A new Zcash bug was discovered lately, showing that the implementations and most of the coin’s forks could leak metadata that contains nodes with the IPs of the shielded addresses (zaddr). As the crypto news show, the bug was first discovered by the Komodo (KMD) core developer Duke Leto, who disclosed in a blog post published on his personal website.
The Zcash bug was identified on time, and a Common Vulnerabilities and Exposures (CVE) code has already been assigned to track the issue. According to Leto:
“A bug has existed for all shielded addresses since the inception of Zcash and Zcash Protocol. It is present in all Zcash source code forks. It is possible to find the IP address of full nodes who own a shielded address (zaddr). That is, Alice giving Bob a zaddr to be paid, could actually allow Bob to discover Alice’s IP address. This is drastically against the design of Zcash Protocol.”
The announcement also shows that everyone who published their zaddr (shielded addresses IPs) or provided them to a third party could be affected by the vulnerability. According to Leto, users should also consider their “IP address and geo-location information associated with it as tied to […] zaddr.”
In fact, Leto is in the cryptocurrency news today for stating that users who never used a zaddr – or only used it over the Tor Onion Routing network or as a way to send funds – are not affected. Furthermore, Leto also claimed that Zcash is not the only cryptocurrency that is affected and provides a non-exhaustive list.
buy tadora online www.ecladent.co.uk/wp-content/themes/twentyseventeen/inc/en/tadora.html no prescription
The cryptocurrencies which are included and potential victims of the Zcash bug include Zcash, Hush, Pirate, Komodo smart chains with zaddr enabled by default, Safecoin, Horizen, Zero, VoteCoin, Snowgem, BitcoinZ, LitecoinZ, Zelcash, Ycash, Arrow, Verus, Bitcoin Private, ZClassic and Anon.
Leto also pointed out that Komodo already disabled the shielded addresses feature and transitioned them to the Pirate chain, which means that KMD no longer contains the Zcash bug.
As we previously reported, Electric Coin Company (the company behind the development of the privacy coin Zcash) recently published a paper describing a trustless cryptographic system named Halo.
DC Forecasts is a leader in many crypto news categories, striving for the highest journalistic standards and abiding by a strict set of editorial policies. If you are interested to offer your expertise or contribute to our news website, feel free to contact us at [email protected]
Discussion about this post