以前未知的以隐私为中心的令牌系统中的漏洞可能使攻击者能够伪造伪造的零知识证明

Solana基金会在其以隐私为中心的代币系统中披露了以前未知的漏洞

Solana (SOL) Foundation engineers have disclosed a previously undocumented vulnerability in its privacy-focused token system that could have been exploited by attackers to forge fake zero-knowledge proofs (ZKPs), potentially enabling unauthorized minting or withdrawals of tokens.

Solana（Sol）基金会工程师已经在其以隐私为中心的代币系统中透露了一个以前无证件的漏洞，该系统本来可以被攻击者利用，以伪造虚假的零知识证明（ZKP），并有可能实现未经授权的铸造或撤回令牌的戒断。

The vulnerability, first reported on April 16 through Anza’s GitHub security advisory and accompanied by a working proof-of-concept, was discovered by engineers from Solana development teams Anza, Firedancer, and Jito, who began working on a fix immediately, according to a post-mortem published Saturday.

据周六出版的邮局发布，该脆弱性是由Anza的GitHub安全咨询公司于4月16日首次报道的，并在工作证明的陪同下是由Solana Developments Anza，Firedancer和Jito的工程师发现的，他们开始立即进行修复。

The issue stemmed from the ZK ElGamAL Proof program, which verifies ZKPs used in Solana’s Token-22 confidential transfers. These extension tokens enable private balances and transfers by encrypting amounts and using cryptographic proofs to validate them.

该问题源于ZK Elgamal Proof计划，该计划验证了Solana的Token-22机密转移中使用的ZKP。这些扩展令牌可以通过加密量和使用加密证明来验证它们来实现私人余额和转移。

ZKPs are a cryptographic method that lets someone prove they know or have access to something, such as a password or age, without revealing the thing itself. In crypto applications, they can be used to prove a transaction is valid without showing specific amounts or addresses, which can otherwise be used by malicious actors to plan exploits.

ZKP是一种加密方法，可以让某人证明自己知道或可以访问某些东西，例如密码或年龄，而无需透露事物本身。在加密应用程序中，它们可用于证明交易有效，而无需显示特定的金额或地址，否则，恶意参与者可以将其用于计划利用。

The bug occurred because some algebraic components were missing from the hashing process during the Fiat-Shamir transformation—a standard method to make zero-knowledge proofs non-interactive. Non-interactive in this case refers to turning a back-and-forth process into a one-time proof anyone can verify.

之所以发生错误，是因为在菲亚特 - 沙米尔转换过程中缺少一些代数组件，这是一种使零知识证明非相互作用的标准方法。在这种情况下，非相互作用是指将来回流程变成任何人都可以验证的一次性证明。

A sophisticated attacker could forge invalid proofs that the on-chain verifier would still accept. This would have allowed actions such as minting unlimited tokens or withdrawing tokens from other accounts.

一名复杂的攻击者可以伪造无效的证据表明，链验证者仍将接受。这将允许诸如铸造无限令牌或从其他帐户中撤回令牌之类的行动。

The vulnerability did not affect standard SPL tokens or the main Token-2022 program logic. Patches were distributed privately to validator operators beginning April 17, and a second patch was pushed later that evening to address a related issue elsewhere in the codebase. Both were reviewed by third-party security firms Asymmetric Research, Neodyme, and OtterSec. By April 18, a supermajority of validators had adopted the fix.

该漏洞不会影响标准的SPL令牌或主要令牌-2022程序逻辑。从4月17日开始将补丁私人分发给验证器运营商，当晚晚些时候推出了第二个补丁，以解决代码库中其他地方的相关问题。这两者均由第三方安全公司不对称研究，Neodyme和Ottersec进行了审查。到4月18日，验证者的超级贡献已经采用了解决方案。

There is no indication that the bug was exploited, and all funds remain secure, according to the post-mortem.

据验尸说，没有迹象表明该错误是被利用的，所有资金仍然安全。