Disclaimer: The opinions expressed by our writers are their own and do not represent the views of U.Today. The financial and market information provided on U.Today is intended for informational purposes only. U.Today is not liable for any financial losses incurred while trading cryptocurrencies. Conduct your own research by contacting financial experts before making any investment decisions. We believe that all content is accurate as of the date of publication, but certain offers mentioned may no longer be available.
In a recent tweet, Zcash Open Development Lab (ZODL) shares a security disclosure regarding vulnerabilities in zcashd and Zebra, which were discovered and patched, including a bug that could crash nodes handling certain Orchard transactions.
In this light, ZODL stated that it has released zcashd v6.12.1, and the Zcash Foundation has released Zebra v4.3.1, addressing four vulnerabilities, including an Orchard action-encoding bug that could crash nodes and a related consensus-split issue between the two clients.
Several vulnerabilities in zcashd and Zebra were discovered and patched, including a bug that could crash nodes handling certain Orchard transactions, a consensus enforcement gap between the two implementations that could have triggered a chain fork, a bug that could disable enforcement of zcashd’s turnstile accounting and undefined behavior due to unchecked integer arithmetic in pool balance calculations.
Mining pools running both implementations have already deployed patches, with no evidence that any of the bugs were exploited.
In addition, the vulnerabilities were not exploited to affect the consensus chain. Zcash maintains that all user funds remain safe, and user privacy was not at risk. None of these vulnerabilities could by themselves have been used to inflate the ZEC supply.
Both zcashd and Zebra required patches and were updated in coordination before public disclosure.
Mining pools representing a supermajority of the network’s hash power and the primary operator running Zebra in mining production deployed patches before the disclosure.
Zcash news
Zcash Shielded pool recently hit an all-time high, 31% of all ZEC is now in the encrypted pool. A year ago, it was 11%, but now 59% of transactions are shielded.
Zcash is actively testing NIST-standardized lattice-based cryptography (ML-KEM, ML-DSA) in a bid for post-quantum readiness. This comes after Google's March 31 paper showed quantum threats are 20x closer than expected.
Zcash Network's hash rate also set a new all-time high at 16.54 GS/s, indicating miners' commitment more than ever.
Dan Burgin
U.Today Editorial Team
