From c646632223f937c89d1d5f07d0694b870ad5c0eb Mon Sep 17 00:00:00 2001 From: Jay Graber Date: Thu, 29 Sep 2016 21:02:59 -0700 Subject: [PATCH 1/4] Link to z.cash on security-warnings.md --- doc/security-warnings.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/doc/security-warnings.md b/doc/security-warnings.md index 35e6dee8..26a25396 100644 --- a/doc/security-warnings.md +++ b/doc/security-warnings.md @@ -4,8 +4,7 @@ Security Warnings Security Audit -------------- -Zcash has not yet been subjected to a formal third-party security review. This -section will be updated with links to security audit reports in the future. +Zcash has been subjected to a formal third-party security review. For high priority security announcements, check https://z.cash. x86-64 Linux Only ----------------------- From a9ca16013dd35fbee4faffd3fd2e1715dcb2572e Mon Sep 17 00:00:00 2001 From: Jay Graber Date: Thu, 29 Sep 2016 23:35:54 -0700 Subject: [PATCH 2/4] Add section abt confs and reorgs to security-warnings.md --- doc/security-warnings.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/doc/security-warnings.md b/doc/security-warnings.md index 26a25396..62b728c8 100644 --- a/doc/security-warnings.md +++ b/doc/security-warnings.md @@ -4,7 +4,7 @@ Security Warnings Security Audit -------------- -Zcash has been subjected to a formal third-party security review. For high priority security announcements, check https://z.cash. +Zcash has been subjected to a formal third-party security review. For high priority security announcements, check https://z.cash. x86-64 Linux Only ----------------------- @@ -43,3 +43,8 @@ REST Interface The REST interface is a feature inherited from upstream Bitcoin. By default, it is disabled. We do not recommend you enable it until it has undergone a security review. + +Confirmations and Reorgs +---------------------------- + +When using a low number of minimum confirmations, users should be aware of new behavior in Zcash that differs significantly from Bitcoin. In the case of a blockchain reorganization, Bitcoin's coinbase maturity helps ensure that any reorg shorter than the maturity interval will not invalidate any of the rolled-back transactions. However for Zcash, all JoinSplits which were anchored within the reorg interval will become invalid, rolling back transactions and reverting funds to the original owner. The transaction rebroadcast mechanism inherited from Bitcoin will not successfully rebroadcast transactions containing JoinSplits if the anchor needs to change--the JoinSplit creator must do that. From 28799d8bd962bb3e355c92216745c7969ddce4a1 Mon Sep 17 00:00:00 2001 From: Jay Graber Date: Mon, 3 Oct 2016 10:41:47 -0700 Subject: [PATCH 3/4] Update wording --- doc/security-warnings.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/security-warnings.md b/doc/security-warnings.md index 62b728c8..83c297d1 100644 --- a/doc/security-warnings.md +++ b/doc/security-warnings.md @@ -44,7 +44,9 @@ The REST interface is a feature inherited from upstream Bitcoin. By default, it is disabled. We do not recommend you enable it until it has undergone a security review. -Confirmations and Reorgs +Block Chain Reorgs ---------------------------- -When using a low number of minimum confirmations, users should be aware of new behavior in Zcash that differs significantly from Bitcoin. In the case of a blockchain reorganization, Bitcoin's coinbase maturity helps ensure that any reorg shorter than the maturity interval will not invalidate any of the rolled-back transactions. However for Zcash, all JoinSplits which were anchored within the reorg interval will become invalid, rolling back transactions and reverting funds to the original owner. The transaction rebroadcast mechanism inherited from Bitcoin will not successfully rebroadcast transactions containing JoinSplits if the anchor needs to change--the JoinSplit creator must do that. +Users should be aware of new behavior in Zcash that differs significantly from Bitcoin: in the case of a block chain reorganization, Bitcoin's coinbase maturity rule helps ensure that any reorg shorter than the maturity interval will not invalidate any of the rolled-back transactions. However for Zcash, all JoinSplits which were anchored within the reorg interval will become invalid, rolling back transactions and reverting funds to the original owner. The transaction rebroadcast mechanism inherited from Bitcoin will not successfully rebroadcast transactions containing JoinSplits if the anchor needs to change—the JoinSplit creator must do that. + +For receivers of funds from a JoinSplit, using a higher minconf can help mitigate the risk of relying on funds received from transactions that may be rolled back. From 3620caa464659ff1e6ea449b184f62aa1d1d6b30 Mon Sep 17 00:00:00 2001 From: Jay Graber Date: Mon, 3 Oct 2016 11:28:24 -0700 Subject: [PATCH 4/4] Final edits --- doc/security-warnings.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/security-warnings.md b/doc/security-warnings.md index 83c297d1..5b9ede69 100644 --- a/doc/security-warnings.md +++ b/doc/security-warnings.md @@ -44,9 +44,9 @@ The REST interface is a feature inherited from upstream Bitcoin. By default, it is disabled. We do not recommend you enable it until it has undergone a security review. -Block Chain Reorgs +Block Chain Reorganizations ---------------------------- Users should be aware of new behavior in Zcash that differs significantly from Bitcoin: in the case of a block chain reorganization, Bitcoin's coinbase maturity rule helps ensure that any reorg shorter than the maturity interval will not invalidate any of the rolled-back transactions. However for Zcash, all JoinSplits which were anchored within the reorg interval will become invalid, rolling back transactions and reverting funds to the original owner. The transaction rebroadcast mechanism inherited from Bitcoin will not successfully rebroadcast transactions containing JoinSplits if the anchor needs to change—the JoinSplit creator must do that. -For receivers of funds from a JoinSplit, using a higher minconf can help mitigate the risk of relying on funds received from transactions that may be rolled back. +For receivers of funds from a JoinSplit, using a higher minconf (minimum number of confirmations) can help mitigate the risk of relying on funds received from transactions that may be rolled back.