5.3 KiB
ID | post_title | author | post_excerpt | layout | permalink | published | post_date |
---|---|---|---|---|---|---|---|
1617 | Security Announcement 2016-11-22 | Nathan Wilcox | post | https://blog.z.cash/security-announcement-2016-11-22/ | true | 2016-11-22 00:00:00 |
Synopsis: A cache invalidation bug may allow an attacker to trigger a chain fork causing pre-1.0.3 nodes to follow an invalid chain. A fix is implemented in zcashd release 1.0.3.
ZcashCo, and several exchanges, wallet vendors, and miners have already deployed a mitigation as well as detectors for this attack vector. No attacks have been detected.
Who is at Risk: Users are at risk only when two conditions are met simultaneously:
- They rely on zcashd releases older than 1.0.3, including 1.0.0, 1.0.1, and 1.0.2, AND
- A network-wide attack is executed to trigger a chain fork. This requires a majority of miners to run vulnerable software.
Who is not at Risk: Users who meet either of the following two conditions are not at risk:
- they have upgraded to zcashd 1.0.3, or rely on a service which has done so, OR
- no network-wide attack has succeeded (for example, because a sufficient portion of miners have mitigated the vulnerability).
How can at-risk users protect themselves?
- Upgrading to zcashd release 1.0.3 is the most certain protection.
- For users of third party services (such as exchanges, wallets, or mining pools), check if the service has announced upgrading to zcashd 1.0.3. If it hasn't, consider pausing use of that service until they announce an upgrade.
-
The Zcash developers will issue an in-band alert, causing all zcashd nodes to announce the potential attack.
-
ZcashCo will always announce known ongoing attacks in these places:
- a banner on every page of this website,
- the security notifications page of this website,
- the @ZcashCo twitter stream,
- the #zcash community chat room, and
- the Zcash forum.
-
ZcashCo will coordinate in private channels with major exchanges, wallet vendors, and mining outfits to alert them of the attack and to post their own announcements.
Impact: If a network attack is successfully executed (which requires a majority of mining capacity to be vulnerable) then only users running vulnerable clients will follow a chain fork that is invalid. Transactions on that fork will be rolled back as more miners upgrade to the valid fork.
Technical Background: Due to a cache invalidation bug, some nodes on the Zcash network will accept particular invalid transactions as valid [1]. If a majority of the network hashrate accepts an invalid transaction as valid, there could be a chain fork.
Followup Announcements:
- See the security notifications page for further updates on this issue, and any future security issue.
- Continue to check this blog.
[1] | Note that transaction validity is well specified by our protocol specification, Zcash protocol specification, v2016.0-beta-1.10; It is unambiguous that this security flaw is an implementation bug. |