related: Bloomberg Intelligence boosts Solana ETF approval odds to 90%

Despite the fix, the Solana Foundation’s private handling of the issue with Solana validators raised centralization concerns from some in the crypto community.

This included a Curve Finance contributor who raised concerns about the foundation’s close relationship with Solana validators.

“Why does someone have a list of all validators and their contact details? What else are they talking about in those comms channels,” feared the contributor.

Solana Labs CEO Anatoly Yakovenko didn’t directly deny the claims but said members of the Ethereum community could also coordinate to resolve a similar security bug.

More than 70% of the Ethereum network validators are also controlled by crypto exchanges or staking operators such as Lido, Yakovenko said in arguing his point.

In August, the Solana Foundation and network validators another critical vulnerability behind closed doors. At the time, the foundation’s executive director, Dan Albert, said the ability to coordinate a patch doesn’t mean that Solana is centralized.

Ethereum wouldn’t fall for the same issue, community member says

Ethereum community member Ryan Berckmans slammed claims that Ethereum is subject to the same centralization issues as Solana, pointing out that Ethereum has sufficient client diversity.

The most popular Ethereum client, geth, has at most 41% market share on Ethereum, Berckmans said, while noting that Solana has just one production-ready client, Agave.

Meanwhile, Solana is still looking to launch another client, Firedancer, in the next few months, which is expected to improve the network’s resilience and uptime.

However, Berckmans said that Solana would need three clients to be sufficiently decentralized at the client level.

부인 성명:info@kdj.com

제공된 정보는 거래 조언이 아닙니다. kdj.com은 이 기사에 제공된 정보를 기반으로 이루어진 투자에 대해 어떠한 책임도 지지 않습니다. 암호화폐는 변동성이 매우 높으므로 철저한 조사 후 신중하게 투자하는 것이 좋습니다!

본 웹사이트에 사용된 내용이 귀하의 저작권을 침해한다고 판단되는 경우, 즉시 당사(info@kdj.com)로 연락주시면 즉시 삭제하도록 하겠습니다.

2025年06月10日 에 게재된 다른 기사