Solana Token-2022 confidentiality Token vulnerability repair in progress Temporarily disable ZK ElGamal proof program

[Coin World] On June 27, news from the Solana Foundation’s official blog reports that security researchers have identified a potential vulnerability in the ZK ElGamal Proof program and have informed stakeholders in the Solana ecosystem. The report includes a proof of concept (PoC) for the vulnerability, which has not yet been found to be exploited. It is assessed that the vulnerability could allow attackers to construct arbitrary proofs and bypass validation, affecting the Token-2022 confidential tokens, enabling illegal operations such as unlimited minting. To respond promptly, on June 11, the relevant team updated the upgradeable Token-2022 program, first disabling the confidential transfer feature. On June 13, an emergency upgrade request was sent to the Solana technical Discord, asking operators to upgrade the software to disable the ZK ElGamal proof program. On June 19, at the start of Mainnet-testnet epoch 805, the program was formally disabled through a feature activation. Currently, the Token-2022 functionality using ZK ElGamal is mostly utilized by innovative products in testing; mainstream stablecoins, although initialized for confidential transfers, have not been opened to users, resulting in very low actual usage and minimal impact. The program will be re-enabled after auditing and issue resolution, which is expected to take several months.