Solana fixes critical vulnerability in Token-2022 Program
Take action: You can't do anything about this flaw, it's already patched. But you should take away two lessons: (1) Never try to write your own cryptography, because that usually ends up with a flawed implementation. Use well known deeply tested libraries. (2) Cryptocurrency is not that decentralized, as seen from this patch effort. Who knows what other centralized decisions can be made?
Learn More
Solana developers have patched a zero-day vulnerability that could have allowed attackers to mint unlimited amounts of certain tokens and potentially withdraw them from user accounts. This flaw was discovered on April 16, 2025, and has since been fully remediated with no known exploits having occurred.
The security issue affected Solana's privacy-enabling "Token-22 confidential tokens" through a flaw in the following components:
- Token-2022 program (handles main application logic for token mints and accounts)
- ZK ElGamal Proof program (verifies correctness of zero-knowledge proofs for account balances)
The vulnerability stemmed from algebraic components being omitted from the hash in the Fiat-Shamir Transformation's transcript generation. This oversight could have enabled an attacker to forge invalid proofs that would pass verification, potentially allowing:
- Unauthorized minting of Token-22 confidential tokens
- Theft of such tokens from user accounts
After identifying the vulnerability on April 16, the Solana Foundation coordinated a rapid response:
- Two security patches were developed to address the issues
- A super majority of Solana validators adopted the patches within approximately two days
- Key development firms involved in the fix included Anza, Firedancer, and Jito
- Additional assistance came from Asymmetric Research, Neodyme, and OtterSec
The Solana Foundation has confirmed that all funds remain safe, with no known exploits of the vulnerability having occurred before patching.
The private handling of this security issue has sparked debate within the crypto community about Solana's centralization. Some critics raised concerns about the foundation's relationship with validators and the potential for transaction censorship or chain rollbacks.
Solana Labs CEO Anatoly Yakovenko defended the approach, suggesting that Ethereum's community would coordinate similarly in the face of a serious security bug. However, Ethereum community member Ryan Berckmans contested this comparison, noting that:
- Ethereum has better client diversity (no client exceeding 41% market share)
- Solana currently relies primarily on one production-ready client (Agave)
Solana is working to improve its client diversity with the upcoming release of Firedancer, though critics argue that three clients would be necessary for sufficient decentralization at the client level.
This incident follows a similar critical vulnerability that was resolved behind the scenes in August, reinforcing ongoing discussions about the balance between security coordination and decentralization in blockchain networks.
