Zcash Foundation Releases Zebra 4.5.1 Urgent Update: Fixes Critical Consensus-Level Security Vulnerability

Odaily Planet Daily News: The Zcash Foundation has announced the release of the Zebra 4.5.1 version update to fix a consensus-critical security vulnerability and strongly recommends that all node operators upgrade immediately. The vulnerability, designated GHSA-2prc-cj5x-4443, involves a sigop (signature operation) counting error in P2SH transactions, which could lead to potential consensus fork risks. This fix corrects an incomplete patch from the previous 4.5.0 version, which was released just yesterday.

The Zcash development team stated that the issue stems from deviations in the sigop counting logic between different implementations, which could cause nodes to produce different results when validating transactions, thereby affecting on-chain consensus consistency. The fix resolves this by rolling back and adjusting the Rust implementation logic to ensure alignment with the expected protocol behavior.

The Zcash Foundation emphasized that there is currently no workaround for this issue, and upgrading to version 4.5.1 is the only way to ensure nodes remain on the correct chain and avoid potential fork risks.