A bug in all Zcash (ZEC) implementations and most of its forks can leak metadata with the complete nodes with shielded addresses (zaddr) IP & # 39; s.
Komodo (KMD) core developer Duke Leto has introduced the bug in a weblog submit published on his private web site. There’s already a Frequent Vulnerabilities and Exposures (CVE) code assigned to observe the issue on September 27. Leto defined:
“For the reason that begin of Zcash and Zcash Protocol, there was a bug for all protected addresses. It’s current in all Zcash supply code forks. It’s attainable to search out the IP deal with of full nodes with a shielded deal with (zaddr). That’s, if Alice provides Bob a zaddr to pay, Bob can really uncover Alice's IP deal with. This goes towards the design of the Zcash protocol. "
Based on the announcement, anybody who has revealed his zaddr or supplied it to a 3rd occasion will be affected by the vulnerability. Leto claims that customers ought to regard their "IP deal with and related geolocation data as linked to (…) zaddr."
A number of cryptocurrencies affected
Based on Leto, customers who’ve by no means used a zaddr, solely used it by the Tor Onion Routing community or solely to ship cash, are usually not affected. Moreover, Leto additionally claims that Zcash just isn’t the one affected cryptocurrency and gives a non-exhaustive checklist.
The cryptocurrencies on the checklist are Zcash, Hush, Pirate, Komodo sensible chains with zaddr enabled as customary, Safecoin, Horizen, Zero, VoteCoin, Snowgem, BitcoinZ, LitecoinZ, Zelcash, Ycash, Arrow, Verus, Bitcoin Personal, ZClassic and Anon. Leto additionally factors out that Komodo has already disabled the shielded addresses function and transferred it to the Pirate chain, which signifies that KMD not incorporates the bug.
Resembling Cointelegraph just lately reported, Electrical Coin Firm, which launched and helps the event of Zcash with privateness cash, just lately revealed a paper describing a trusted cryptographic system known as Halo.