The Solana Foundation has successfully rectified a zero-day vulnerability that could have allowed an attacker to mint certain tokens and withdraw them from user accounts. According to a post-mortem report released on May 3 by the Solana Foundation, the security flaw, identified on April 16, posed a risk to Solana’s privacy-focused “Token-22 confidential tokens.” The vulnerability impacted two key programs, Token-2022 and ZK ElGamal Proof, responsible for token mints and account management. The issue stemmed from the omission of certain algebraic components from the hash in the Fiat-Shamir Transformation’s transcript generation. This lapse could have enabled an attacker to craft a forged proof to mint and steal Token-22 confidential tokens. Although no exploits of the vulnerability have been reported, the Solana validators have swiftly adopted the necessary patches to mitigate the risk. Notably, the Solana Foundation confirmed that all funds are secure. Despite the prompt fix, questions regarding centralization arose within the crypto community due to the Foundation’s private handling of the issue and its close relationship with Solana validators. Solana Labs CEO Anatoly Yakovenko defended the Foundation’s actions, highlighting that similar coordination exists within the Ethereum community in addressing security concerns. In a bid to enhance network resilience, Solana is set to introduce a new client, Firedancer, in the coming months. The community awaits further decentralization efforts to ensure robustness at the client level.