Zcash developers temporarily suspended Orchard transactions after discovering a critical vulnerability in the privacy-focused blockchain’s latest shielded pool, then restored functionality through an emergency network upgrade.
On Wednesday, the Zcash Foundation said the vulnerability affected Orchard’s zero-knowledge proof circuit and could have allowed invalid state transitions within the pool. However, the Foundation said there was no evidence that the bug was exploited, no unauthorized value creation was detected, and user privacy was not affected.
The fix was carried out through a two-step emergency upgrade. Zebra 4.5.3 temporarily disabled Orchard actions, while Zebra 5.0.0 activated the NU6.2 upgrade to re-enable Orchard with a corrected circuit, according to the Foundation.
Trending: She got a hysterectomy to become a man — then Jesus wrecked her plans
The emergency response shows how a bug in core privacy infrastructure can require coordinated action across miners, exchanges and node operators, even when user funds and total supply are not affected.
The upgrade also appeared to have caused confusion across parts of the Zcash ecosystem. One
Continue reading
Join the conversation!
Please share your thoughts about this article below. We value your opinions, and would love to see you add to the discussion!