Successful Zcoin attack proves once again why Zcash's unknown supply is a flawed setup

https://www.reddit.com/r/Monero/comments/5uo7i5/successful_zcoin_attack_proves_once_again_why/

Discuss

The bug in Zcoin was a typo bug and does not mean a flaw in cryptography of Zcash/zk-SNARK. But it is true that if there is exploit we would never know we are being exploited. There is too much risk investing in Zcash and this level of risk is not matched by potential return.

Btw, long time ago Zooko hinted that it is possible to audit total coins in circulation without compromising privacy. Can any developer give an update on this issue?

1 Like

Zcoin was attacked due to bug in code and 370k coins were created and sold for about $500k.
Similar bug in Zcash would go unnoticed due to imposibility to check total amount of coins in existence.

Notice that gold has precisely the same problem. It is effectively impossible to check the total amount of gold under human control. If someone were to discover a way of turning lead into gold then they could practice this surreptitiously for quite some time without being detected.

All else equal, the inability to audit the total zcash supply is a disadvantage. However, provided no exploit is found, the magnitude of this disadvantage will decrease with time.

2 Likes

So you think the bug is normal? How can we protect us from losing money due to these kinds of bugs then?

We can do nothing, such exploit would never be detected in Zcash because the blockchain cannot be audited. By investing in Zcash you must accept that risk.

Similar coin name, similar algorithms (actually, not sure about that...) + FUD = The sky is falling! The sky is falling!

Certain personalities that favour Monero would do a lot better to simply express confidence in their own network rather than attempt to bolster themselves at the expense of other networks. As bad as that Zcoin bug was for the general perception of that network, the fallout was pretty trivial. Attempting to parlay that into the-end-of-the-world is pure childishness.

same with fiat cash....anonymous kind of equals unauditable supply by definition

1 Like