Solana Addresses Potential Vulnerability

The Solana Foundation and Jito teams directly contacted validators to address a discovered vulnerability. The bug was identified by Anza specialists.

info on ithttps://t.co/XlfHriQWNl

— Haiku (@H8KUcom) May 4, 2025

The issue concerned the ZK ElGamal proof program and theoretically affected confidential tokens issued under the Token-2022 program.

The bug involved certain algebraic components not being included in the hash during the Fiat-Shamir transformation. A skilled attacker could exploit the vulnerability to create fake proofs, allowing unauthorized actions such as minting unlimited coins and withdrawing them from any account.

Experts discovered the error on April 16 and began distributing a patch the following day. A second fix was required to address a similar issue in another part of the codebase. Most node operators implemented the necessary software changes by the evening of April 18.

“Since the error was limited to the ZK ElGamal Proof solution, no updates were required for the Token-2022 program. All funds are safe, and there are no known exploits of the potential vulnerability,” clarified the Solana Foundation team.

One commentator noted that fixing the bug quietly, simply by agreement with more than 70% of validators, suggests the possibility of a “zero day” on Solana.

Bro, it’s the same people to get to 70% on ethereum. All the lido validators (chorus one, p2p, etc..) binance, coinbase, and kraken. If geth needs to push a patch, I’ll be happy to coordinate for them.

— toly ?? (@aeyakovenko) May 4, 2025

“These are the same people who achieve 70% [consensus] on Ethereum. All Lido validators, Binance, Coinbase, and Kraken. If Geth needs to release a patch, I’ll be happy to coordinate their actions,” defended the actions of the team, Solana co-founder Anatoly Yakovenko.

At the end of April, the organization behind the project announced measures to enhance the network’s decentralization. 

According to Blockworks, Solana has 1,218 active validators. Data from Ethernodes shows that Ethereum’s execution layer is supported by 17,126 nodes, with operators of 11,025 using the Geth client. Meanwhile, 28% of the total ETH issuance is locked in staking, compared to 65% for SOL.  

Experts at Fidelity described Solana as a “serious competitor” to Ethereum. A similar opinion was expressed by JPMorgan.