Home
News
Details

Zcash Foundation Releases Zebra 4.5.1 Emergency Update to Fix Critical Consensus Vulnerability

icon MarsBit
Share
Share IconShare IconShare IconShare IconShare IconShare IconCopy
This is the logo of the coin.
ZEC
$386.4973.77%
AI summary iconSummary

expand icon
The Zcash Foundation has released Zebra 4.5.1 to address a critical flaw in the consensus mechanism. The vulnerability, GHSA-2prc-cj5x-4443, involves incorrect sigop counts in P2SH transactions, posing a risk of consensus forks. This update corrects an incomplete fix from version 4.5.0. The issue stems from inconsistent sigop counting logic across implementations, which could cause nodes to validate transactions differently. The fix adjusts the Rust code to align with protocol specifications. The foundation warns that no workaround exists and urges users to upgrade immediately to prevent chain splits. Nodes running older versions may diverge from the correct chain under Nakamoto consensus rules.

Zcash Foundation has announced the release of Zebra 4.5.1 to address a consensus-level security vulnerability and strongly urges all node operators to upgrade immediately. The vulnerability, identified as GHSA-2prc-cj5x-4443, involves an incorrect sigop (signature operation) count in P2SH transactions, potentially leading to a consensus fork. This update corrects an incomplete fix introduced in version 4.5.0, which was released yesterday. The Zcash development team explained that the issue stems from discrepancies in sigop counting logic across implementations, which could cause nodes to produce different validation results and compromise chain consensus consistency. The fix resolves this by reverting and adjusting the Rust implementation logic to align with the protocol’s expected behavior. The Zcash Foundation emphasized that there is currently no workaround for this issue, and upgrading to 4.5.1 is the only way to ensure nodes remain on the correct chain and avoid potential fork risks.

Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.