![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
![]() |
|
加密货币新闻
The Solana Foundation has revealed that a critical vulnerability affecting its Token-2022 standard was quietly patched in April, averting what could have been a catastrophic breach.
2025/05/05 16:36
A critical vulnerability affecting Solana’s Token-2022 standard was patched in April, according to a statement by the Solana Foundation.
The bug, which affected a specific feature in Solana’s Token-2022 framework known as “confidential transfers,” could have been exploited to mint an unlimited number of tokens or withdraw funds from any account without authorization.
This feature relies on zero-knowledge cryptography, specifically the ZK ElGamal proof system, to enable private transactions. However, a missing algebraic component in a hash used for cryptographic verification left the door open for manipulation.
With this flaw, a malicious actor could forge a valid cryptographic proof. Such a fake proof would grant them the ability to mint new tokens or drain existing accounts without detection.
The issue was first reported on April 16 and was fixed within two days. The fix was coordinated by core development teams from Anza, Jito, and Firedancer, with additional support from Asymmetric Research, Neodyme, and OtterSec.
No exploit was observed, and the bug was patched quickly. However, the revelation caused some market jitters.
After news of the vulnerability broke, the combined value of these tokens dropped by around 5%, settling at $16.1 million.
The Solana Foundation’s decision to keep the issue quiet drew mixed reactions. Some critics argued that the manner in which validators quickly came together to coordinate such a complex fix reflects an uncomfortable level of centralization within the network.
One community member questioned whether validators could use similar coordination to carry out or cover up harmful actions in the future.
However, others defended the approach, adding that silent patches are a standard best practice when dealing with zero-day bugs. Industry veterans, including developers from Bitcoin and Polygon, said these behind-the-scenes efforts prevent real-time exploits while teams work on a secure fix.
Hudson James, a VP at Ethereum layer-2 network developer Polygon Labs, said: “This is totally fine. Bitcoin, Zcash, and Ethereum have all had instances where the core devs needed to privately plan a secret bug fix. A good chain culture means having mature devs who can accomplish stealth fixes.”
Anatoly Yakovenko, co-founder of Solana, also noted that validator coordination is not unique to his blockchain network. He compared the process to similar consensus-building mechanisms on Ethereum, which would usually involve validators like Lido, Binance, Coinbase, and Kraken.
免责声明:info@kdj.com
所提供的信息并非交易建议。根据本文提供的信息进行的任何投资,kdj.com不承担任何责任。加密货币具有高波动性,强烈建议您深入研究后,谨慎投资!
如您认为本网站上使用的内容侵犯了您的版权,请立即联系我们(info@kdj.com),我们将及时删除。
-
-
- BlockDag(BDAG)在今天投资的顶级加密货币中脱颖而出
- 2025-06-13 03:15:12
- 加密市场提供了丰富的投资机会,投资者必须专注于具有强大增长潜力和现实世界中应用的硬币。
-
- BlockDag(BDAG)是否是在其潜在的NBA交易后爆炸的下一个加密货币?
- 2025-06-13 03:15:12
- 桌子上有球场品牌和潜在的限量版NFT,BlockDag可能会带来下一个加密货币爆炸
-
- 拖钓猫:模因不仅是在周围的小丑
- 2025-06-13 03:12:15
- 目前在其预售的第8阶段中,它从发布中获得了319.8%的收益,并在列出时提供了预计2429.30%的投资回报率。
-
-
- 比特币国库策略正在恢复僵尸公司
- 2025-06-13 03:00:12
- 越来越多的上市公司陷入困境 - 技术上的溶剂,但战略性停滞。增长蒸发了。
-
- BlockDag(BDAG)可能是下一个最大的Altcoin
- 2025-06-13 03:00:12
- 免责声明:以下文章是赞助的,其中的观点并不代表Zycrypto的观点。
-
-