Solana fixes zero day vulnerability that may have led to unlimited issuance or theft of some tokens

The Solana Foundation announced that a serious "zero day" vulnerability affecting its network's confidential transmission function has been successfully fixed. The vulnerability was discovered on April 16th, and the foundation immediately secretly organized validators to coordinate network updates and completed the repair work within two days. This vulnerability involves the ZK proof system used to verify the confidential transmission of token-2022 standard tokens. If exploited, attackers can theoretically forge proof to infinitely mint specific tokens or steal these tokens from user accounts. The Solana Foundation stated that this vulnerability was not made public to ensure security until it was fixed. There is currently no evidence to suggest that the vulnerability has been actually exploited, and all user funds are secure. At the same time, it is pointed out that although the confidential transmission function has been online for some time, the current adoption rate is not high.