Solana developers patched up a ZK ElGamal Proof program bug, which could have allowed a hacker to mint unlimited tokens and withdraw them from user accounts. According to the post-mortem analysis, a zero-day vulnerability was reported on 16 April 2025, to Anza’s GitHub Security Advisory. Following the report, “Engineers from Anza, Firedancer, and Jito began evaluating the report and confirmed that it allowed for the construction of arbitrary proofs that the ZK ElGamal Proof program would accept as valid. Engineers created a patch to address the reported issue.”
In particular, “In the on-chain ZK ElGamal Proof program, some algebraic components were not included in a hash used to generate a transcript for the Fiat-Shamir Transformation.” The Fiat Shamir Transformation is a cryptographic technique that turns an interactive proof into a non-interactive proof, using a hash function as a substitute for a verifier.
As such, a sophisticated attacker could use these unhashed components to develop a forged proof of an unauthorized action that passes verification. This vulnerability only affects Token-22 confidential tokens and allows an attacker to “perform unauthorized actions such as minting unlimited tokens or withdrawing tokens from any account.”
On 2025-04-17, the Solana Foundation and Jito teams began to contact validator operators directly to distribute the patch, and later on, it was determined that a second patch was needed to address a similar issue in another area of the code base.
However, instead of getting appreciation, the Solana network faced allegations of centralization for fixing the issue by contacting validators. A Curve Finance contributor wrote on X, “Why does someone have a list of all validators and their contact details?
What else are they talking about in those comms channels?
Now that regulators/countries/malicious actors know these channels exist, they are a centralized point of failure in their “decentralized” system.”
Responding to the allegation, the cofounder of Solana stated, “It’s the same set for Ethereum operators, bro. Trent can also ask them to patch their ETH clients.”
