zcash bug
Zcash Bug Metadata Leakage Could Reveal Full Nodes’ IP Addresses
September 30, 2019
zcash bug
Zcash Bug Metadata Leakage Could Reveal Full Nodes’ IP Addresses
September 30, 2019

Zcash bug could leak metadata revealing the information of the full nodes’ with shielded (zaddr) IP Addresses.

Duke Leto, Komodo (KMD), core developer published a blog post on his personal website. The issue has been assigned to track on September 27th, by assigning Common Vulnerabilities and Exposure Code.

“A bug has existed for all shielded addresses since the inception of Zcash and Zcash Protocol. It is present in all Zcash source code forks. It is possible to find the IP address of full nodes who own a shielded address (zaddr). That is, Alice giving Bob a zaddr to be paid, could actually allow Bob to discover Alice’s IP address. This is drastically against the design of Zcash Protocol.”

Duke Leto, Komodo (KMD) Core developer

The vulnerability could be affected by everyone who provided their zaddr to a third party or published their zaddr.

Leto claims that users should consider their “IP address and geo-location information associated with it as tied to […] zaddr.”

ALSO READ :  US Treasury sanctions North Korean Hackers for crypto theft

Duke Leto claims that users who used only the Tor Onion Routing network or those who never used a zaddr are not affected by the bug. He added that Zcash is not the only cryptocurrency who has been affected by the bug while providing a ‘non-exhaustive list.’

The cryptocurrencies included in the list are:-

  • Zcash
  • Hush
  • Pirate
  • Komodo smart chains with zaddr enabled by default
  • Safecoin
  • Horizen
  • Zero
  • VoteCoin
  • Snowgem
  • BitcoinZ
  • LitecoinZ
  • Zelcash
  • Ycash
  • Arrow
  • Verus
  • Bitcoin Private
  • ZClassic
  • Anon

Duke Leto adds that the shielded address has been disabled while being transitioned into the Pirate Chain which no longer contains the bug.


Disclaimer

Crypto News Point a news platform of Digital Notice Media Labs is primarily a regular publication of information, commentary and articles focused extensively on fintech, blockchain technology, cryptocurrency, blockchain-based tokens, cryptocurrency market trends, and trading strategies. We do not provide individually tailored investment advice and does not take a subscriber’s or anyone’s circumstances into consideration when discussing investments, nor is Crypto News Point registered as an investment adviser or broker-dealer in any jurisdiction. Information contained herein is not an offer or solicitation to buy, hold, or sell any digital assets.

Affiliate Disclosure: To help support the work we do here at CNP, we often link to products and deals from around the web. Should you buy some of these, we may get a portion of the sale.

We in generally gather content from the major websites. In every article there is always a clear link and attribution to the source publication. If you have any issue with any of our published content taken from your site, kindly let us know so that we can take appropriate action. In any case, the content of the pages of this website is for your general information and use only. It is subject to change without notice.

You May Also like

Jafrin Ahmed

Crypto newbie passionate about creating resourceful content on blockchain technology, cryptocurrencies and decentralized apps.
Share This

Share This

Share this post with your friends!