How does turnstile defense against counterfeiting work

That is not correct. It has been explained on the Electric Coin Company blog back in November when the policy was put in place: Defense Against Counterfeiting in Shielded Pools - Electric Coin Company

A necessary consequence of this action is that any legitimate funds would also be lost forever in the affected pool.

Again in March

And @sgp (from Monero) even made a video about it: Breaking Zcash Episode 01: Counterfeiting Vulnerability [CVE-2019-7167] - YouTube

Plus, the ECC Twitter posted it, and there was a thread on Reddit about it: https://www.reddit.com/r/zec/comments/antwfr/breaking_zcash_episode_1_counterfeiting/

You need to get out of the Forums more often :wink:. I always keep an eye on Twitter, Reddit, GitHub, the Chat and the ECC Blog, that’s how I get all my information I convey to you guys.

4 Likes

Also, from @acityinohio: Concerning the Sprout Vulnerability CVE-2019-7167 - zcash foundation

Like the Company, we believe the chance of an exploit on mainnet is vanishingly small, thanks in large part to their extensive mitigations. But based on our understanding of the exploit, we are concerned that it’s non-zero (however small that may be). Unlike the inflation bugs in Bitcoin and Monero, the way Zcash’s privacy pool works it’s impossible to know if it’s been exploited… until Sprout addresses are deprecated. Once deprecated, ostensibly all Sprout holders will have moved their ZEC into Sapling addresses and any Zcash user will be able to detect unintended inflation in the transparent addresses used as part of that transition. This brings new urgency to a privacy-preserving turnstile tool to help users transition from Sprout to Sapling, and it’s one the Foundation would be happy to support in tandem with the Company, along with an accelerated deprecation schedule for Sprout.

Best case scenario: we accelerate the adoption of Sapling and prove without a doubt that an exploit didn’t happen. Worst (and very unlikely) case: somehow the bug was exploited, which we detect as the Sprout pool empties and users transition to Sapling addresses. In this case, we will encourage users to follow the guidelines set by the Company here.

I think there are ZEC holders who just aren’t paying attention to the project. Which is their prerogative, but definitely has downsides.

3 Likes

This is the whole reason I personally believe the ECC should have frozen the chain and hardforked. Sure with a bit of notice to other projects, but this would also impact horizon users and the such.

It is highly unlikely that the bug was exploited though, so it is a risk analysis thing. I certainly do not have the information to make that call.

The whole, he who moves first wins, is not ideal. tainting transactions so you can see if the pool goes negative then seeing by how much then working out what to do might have been the best solution. but again. I lack the internal information.

1 Like