CVE-2019-7167
N/A
N/A
Summary
Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a consistency check, and consequently transform the proof of one statement into an ostensibly valid proof of a different statement, thereby breaking the soundness of the proof system. This misled the original Sprout zk-SNARK verifier into accepting the correctness of a transaction.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://fortune.com/2019/02/05/zcash-vulnerability-cryptocurrency/
- https://z.cash/blog/zcash-counterfeiting-vulnerability-successfully-remediated/
- https://github.com/JinBean/CVE-Extension
References
- http://fortune.com/2019/02/05/zcash-vulnerability-cryptocurrency/
- https://z.cash/blog/zcash-counterfeiting-vulnerability-successfully-remediated/
- https://github.com/JinBean/CVE-Extension
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.