檢測到令牌2022標準的機密轉移中嚴重的零日缺陷

據稱，使用零知識證明保存交易保密的以隱私為中心的秘密轉讓與該問題有關

A severe zero-day flaw in the Token-2022 standard’s confidential transfer was detected by the Solana Foundation on April 16, 2025. The vulnerability enabled attackers to manipulate zero-knowledge proofs, which could lead to unauthorized token minting or theft of user assets.

索拉納基金會（Solana Foundation）於2025年4月16日檢測到了令牌標準標準的嚴重零日缺陷。該脆弱性使攻擊者能夠操縱零知識證明，這可能導致未經授權的標記造幣或盜竊用戶資產的盜竊。

While the issue was quickly resolved, with a fix being distributed within two days, the response has sparked a conversation about centralization in the Solana ecosystem.

雖然問題很快解決了，但解決方案在兩天內分發，但回應引發了關於索拉納生態系統集中化的對話。

As per reports, the issue was linked to privacy-focused Token-2022 secret transfers, which use zero-knowledge proofs to preserve transaction secrecy. The flaw, if exploited, could allow an actor to mint an unlimited supply of tokens or drain assets from user accounts. Fortunately, no funds were lost in the incident.

根據報導，該問題與以隱私為重點的代幣-2022秘密轉移有關，該轉移使用零知識證明來保留交易保密。該缺陷，如果被利用，可以允許演員造成用戶帳戶中無限的令牌或排水資產的供應。幸運的是，事件中沒有損失資金。

Key contributors, including Anza, Firedancer, Jito, Asymmetric Research, Neodyme, and OtterSec, worked in coordinated efforts to patch the vulnerability. By April 18, the majority of validators had adopted the updated version of the code, securing the network from possible exploits. The Solana Foundation detailed the effectiveness of this response in a detailed post-mortem published on May 2.

包括Anza，Firendancer，Jito，不對稱研究，Neodyme和Ottersec在內的主要貢獻者，他們努力協調努力來修補脆弱性。到4月18日，大多數驗證者已經採用了該代碼的更新版本，從而使網絡免受可能的利用。 Solana基金會在5月2日發布的詳細驗屍中詳細介紹了這一反應的有效性。

But the private handling of the issue has also come under fire. Some argue that this undermines transparency as the Foundation chose not to disclose the vulnerability publicly until the fix was implemented.

但是，對問題的私人處理也受到了抨擊。有人認為，這會破壞透明度，因為基金會選擇在實施該問題之前不公開披露漏洞。

This approach has been criticized by some on platforms like X as it highlights centralization risks, given that a coordinated action of a handful of validators would raise questions about the decentralized nature of Solana.

鑑於少數幾個驗證者的協調行動會引起有關Solana的分散性質的疑問，因此某些方法強調了集中化風險，因此在X等平台上批評了這種方法。

Rapid Fix, Hidden Risks

快速修復，隱藏的風險

The Solana Foundation also published a post-mortem detailing the timeline of the incident. The vulnerability was detected on April 16, and we started to develop the solution right away. The patch was rolled out within 48 hours, and the network was stable. The report also confirmed that no user funds were lost, and the feature that allows users to conduct confidential transfers was secured against potential abuse.

索拉納基金會還發表了驗屍，詳細介紹了事件的時間表。 4月16日發現了漏洞，我們開始立即開發解決方案。該補丁在48小時內推出，網絡穩定。該報告還證實，沒有用戶資金丟失，並且允許用戶進行機密轉移的功能可抵抗潛在的濫用。

The resolution turned out successfully, but the lack of immediate public disclosure has stirred up the debate. And some stakeholders are concerned that users weren’t alerted to the risks before the fix went live, because the fix was rushed into place in a two-day window. They argue that this opacity could undermine the trust in Solana’s decentralization credentials as the platform is facing increasing regulatory scrutiny.

該決議成功地闡明了，但是缺乏直接的公開披露引起了辯論。而且一些利益相關者擔心用戶在修復之前沒有警告風險，因為修復程序已在為期兩天的窗口中趕到了位。他們認為，隨著平檯面臨越來越多的監管審查，這種不透明度可能破壞對索拉納的權力下放證書的信任。

As per a 2023 audit by Halborn, the Token-2022 program had vulnerabilities that allowed users to bypass transfer fees or move non-transferable tokens. These conflicts were settled, but the recent case highlights the lasting struggles of keeping safety when working on a quick-paced blockchain world.

根據Halborn的2023年審核，令牌2022計劃具有漏洞，使用戶可以繞過轉移費或移動不可轉移的代幣。這些衝突已經解決，但最近的案件突出了在快速節奏的區塊鏈世界上保持安全的持久鬥爭。

Also, the Foundation’s decision to put speed over transparency has been compared by some to the 2022 Terra–Luna collapse, which resulted in the loss of trust in centralized decision-making in blockchain networks. Solana’s situation may be different, but the incident illustrates that security and openness are two sides of the same coin.

此外，將基金會提高透明度的速度的決定已與2022 Terra-Luna崩潰進行了比較，這導致區塊鍊網絡中集中決策的信任喪失。 Solana的情況可能有所不同，但事件說明安全性和開放性是同一枚硬幣的兩個方面。

Centralization Concerns Take Center Stage

集中化問題是中心舞台

Solana’s decentralized structure has raised questions after swift coordination among validators. In a May 5 post on X, Neoma Ventures expressed concern about the fact that a small group was able to make so many changes so quickly, which raised the question of whether the level of centralization behind that would run contrary to the principles of blockchain technology. It is also in line with broader debates within the crypto community about governance and control.

索拉納（Solana）的分散結構在驗證者之間迅速協調後提出了問題。在5月5日的X上發布，Neoma Ventures對一個小組能夠如此迅速地進行瞭如此多的變化表示關注，這提出了一個問題，即背後的集中化水平是否會違反區塊鏈技術的原則。它也與加密貨幣社區中有關治理和控制的更廣泛的辯論一致。

Solana’s reliance on a proof-of-stake model as outlined in its white paper has long been discussed. The model allows for high scalability and speed at the expense of concentrating influence on a smaller number of validators. The recent incident has resulted in increased pressure on transparency and better disclosure standards to regain trust from users.

長期以來，討論了索拉納（Solana）對白皮書中概述的依賴股票證明模型。該模型允許高伸縮性和速度，而犧牲了對較小數量驗證器的集中影響。最近的事件導致透明度的壓力增加了，並更好地披露了用戶的信任。