Solana fixed a zero-day vulnerability that could have led to the unlimited issuance or theft of some tokens.

PANews May 5 news, the Solana Foundation announced that a serious "zero-day" vulnerability affecting the confidential transmission function on its network has been successfully resolved. The vulnerability was discovered on April 16, and the foundation quickly organized validators to coordinate a network update, completing the repair work within two days. This vulnerability involves the ZK proof system used for verifying the confidential transfer of Token-2022 standard tokens. If exploited, an attacker could theoretically forge proofs to mint unlimited specific tokens or steal these tokens from user accounts. The Solana Foundation stated that this vulnerability was not disclosed before the fix was completed to ensure security. Currently, there is no evidence that the vulnerability has been exploited, and all user funds are safe. It also pointed out that although the confidential transfer feature has been online for some time, the adoption rate is currently low.