Zcash patches critical bug affecting the Sprout shielded pool

Zcash has patched a major vulnerability that would have allowed bad actors to drain funds from the protocol’s deprecated Sprout shielded pool.

A disclosure report from security researcher Alex “Scalar” Sol, published on Tuesday, claims that a critical flaw was discovered in zcashd nodes that resulted in skipping proof verification for transactions involving the legacy Sprout pool.

Zcash’s Sprout pool is the original “shielded pool” that launched with the network in 2016. It was the first implementation of zero-knowledge proofs (zk-SNARKs) in a production cryptocurrency, allowing users to send and receive ZEC privately.

Although the pool was closed to new deposits in November 2020, it still holds approximately 25,424 ZEC, which are yet to be migrated to newer shielded pool versions.

According to the disclosure, the vulnerability spanned releases from July 2020 onward but was fixed through v6.12.0, which was released on Tuesday. So far, the flaw has not been exploited, and user funds remain safe.

Major mining pools, including Luxor, F2Pool, ViaBTC, and AntPool, have already deployed the fix by March 26, the report added.

The report added that the Zebra full node implementation was not affected. In the event of an attempted exploit, it would have resulted in a chain fork, acting as an additional safeguard.

Despite the severity of the issue, the Zcash Open Development Team has clarified that the network’s “turnstile” mechanism, which enforces that any coins exiting the Sprout pool must have previously entered it, would have prevented broader supply inflation.

For the Zcash network, this marks the second time a critical, systemic vulnerability has been uncovered within its shielded pools. In 2019, the Zcash team disclosed a “counterfeiting” bug, a flaw in the underlying cryptography that could have allowed an attacker to create an infinite amount of ZEC without detection.