TL;DR
- Solana fixed a critical flaw in its ZK ElGamal Proof program that allowed false transactions to be validated and unbacked tokens to be generated.
- The bug was detected on April 16, and after two patches reviewed by external firms, over 66% of the network now runs secure versions.
- Despite the vulnerability and a temporary 1.6% drop, Solana maintains strong activity, with SOL near $144 and fees surpassing Ethereum.
Solana resolved a critical vulnerability that affected one of its zero-knowledge proof programs, used to validate confidential transfers on its network.
The issue, detected on April 16, 2025, allowed invalid proofs to be generated and, in theory, made it possible to issue unbacked tokens or siphon funds from accounts operating under Token-2022. Although no attacks were recorded, the discovery raised alarms due to the potential risk it posed.
The flaw originated in the implementation of the Fiat-Shamir scheme, an essential technique for converting interactive proofs into non-interactive ones. Algebraic components were missing in one of the hash functions used during proof verification. This weakened the process and allowed a fraudulent proof to pass as valid. Teams from Anza, Firedancer, and Jito analyzed the issue and confirmed its scope. The vulnerability directly affected the ZK ElGamal Proof program, while Token-2022, responsible for issuance logic and account management, did not require adjustments.
The Network Gradually Accommodates
On April 17, updates began to roll out privately to operators. Hours later, a second weakness was identified in another part of the code, forcing an additional patch to be issued. Security firms like Asymmetric Research, Neodyme, and OtterSec reviewed both fixes before their general deployment. By April 18, over 66% of the network’s validators were already running the corrected versions, and shortly after, the Solana Foundation officially announced the resolution.
The discreet handling of the situation drew criticism within the Solana community. Several users questioned the decision to keep communications closed with validators, as this can favor information concentration and the risk of operator agreements.
Solana Recovers with Help from Pump.fun
Despite this incident and a recent down day, which saw a 1.6% drop, Solana maintains solid market performance. After recovering 20% in April, SOL’s price hovers around $144 and aims to surpass $200. In addition, meme coin trading volume boosted its fee revenues, surpassing Ethereum for nine consecutive weeks. The Pump.fun platform raised $294 million in fees so far in 2025
