Zcash Foundation Releases Zebra 4.5.1 Emergency Update: Fixes Critical Consensus-Level Security Vulnerability

Odaily news: The Zcash Foundation has announced the release of Zebra 4.5.1 version update to fix a consensus-critical security vulnerability and strongly recommends that all node operators upgrade immediately. The vulnerability, identified as GHSA-2prc-cj5x-4443, involves a sigops (signature operation count) counting error in P2SH transactions, which could lead to potential consensus fork risks. This fix corrects an incomplete patch in the previously released 4.5.0 version, which was just released yesterday.

The Zcash development team stated that the issue stems from discrepancies in sigop counting logic between different implementations, which could cause nodes to produce different results when verifying transactions, thereby affecting consensus consistency on the chain. The fix resolves this by reverting and adjusting the Rust implementation logic to ensure alignment with the expected protocol behavior.

The Zcash Foundation emphasized that there is currently no workaround for this issue, and upgrading to 4.5.1 is the only method to ensure nodes remain on the correct chain and avoid potential fork risks.