Published: 27/03/2019 Updated: 11/06/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Summary

Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a consistency check, and consequently transform the proof of one statement into an ostensibly valid proof of a different statement, thereby breaking the soundness of the proof system. This misled the original Sprout zk-SNARK verifier into accepting the correctness of a transaction.

Vulnerability Trend

Affected Products

Vendor Product Versions

Github Repositories

CVE Extensions This repository is an extension of our research on cryptocurrency clones and vulnerabilities that takes existing vulnerabilities in major coins and uses clone detection tools as a method of identifying propagation of these vulnerabilities in other coins List of documented CVEs CVE-2018-17144 CVE-2019-7167 CVE-2016-10724 CVE-2016-10725 CVE-2018-17144 National