Solana bug fix provokes government debate amid security

📌 Solana bug fix provokes government debate amid security vulnerability in ZK

Solana developers have identified a bug in the Token-2022 program that affected confidential Token-22 tokens. . Solana

– Solana developers have identified a bug in the Token-2022 program that affected confidential Token-22 tokens.

The bug in the ZK ElGamal Proof program allowed forging a zero-disclosure proof, which theoretically opened the door for attackers to issue an unlimited number of tokens or empty users’ accounts.

An autopsy conducted by the Solan Foundation on May 3, 2025, confirmed that there were no exploits and all funds were intact. The problem lay in missing algebraic components in the Fiat-Shamir transform, one of the key features of Solana’s private data transfer protocol.

the Foundation, in conjunction with Anza, Firedancer, and Jito, released two patches in a matter of days. By April 18, most validators had applied the patches, keeping the network stable.

cybersecurity companies Asymmetric Research, Neodyme and OtterSec also provided support. The rapid response shows that Solana secures the Token-2022 standard, which supports advanced features such as encrypted transfers for private transactions.

The patch itself, while successful, has raised concerns about the Solana Foundation’s closed coordination with validators.

Critics, including Curve Finance employee and Ethereum community member Ryan Berkmans, called the approach centralized and expressed fears of collusion between validators.

the problem is that it was done behind the scenes.

How did someone get a list of all the validators and their contact information?

What else are they communicating about in these communication channels?

Solana Labs CEO Anatoly Yakovenko defended this strategy in a May 3, 2025 post X, stating that closed coordination was necessary to quickly address the zero-day vulnerability. He also added that Ethereum validators could engage in similar coordination.

CloutedMind community member spoke out about the trade-off between security and decentralization in post X of April 17, 2025. This incident followed similar concerns in 2024 about the coordination of Solana validators.

Am I getting this right?

The bug fix revealed security issues with advanced blockchain features, such as confidential transfers that rely on zero-disclosure proofs.

While the project’s quick response avoided losses, the centralization controversy could damage its reputation, especially since Bloomberg Intelligence raised the probability of approval for the Solana ETF to 90% on April 30, 2025.