Zcash Releases Software Fix After Denial-of-Service Bug Discovery

The development team behind the zcash project has released a new software update following the discovery of a denial-of-service vulnerability.

Apr 14, 2017 at 3:31 p.m. UTC
Updated Sep 11, 2021 at 1:14 p.m. UTC

The development team behind the zcash project has released a new software update following the discovery of a denial-of-service vulnerability.

In a new blog post, developers Zooko Wilcox and Paige Peterson detailed how the bug could enable an attacker to crash a zcash node remotely by sending a certain kind of transaction.

The bug was traced to a change included in the project’s 1.0.4 release, related to how transactions are given priority in a node’s mempool. Word first emerged that a vulnerability had been discovered on Wednesday.

The post explained:

"ZcashCo, and several exchanges, wallet vendors, and miners have already deployed a mitigation as well as detectors for this attack vector. No attacks have been detected."

Zcash published an update addressing the bug, advising users to upgrade in order to eliminate the remote-crash risk. The team behind the project also said that, should signs emerge that an attack attempt is being made, it would issue alerts and coordinate with related services on a response.

Disclaimer: CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in Zcash Company.

Image via Shutterstock

The Festival for the Decentralized World
Thursday - Sunday, June 9-12, 2022
Austin, Texas
Save a Seat Now

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Trending

1
CoinDesk - Unknown
Sequoia's Guide to Surviving the 2022 Bear Market

Venture capitalists have gotten increasingly frantic over the last few months.

Venture capitalists have gotten increasingly frantic over the last few months.

CoinDesk - Unknown
2
CoinDesk - Unknown
NFT Art Museums Are a Good Idea

The metaverse turns galleries global, and helps fund the arts. This article is part of “Metaverse Week."

The metaverse turns galleries global, and helps fund the arts. This article is part of “Metaverse Week."

CoinDesk - Unknown
3
CoinDesk - Unknown
How the US Can Establish Itself as a Crypto Leader

Regulators have an opportunity to map out thoughtful, strategic policy on stablecoins and beyond.

Regulators have an opportunity to map out thoughtful, strategic policy on stablecoins and beyond.

CoinDesk - Unknown
4
CoinDesk - Unknown
No, the UK Is Not Going to Make USDC and USDT Legal Tender

For “legalize” read “regulate.”

For “legalize” read “regulate.”

CoinDesk - Unknown