- Flaw kept under wraps for eight months
- The vulnerability could have allowed infinite ZEC counterfeiting
- Zcash fixed the flaw in October 2018
Zcash (ZEC) has fixed and disclosed a vulnerability that could have enabled an attacker to counterfeit the coin infinitely. The company kept the dangerous flaw under wraps for eight months until they had developed and affected a much-needed fix.
Internal discovery
The company made the revelation via an official blog post this week, saying the vulnerability, which was discovered by a company employee, Ariel Gabizon, an engineer at the Zerocoin Electric Coin Company in March 2018, could have allowed attackers to create counterfeit ZEC on their network. Gabizon informed Sean Bowe, a cryptographer at the Zcash Company, the same day.
According to the Zcash Company, the flaw was the result of a “parameter setup algorithm” which “allows a cheating prover to circumvent a consistency check” that limits the number of ZEC being produced. While insisting there was no evidence that anyone had exploited the vulnerability, the company believes attackers would have been able to create an endless supply of the ZEC coin.
What followed was a secretive sequence of events by the developer team of the privacy-focused cryptocurrency to fix the severe flaw to prevent anyone from generating new Zcash funds from scratch without any upper limit. Due to the perceived seriousness of the flaw, the secret was kept between four tight-lipped people who knew anything to do with it before the release of the patch on October 2018. The four included cryptographers Ariel Gabizon and Sean Bowe, CEO Zooko and CTO Nathan Wilcox who manage to coordinate the fixing process.
Missed by auditors internal and external
According to Zcash development team, they were not afraid anyone else would have discovered the flaw but all the same, they took all the necessary precautions to prevent such a possibility. The team elaborated:
“Discovery of the vulnerability would have required a high level of technical and cryptographic sophistication that very few people possess […] the vulnerability had existed for years but was undiscovered by numerous expert cryptographers, scientists, third-party auditors, and third-party engineering teams who initiated new projects based upon the Zcash code.”
When ZEC fixed the flaw during the Zcash sapling network upgrade in October 2018, they notified other protocols the leveraged the same privacy technology the company uses including Komodo and Horizen so they could also patch up their networks. Accordingly, all projects that still employ the original Sprout protocol distributed during the Zcash initial launch are now considered insecure.
