Zcash Bug Could Reveal Shielded Full Nodes’ IP Addresses

Per an article this today by Adrian Zmudzinski over on Cointelegraph about a post by John Leto over on the Komodo team. Thought this was an important topic I haven’t seen anything about on here yet. The forum is pretty dead lately.

“A bug has existed for all shielded addresses since the inception of Zcash and Zcash Protocol. It is present in all Zcash source code forks. It is possible to find the IP address of full nodes who own a shielded address (zaddr). That is, Alice giving Bob a zaddr to be paid, could actually allow Bob to discover Alice’s IP address. This is drastically against the design of Zcash Protocol.”


http://duke.leto.net/2019/10/01/zcash-metadata-leakage-cve-2019-16930.html

Komodo had the same bug and apparently patched the issue earlier this week before posting about this issue.

This was patched by ECC in Zcash last week: https://z.cash/support/security/announcements/security-announcement-2019-09-24/

3 Likes

The key takeaway from this is there is such thing as responsible disclosure, which is why ECC has not publicly disclosed the details of the bug until the other affected coins have a chance to push a patch. And ECC are working with the researchers who found it to publish details properly with credit.

As opposed to irresponsible disclosure like this which leaves all the other coins besides Zcash (and Komodo if it has been patched) still at risk of this bug being exploited.

7 Likes

Avoiding the topic of “should transparency be important”…either take on the topic goes right out the window if someone else decides to take the “irresponsible” route, as they did.
Once the cat is out of the bag, all good intentions go right out the window. This is communications and PR 101.

If this was a known topic before, this is one of the worse ways it becomes public knowledge because it makes people think “what other bugs and security issues are known but not being disclosed?” which further degrades people’s faith.

Based on the lack of posting on the forums as of late…it’s easy to say that Cointelegraph just reached a significantly larger audience with any of their articles (let alone a headliner like that).

1 Like

That is exactly why this was done, to disparage Zcash for something that was already fixed. Notice that there is no mention that this has already been fixed in the article? Pretty big omission I’d say.

You cannot have total transparency when it comes to bugs, they crop up from time to time and need to be dealt with responsibly.

Which is a better approach if you are a developer who finds a bug:

  1. Find a bug, push a fix, inform others who may be affected quietly so they can also fix the bug, then publish details publicly.

  2. Fix the bug in your coins code, publish the details publicly, contact news organizations to claim credit and say “Hey everyone here’s the bug and how to use it, good luck fixing it before its used! LOL”

https://en.wikipedia.org/wiki/Responsible_disclosure

1 Like

Doesn’t exist.
you have

  • Partial disclosure
  • Full disclosure
  • Responsible disclosure
  • Coordinated disclosure
  • Pre exploit disclosure
  • Post exploit disclosure
  • Pre patch disclosure
  • Post patch disclosure
  • Silent patching
  • No disclosure

I get where you are coming from, but irresponsible disclosure can apply to each of the above categories.

This all depends on context. I think this was handled appropriately. The zcash team has two people for this specific purpose. - The thing I think you are not considering in both your examples is that this vuln was discovered by a 3rd party. If one has found it, you can bet another has already too.

I have spoken with @zebambam (not about this) and really, he knows the score. I think the ECC handled this perfectly. As soon as it was announced and the fix pushed an exploit would be out within days it is jus the way it is (somethings never change). This is known. People like me reverse engineer patches to develop exploits. - Silent patching is never the way to go. co-ordinated disclosure with responsible disclosure it.

Personally, I’d go with option 3.

  • sell it.

But that’s me. each to their own.

2 Likes

I see your point, but I would consider publishing a full disclosure while you know that others are doing coordinated disclosure on the same bug to be “irresponsible” or unethical.

2 Likes

Edit: I am 50/50 on this. A patch was pushed, but no binary released.

Also the author states

So whilst yes, their was no patched binaries, anyone could have found and used the bug. The author gives two methods to 100% mitigate this attack yourself. the simplest is above. However, the damage would have already been done.

left the rest of the post in for posterity.

Possibly. depends. had a fix been pushed to the upstream (zcash core?) by ECC the before the full disclosure? as far as I am aware it was.

Did the person who published the exploit publish because:

  1. they found it independently and it had been fixed already
  2. they found it by reverse engineering the patch
  3. a patch had been released.
  4. they found it by being give “advance notice, by the ECC, and then took that and ran with it” <- I cannot post the words I would like to describe it if this is the situation.

At the end of the day, the ECC pays good money to two very good and skilled people to handle this sort of thing. - And remember zcash is a massive target for govts. (hint: shadow brokers… they still have not forgotten that - really, they are very upset over that - the only way zec can redeem itself is to do the impossible and reveal who they are. until then state actors will always be after information disclosure vulns in zec.).

Dream (I think) got their xmr wallet drained because they didn’t keep up with patch management.

If the upstream has a well structured and coordinated disclosure team (which the ECC does now) onus is on the projects that rely on the tech to help test and be aware of security issues.

The ECC have provided all the tools needed to allow downstream projects to interface with their security team. They can lead a horse to water, but you cant make it drink.

If they don’t have a team with NDA’s in place with the ECC then that is a bad dev team and I would posit a shitcoin.

1 Like

As far as I know, binaries were produced for this release as normal and are in the usual documented place.

Yes, the commit from 2.0.7-3 that Duke Leto references in their CVE (which was filed without any coordination with ECC) links to our fix of the bug, without saying that it’s a fix.

3 Likes

So this is rubbish then?

I did find it very hard to believe a source code push was done but no binaries released. especially as the announcement mentions them and he mentions them for hush. smh.

It is the first line of the link of the disclosure. I thought he was calling out the ECC for not pushing the node release at the same time as the patch.

So I now have no idea what his intentions were. I think I am going to drop out of this before I say things I regret. I will refrain from making comment on leto because I would have to draw inference and motive out of thin air.

I would like to say that the ECC has an excellent disclosure team and I think this was handled excellently (as I have stated before). I am not sure what more they could/should have done.

Thank you for correcting me Daira.

edit1:
Wait a tick, who filed the CVE? Leto? This already had a CVE tho right?

edit2:
The only cve I can find is his… does he work for MITRE? I mean that’s kinda a dick move. it isn’t his CVE… it is Florian Tramèr, Dan Boneh, and Kenneth G. Paterson’s. (and whoever suggested the fix)

I 100% have to leave this alone now. sorry I am going to mute this thread. PM if you want to talk about it.

2 Likes

The most generous reading I can see is that Leto was mistaken in thinking there were no binaries (although they aren’t difficult to find). Or perhaps he was referring to wallet software that is dependent on zcashd but not released by ECC? Obviously publishing exploitable details before such dependent software has been released cannot help users in any way; that’s one of the reasons we deferred publishing them.

7 Likes

This was presented by him as something dramatic. As far as I understand, it doesn’t leak anything about transaction or amount … only whether a z address can be linked with an ip ?

Now the bug is a “pc virus”? :roll_eyes: SMH, Cryptocurrency “reporting” is terrible.

https://bitcoinexchangeguide.com/zcash-zaddr-bug-threatens-to-reveal-user-metadata-zec-isnt-the-only-cryptocurrency-affected

It’s honestly best to just pretend that sites like that don’t exist. No-one reads them anyway.

2 Likes

https://crypto.stanford.edu/timings/
Y’all upgrade!
Also backup!

2 Likes