Solana repairs error that could allow hackers to create and steal tokens

Bybus.zoon1.com


By Hannah Pérez

The Solana Foundation reported on the vulnerability and efforts of the team to patch it over the weekend. A malicious actor could have used to coin and steal tokens.

***

  • The Solana Patcha Foundation Critical vulnerability in the network.
  • The problem affected the ZK ELGAMAL PROOF program, related to the Token-2022 standard of Solana.
  • It would have allowed a malicious actor to coin and steal certain tokens.
  • The vulnerability was paved shortly after its finding and would not have been exploited.

Network developers Solarium They have repaired a “zero day” error that would have allowed malicious actors to coin certain tokens and withdraw them unauthorized from user accounts.

The Solana Foundationthe organization that manages the network published an autopsy report during the weekend revealing the vulnerability and efforts of the team to face it.

The vulnerability was first reported on April 16 through the security notice in Github of Anzawhich included a proof of concept. From that, the engineers of the development teams of Solarium, Anza, Firedance and JitoThey verified the error and began working in a solution immediately.

According to the publication, the problem affected the program ZK ELGAMAL PROOF, The system that verifies the zero knowledge tests (ZKP) that boost the confidential transfers of certain tokens that follow the Token-2022 standard of Solarium.

If he had been maliciously used, he would have allowed an attacker to theoretically coin an unlimited number of tokens or steal them from any user’s account using sophisticated counterfeit tests.

PARCHEA SOLANA Critical vulnerability

It is worth noting that the Token-2022 standard manages the main logic of the application for coinage and tokens accounts, while ZK ELGAMAL PROOF Verify the accuracy of zero knowledge tests to show precise accounts balances.

Zero or ZKP knowledge tests are a cryptographic method that allows someone to demonstrate that they know or have access to information, such as a password, without revealing as such information.

In cryptocurrency applications, this technology can be used to demonstrate that a transaction is valid without displaying specific amounts or addresses (otherwise they can be used by malicious actors for planning farms).

As explained COINDESKthe error occurred because some algebraic components were missing in the hash process during the Fiat-Shamir transformation-a standard method to make ZKP not interactive, that is, they can convert a round trip process into a unique test that anyone can verify.

A sophisticated attacker could falsify non -valid tests that the chain verifier would still accept. This would have allowed unauthorized actions, such as coining unlimited tokens or withdrawing Tokens of other accounts.

The patches to attend the error were distributed privately to the validators a day later, on April 17, after the rision of the signatures of independent security, Asymmetric Research, Neodyme and Ottersec. By April 18, a large majority of validators had adopted the solution and there is no indications that a malicious actor has exploited the error

All funds are safe, and no exploitation of potential vulnerability is known“, Says the publication of the Foundation.

Sun, native cryptocurrency Solarium1.12% price has fallen in the last 24 hours to negotiate at USD $ 143.9 at the time of publication, 5.5% less during the week, according to data from Coinmarketcap.

Hannah Estefanía Pérez / Diariobitcoin

Image of Unspash

WARNING: Diariobitcoin offers informative and educational content on various topics, including cryptocurrencies, AI, technology and regulations. We do not provide financial advice. Cryptactive investments are high risk and may not be adequate for all. Investigate, consult an expert and verify the applicable legislation before investing. I could lose all its capital.

Subscribe to our newsletter



Similar Posts

Bitcoin is being excluded from the demand for sure shelter, says JPMorgan

Bitcoin is being excluded from the demand for sure shelter, says JPMorgan

Bybus.zoon1.com

By Hannah Pérez While gold is benefiting from the feeling of risk aversion of investors seeking to take refuge in uncertain times, Bitcoin is staying behind. *** JPMorgan analysts come to Bitcoin staying as a refuge against gold. Investor activity leans less towards Bitcoin and more towards gold. Gold ETF tickets are triggered in the…

The sui cryptocurrency conquers the Mill City Treasury

The sui cryptocurrency conquers the Mill City Treasury

Bybus.zoon1.com

Galaxy Digital and other financial giants participate in the public offer. “The future belongs to cryptocurrencies, AI and stable currencies,” says Mill City. Mill City Ventures, a company specialized in non -bank loans that quotes in Nasdaq, announced that it will raise 450 million dollars through private placement to establish a corporate treasury based on…

Bitcoin investor tortured a “partner” for the password of their cryptoactives

Bitcoin investor tortured a “partner” for the password of their cryptoactives

Bybus.zoon1.com

An investor in cryptocurrencies, identified as John Woeltz, 37, was arrested in New York after being accused of keeping an Italian entrepreneur captive for more than two weeks in a luxurious apartment in the Soho neighborhood. According to the authorities, the objective of the kidnapping was to obtain the password of access to its digital…

Paypal cryptocurrency is released from the scrutiny of the SEC

Paypal cryptocurrency is released from the scrutiny of the SEC

Bybus.zoon1.com

Paypal’s stablecoin, Paypal Usd (Pyusd), has raffled a key chapter in its trajectory. The United States Stock Exchange and Securities Commission (SEC) He decided to abandon his research on this cryptocurrencya movement that frees the company from possible regulatory measures. This outcome, communicated by the company in a recent report, It arrives in a context…

Coinbase loses appeal not to share user data to the treasury

Bybus.zoon1.com

Coinbase resisted the Order of the Internal Revenue Service (IRS) for a year. According to the IRS, cryptoactive ones are frequently used to evade taxes. This Monday, the United States Supreme Court rejected an appeal that tried to block the Internal Revenue Service (IRS) to access information of more than 14,000 cryptocurrency users of Exchange…

USDT becomes the account unit in this Bolivia store

USDT becomes the account unit in this Bolivia store

Bybus.zoon1.com

It is a store located at the Viru Viru International Airport in Santa Cruz. Thus, the store is aligned with the international standard of valuation and complies with the Bolivian law. In the midst of the economic crisis of Bolivia, a country in which several dollar exchange rates coexist, the Stable Usdt cryptocurrency, issued by…