Zcash, a prominent privacy coin, has published the details of a recent bug that would have allowed attackers to mint an unlimited amount of coins, essentially permitting them to create counterfeit Zcash tokens. The story has been quietly developing over the past year, but the Zcash Company has now revealed all of the details.
How the Bug Worked
Zcash is a privacy coin, meaning that the details of some transactions can only be seen by transaction participants. A system called Sprout is responsible for “shielding” these transactions, and according to Zcash developer Ariel Gabizon, an “attacker could create fake Sprout shielded notes containing … counterfeit funds without being detected.”
Both the discovery of the bug and the fix itself were kept secret in order to prevent any attackers from exploiting the bug. Gabizon discovered the bug last March and disclosed it to a handful of Zcash personnel. Meanwhile, the fix was delivered as part of October’s Sapling update, although it was not announced publicly until now.
Fortunately, the bug was very subtle and extremely difficult to exploit. Zcash indicates that several experts and auditors did not discover the vulnerability despite the fact that it had existed for several years. Furthermore, exploiting the bug would have required access to an MPC protocol transcript that Zcash quickly withdrew from public circulation.
Suggested Reading : Learn more about the best Zcash wallets today.
No Counterfeiting Detected
Still, the bug could have wrought havoc if it had been exploited, and Zcash has been watching for signs of counterfeiting. By monitoring the total amount of coins in the Sprout shielded pool, and by looking for certain footprints on the blockchain, the Zcash Company has been able to determine whether an attack took place.
So far, the Zcash Company has found no evidence that any counterfeiting has occurred. Although projects related to Zcash could be vulnerable, Zcash has indicated that two forks, Horizen and Komodo, were previously notified of the problem. This means that it is unlikely that counterfeiting activity has taken place on Zcash or its forks.
Incidentally, other coins have suffered from similar problems. In 2017, Monero developers discovered a similar bug in Cryptonote, which led to an attack on Bytecoin. Then, last year, Bitcoin was found to contain an inflation bug, leading to an attack on Pigeoncoin in which attackers minted fake coins and performed a 51% attack. In other words, this variety of problem is not exclusive to Zcash.