Solana Foundation Addresses Critical Security Program Bug Vulnerability

The Solana Foundation recently disclosed a significant security issue within its ZK ElGamal Proof program, a critical component of the Solana blockchain’s Token-2022 confidential transfer system. On April 16, 2025, a potential vulnerability was reported through the Anza Github security advisory, accompanied by a proof of concept. Fortunately, no known exploits have occurred, and swift action by the Solana ecosystem has ensured the network’s integrity.

The vulnerability originated in the ZK ElGamal Proof program, which verifies zero-knowledge proofs to certify the validity of encrypted balances in transactions and accounts. These proofs rely on the Fiat-Shamir Transformation, a cryptographic method that converts interactive zero-knowledge protocols into non-interactive systems using a hash function to generate public randomness.

The bug stemmed from a failure to include certain algebraic components in the hash used for the Fiat-Shamir Transformation transcript. This oversight could have allowed a sophisticated attacker to forge a proof, potentially enabling unauthorized actions such as minting unlimited Token-2022 confidential tokens or withdrawing tokens from any account. The issue was confined to the ZK ElGamal Proof program and did not affect the broader Token-2022 program, which manages token mints and accounts.

Rapid Response and Patch Deployment

Upon receiving the report, engineers from Anza, Firedancer, and Jito promptly evaluated the vulnerability and confirmed its severity. They developed an initial patch to address the issue, which was reviewed by reputable security firms Asymmetric Research, Neodyme, and OtterSec. On April 17, 2025, at approximately 18:00 UTC, the Solana Foundation and Jito teams began contacting validator operators to distribute the patch. However, later that day, at around 23:00 UTC, engineers identified a similar issue in another section of the codebase, necessitating a second patch. This, too, underwent rigorous review by the same security firms before distribution.

By April 18, 2025, at 20:00 UTC, a super majority of Solana’s stake had adopted the patches, and the update was publicly announced on Discord at 21:01 UTC. The patched versions include Agave (v2.1.21 and v2.2.11 or higher), Jito-Solana (v2.1.21-jito and v2.2.11-jito or higher), and Firedancer (v0.411.20121 or higher). A prior audit of the ZK ElGamal Proof program, combined with the thorough review of the patch commits, ensured the fix was robust. The Solana cluster has fully adopted the patches, and no funds are at risk.

This incident demonstrates the strength of Solana’s collaborative ecosystem and its proactive approach to security. The responsible disclosure of the vulnerability, coupled with the rapid coordination among developers, validator operators, and security experts, prevented any exploitation. For users and developers relying on Solana’s Token-2022 confidential transfers, this resolution reinforces confidence in the network’s resilience.