Listen to this Post
How the mentioned CVE works (technical details, ~20 lines):
The vulnerability stems from a consensus rule mismatch between Zebra and zcashd for V5+ transparent transactions under ZIP-244. When `SIGHASH_SINGLE` or `SIGHASH_SINGLE|ANYONECANPAY` is used and the input index has no corresponding output (i.e., nIn >= txTo.vout.size()), zcashd correctly fails the signature. In zcash/src/script/interpreter.cpp, `SignatureHash()` throws an exception, caught by `CheckSig()` which returns false, making the transaction invalid. Zebra, however, does not implement this pre-check. In `zebra-consensus/src/transaction.rs` and zebra-script/src/lib.rs, Zebra forwards the sighash type to its Rust ZIP-244 engine. When input.index() >= bundle.vout.len(), the code in `zcash_primitives/src/transaction/sighash_v5.rs` computes a digest using `transparent_outputs_hash::getblocktemplate, while zcashd rejects it. A miner can then mine a block containing this transaction, which Zebra accepts but zcashd rejects, causing a chain split.
dailycve form:
Platform: Zcash ecosystem
Version: V5+ transactions
Vulnerability: Consensus rule split
Severity: Medium (split risk)
date: 2023 (analysis)
Prediction: Patch Q2 2024
What Undercode Say:
Analytics: The divergence arises from missing exception handling in Zebra’s sighash implementation. Below are commands to test and validate.
Clone both repositories at vulnerable revisions git clone https://github.com/zcash/zcash.git && cd zcash && git checkout 2c63e9aa08cb170b0feb374161bea94720c3e1f5 git clone https://github.com/ZcashFoundation/zebra.git && cd zebra && git checkout a905fa19e3a91c7b4ead331e2709e6dec5db12cb Build both nodes ./zcutil/build.sh -j$(nproc) cd zebra && cargo build --release Create malformed V5 transaction using custom script (PoC) Example: python poc.py --inputs 2 --outputs 1 --sighash SINGLE
Check mempool acceptance on Zebra
zebrad -c zebra.toml --testnet
Submit raw transaction via RPC
curl -X POST --data '{"jsonrpc":"2.0","method":"sendrawtransaction","params":["<malformed_tx_hex>"],"id":1}' http://127.0.0.1:18232
On zcashd (same transaction)
./src/zcash-cli -testnet sendrawtransaction <malformed_tx_hex>
zcashd will reject with "mandatory-script-verify-flag-failed"
Exploit:
Craft V5 transaction with 2 transparent inputs, 1 transparent output. Sign input 0 normally. For input 1, request `SIGHASH_SINGLE` signature from Zebra’s transaction verifier – it returns a digest based on empty outputs hash ([]). Attach that signature. Zebra validates, zcashd fails before hash computation.
Protection from this CVE:
- Apply patch to Zebra: add the same pre-check as zcashd in `sighash_v5.rs` – if `input_index >= outputs.len()` and sighash is `SINGLE` or
SINGLE|ANYONECANPAY, return error immediately. - Upgrade Zebra to version >= commit `a905fa19…` with backported fix (not yet released).
- Enable consensus rule monitoring: compare mempool/block acceptance between Zebra and zcashd nodes.
- Use zcashd as authoritative reference for V5 transaction validation until Zebra is patched.
Impact:
Consensus split allowing a block valid on Zebra but invalid on zcashd. Attackers can create a divergent chain, causing double-spend opportunities or network partition. Zebra block-template producers may mine invalid blocks, wasting resources and disrupting network stability. Miners relying on Zebra for templates risk building on a rejected chain.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
