Zcash resolved a critical technical vulnerability!
Zcash resolved a critical technical vulnerability!
Zcash has reported that a vulnerability that could have allowed an attacker to infinitely mint his platform has been patched. This was revealed by the company in a publication on its official Zcash blog in February 2019.
They point out that eleven months ago, they detected a cryptocurrency forgery vulnerability that underlies some kinds of zero knowledge tests. They also noted that it was resolved with the update of the Sapling network last October:
“The falsification vulnerability was corrected with the updating of the Sapling network that was activated on October 28, 2018. The vulnerability was specific to the forgery and did not affect the user’s privacy in any way. Before its remediation, an attacker could have created a fake Zcash without being detected.”
Ariel Gabizon, an engineer at Zerocoin Electric Coin Company, the company behind Zcash, discovered this vulnerability the night before the Financial Cryptography 2018 conference in March 2018, in which he gave a talk. On the same day, Gabizon contacted Sean Bowe, a Zcash cryptographer.
In order to correct the vulnerability, a solution was included in the Sapling network in a covert manner in order to prevent its exploitation. Reportedly, the error was in the variant of zk-SNARKs, the type of cryptography that provides protection to the network allowing transactions to be anonymous. This had been implemented independently in other projects.
It is important to note that Horizen, known in the past as ZenCash, and the blockchain of Komodo presented the same vulnerability.
According to the information provided, the Zcash team revealed the solution to the Horizen security team and the Komodo developers by encrypted email.
The correspondence has been cited in the publication of Zcash, and as indicated in it, Horizen and Komodo took the measures according to the recommendations specified in it.
The worst has been avoided, many Zcash investors could have lost a lot of money.
That’s why the Zcash team resolved the technical bug without telling anything so that they could fix it without having hackers knowing about the vulnerability to exploit it.