Yet another Zcash bug
October 01, 2019 —
shinohai
Zcash is urging it's userbase to immediately upgrade their wallets and node software to apply an "important security fix". A bulletin issued by the developers released no details, but stated:
"Version 2.0.7-3 of Zcashd includes an important security fix in response to an issue that was reported to us on Friday September 13th 2019 by Florian Tramèr, Dan Boneh, and Kenneth G. Paterson. Users should upgrade their nodes to this version immediately and discontinue use of older versions. Please note that the issue does not put funds at risk of theft or counterfeiting. More details of the issue will be released in coordination with the reporters of the issue at a future date."
This latest undisclosed issue is the second reported flaw in Zcash this year alone, the first being a bug that was found that allowed one to print unlimited monies which the developers kept secret for 8 months.
UPDATE: The bug was disclosed by KMD developer Duke Leto, who stated:
“A bug has existed for all shielded addresses since the inception of Zcash and Zcash Protocol. It is present in all Zcash source code forks. It is possible to find the IP address of full nodes who own a shielded address (zaddr). That is, Alice giving Bob a zaddr to be paid, could actually allow Bob to discover Alice’s IP address. This is drastically against the design of Zcash Protocol.”
Tags: News, Cryptocurrency, Insecurity, Lulz
