5-5-2025 – A critical flaw in the Solana blockchain’s ZK ElGamal Proof program, which underpins the secure handling of Token-2022 confidential transfers, was swiftly addressed in a coordinated response by engineers and security experts, ensuring no funds were compromised. On 16 April 2025, a vigilant report submitted to the Anza Github Security Advisory exposed a vulnerability, accompanied by a proof of concept. This flaw, confined to the ZK ElGamal Proof program, could have allowed a skilled attacker to craft fraudulent proofs, potentially enabling unauthorised actions such as minting unlimited tokens or siphoning funds from accounts holding Token-2022 confidential tokens.
The issue stemmed from an oversight in the program’s implementation of the Fiat-Shamir Transformation, a method used to generate non-interactive zero-knowledge proofs. Certain algebraic components were omitted from a crucial hash function, undermining the integrity of the proof verification process. Fortunately, no exploits were detected, and engineers from Anza, Firedancer, and Jito promptly mobilised to assess the vulnerability. Their analysis confirmed the potential for constructing invalid proofs that the system would erroneously accept as legitimate.
By 17 April, at 18:00 UTC, the Solana Foundation and Jito teams began directly contacting validator operators to distribute a meticulously crafted patch. However, later that evening, at around 23:00 UTC, a second vulnerability in a related section of the codebase was uncovered, necessitating an additional patch. Both fixes underwent rigorous scrutiny by leading security firms—Asymmetric Research, Neodyme, and OtterSec—ensuring their robustness. By 20:00 UTC on 18 April, a supermajority of the network’s stake had adopted the patches, and at 21:01 UTC, the resolution was publicly announced via Discord. The Solana cluster now operates with fully patched versions, including Agave (v2.1.21 and above, v2.2.11 and above), Jito-Solana (v2.1.21-jito and above, v2.2.11-jito and above), and Firedancer (v0.411.20121 and above).
The Token-2022 program, which manages the core logic for token mints and accounts, remained unaffected and required no updates. Prior audits of the ZK ElGamal Proof program, combined with the swift response and thorough review of the patches, have restored confidence in the system’s security. With the network now fortified and no evidence of exploitation, the Solana ecosystem continues to operate securely, safeguarding all funds.
