En • 4w
Zcash Orchard Pool Zero-Knowledge Proof Vulnerability
A critical vulnerability was identified within the Zcash Orchard pool implementation, stemming from flaws in the Zero-Knowledge Proof (ZKP) circuits. These cryptographic constraints failed to properly validate certain note-creation processes, theoretically enabling an attacker to perform "infinite" minting of counterfeit ZEC tokens. Due to the privacy-preserving nature of shielded transactions, the network cannot retroactively audit the ledger to verify if the flaw was exploited prior to the implementation of remediation patches. While Electric Coin Co. has closed the minting loop, the potential for undetected counterfeit circulation remains a central concern for the ecosystem's long-term integrity.
Links:En, Kucoin, Chainbulletin, Coinpedia, Electriccoin, Cyberscoop, Forum, Schneier, Zdnet, Binance, Thehackernews, Security Affairs •