- The vulnerability was discovered by a cryptographer from Zcash Company in March 2018.
- Attackers could create fake Zcash coins in large numbers by exploiting this vulnerability.
Zcash, which is a popular cryptocurrency like Bitcoin and Ethereum, had a critical flaw which could have jeopardized its usability on a large scale. The vulnerability lied in zk-SNARK parameters, from the key generation method used in Zcash. It allowed attackers to create counterfeit Zcash in large numbers.
Ariel Gabizon, the cryptographer who uncovered this flaw, saw that zk-SNARK was having additional logical elements that led to a soundness bug. He found that zero-knowledge proofs which are used in Zcash could be faked by creation of false proofs due to the soundness bug. Thus, an attacker could create an unlimited amount of shielded coins where the verifier will be affected by the bug.
Patched in time
Zcash Company, the creators of Zcash, revealed in a blog that the vulnerability was patched completely. The company mentions that attackers needed to have specific information from Zcash’s MPC protocol transcript to exploit the flaw. Apparently, this transcript was removed as soon as the flaw was discovered but it was reconstructed once Zcash Company remedied the issue.
“While Zcash is no longer affected, any project that depends on the MPC ceremony used by the original Sprout system that was distributed in the initial launch of Zcash is vulnerable. This original Sprout system for shielded funds is comprised of the original Sprout circuit, the proving system using libsnark, and the parameters generated by an MPC ceremony. It was used by the 1.x series of Zcash software (which also carried the “Sprout” name),” indicated the blog.
Furthermore, Zcash team dug into the blockchain surrounding Zcash and claims to have found no exploitation by attackers. Interestingly, the company acknowledges that the counterfeit vulnerability was existing years ago that evaded the notice of security researchers.
Over the years, Zcash has been popular among cryptocurrency users mainly due to its ‘enhanced privacy’ feature compared to other coins.