·   · 7 posts
  •  · 1 friends

Vulnerability in Zcash Could Allow IP Addresses of Full Network Nodes

An error in all implementations of Zcash and most of its forks allows you to reveal the IP address of the full node to which the protected address belongs (zaddr).

Komodo developer Jonathan Leto said on the blog that the bug has existed since the Zcash protocol and is present in all branches of the source code. The vulnerability allows metadata leakage, including the IP addresses of nodes, which “strongly contradicts” the principles of Zcash development.

According to the report, the vulnerability could affect anyone who published their secure address or provided it to a third party.

A detected error will not lead to data leakage if the user only sent funds to other zaddr but did not receive it. It eliminates the value of IP address disclosure for attackers using the Tor browser, Komodo developer recalled.

Summer brought a complete list of affected coins: Zcash (ZEC), Hush (HUSH), Pirate (ARRR), Horizen (ZEN), Zero (ZER), VoteCoin (VOT), Snowgem (XSG), BitcoinZ (BTCZ), LitecoinZ ( LTZ), Zelcash (ZEL), Ycash (YEC), Arrow (ARW), Verus (VRSC), Bitcoin Private (BTCP), ZClassic (ZCL), Anon (ANON) and all Komodo smart chains (KMD). He recalled that KMD had historically had zaddr, but the feature was subsequently disabled.

Recall that previously in Zcash, a vulnerability was fixed that allowed attackers to create an unlimited number of non-existent ZECs.

  • 15
Comments (0)