PT-2019-18447 · Electric Coin Company · Zcash
Ariel Gabizon
·
Publicado
2019-03-27
·
Atualizado
2026-06-09
·
CVE-2019-7167
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Zcash versions before the Sapling network upgrade (2018-10-28)
Description
The issue concerns a counterfeiting vulnerability in the key-generation process related to polynomial evaluation for a to-be-proven statement. This allowed a cheating prover to bypass a consistency check, transforming the proof of one statement into an ostensibly valid proof of a different statement. As a result, the soundness of the proof system was broken, misleading the original Sprout zk-SNARK verifier into accepting the correctness of a transaction.
Recommendations
For Zcash versions before the Sapling network upgrade (2018-10-28), update to a version that includes the Sapling network upgrade to resolve the issue.
Exploit
Correção
Improper Check for Exceptional Conditions
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Zcash