Ariel Gabizon

**Name of the Vulnerable Software and Affected Versions** Zcash versions before the Sapling network upgrade (2018-10-28) **Description** The issue concerns a counterfeiting vulnerability in the key-generation process related to polynomial evaluation for a to-be-proven statement. This allowed a cheating prover to bypass a consistency check, transforming the proof of one statement into an ostensibly valid proof of a different statement. As a result, the soundness of the proof system was broken, misleading the original Sprout zk-SNARK verifier into accepting the correctness of a transaction. **Recommendations** For Zcash versions before the Sapling network upgrade (2018-10-28), update to a version that includes the Sapling network upgrade to resolve the issue.