Zcash Foundation Issues Emergency Zebra Update to Fix Consensus Flaw

The Zcash Foundation has released an emergency update for its Zebra node software to fix a security flaw that could trigger a consensus split. It urged all node operators to upgrade immediately.

Crypto-focused media outlet Odaily reported on June 1 that the foundation published Zebra version 4.5.1. The release addresses a security vulnerability that could affect consensus.

The flaw is identified as GHSA-2prc-cj5x-4443. It stems from an error in counting sigops, or signature operations, in P2SH transactions. If nodes produce different transaction validation results, the issue could lead to a potential chain split.

The update also corrects shortcomings in Zebra version 4.5.0, released a day earlier. The Zcash development team said differences in the implementation of the sigop calculation logic could cause nodes to reach different validation results.

According to the foundation, version 4.5.1 focuses on reverting and adjusting the Rust implementation logic so it aligns with the protocol's intended behavior.

The foundation said there is currently no workaround for the issue. Upgrading to Zebra 4.5.1 is the only way for nodes to stay on the correct chain and avoid a potential split.