The development team behind the zcash project has released a new software update following the discovery of a denial-of-service vulnerability.
In a new blog post, developers Zooko Wilcox and Paige Peterson detailed how the bug could enable an attacker to crash a zcash node remotely by sending a certain kind of transaction.
The bug was traced to a change included in the project’s 1.0.4 release, related to how transactions are given priority in a node’s mempool. Word first emerged that a vulnerability had been discovered on Wednesday.
The post explained:
Zcash published an update addressing the bug, advising users to upgrade in order to eliminate the remote-crash risk. The team behind the project also said that, should signs emerge that an attack attempt is being made, it would issue alerts and coordinate with related services on a response.
Disclaimer: CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in Zcash Company.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.