Just out of curiousity and in general, why is it more likely that an exchange would be choosen?
I mean IF someone has a direct buyer over the counter which pays either in cash or BTC it would be the perfect solution for the counterfier, not?
Itâs more likely simply because exchanges are the easier route. My comment didnât deny the chance that an attacker could have established a direct buyer.
Itâs possible that counterfeit coins, if any, could have been moved into a shielded address before the turnstile was implemented, in which case they are beyond traceability, right. So, there could be, say, 5 million ZEC in a shielded address waiting for total ZEC issuance to reach multi-millions?
So the majority of those hypothetical 5 million ZEC would have to live in the Sprout pool as thatâs where the vulnerability was (it doesnât exist in Sapling). Currently there are ~200k in the Sprout shielded pool and ~120k in the Sapling one (see https://zcha.in/statistics/network). If anyone tried to move more than 200k counterfeit ZEC out of the Sprout pool the total would go negative and it would be immediately obvious what had happened and unlikely anyone could realise anything for their Sprout ZEC.
See Sapling Addresses & Turnstile Migration - Electric Coin Company for more.
4 Likes
Beyond that, it is the ECCs policy to not allow the Sprout pool to go negative. Defense Against Counterfeiting in Shielded Pools - Electric Coin Company
2 Likes
Just out of curiousity and hyptetically:
-
what would be the measure(s) taken if letâs say in 1 year the sprout pool goes negatie due counterfeit that occuret 1-2 years earlier? Ok, if we see (hopefully not!) some day that the sprout pool goes negative thatâs one thing, but what action would be taken if the source of counterfeit has happened longer time bevor? Could the source/mining pool/whatever even be identified 1-2 years later?
-
what happens IF the counterfier for example buy 50,000 ZEC and counterfies 50,000 ZEC. If the bought 50,000 ZEC are sent to a shielded adress and the counterfeit 50,000 ZEC from the shielded adress to a transparent adress wouldnât that, at least temporary, hide traces and the alarm bells?
-
from the Blog Post regarding Defense agaisnt Counterfeiting: If we are able to identify that the bug affects only a single shielded pool, we might choose to effectively deactivate that pool by invalidating any of its outgoing transactions.
Question A: What if it affects several shielded pools as you mention only âa single poolâ?
Question B: What if it happened over longer time frames, letâs say daily 1,000 ZEC over 6 months?
Question C: Reading the whole article at least 10x times i have the feeling that the defense is too much lagging as the counterfeit (attack) would only be visible/detectable some day just if and when the pool goes negative, not? Or do i miss something?
Again, just theoretical and hyptetical questions within IF casesâŚ
Good questions. Let me try to clarifyâŚ
There is a bucket (Sprout pool). That bucket is different than other buckets (i.e. Sapling pool). Letâs say that we know that 100 ZEC in total has ever been placed into that bucket. If someone tries to take 101 ZEC out of the bucket, we know that counterfeiting had occurred sometime in the past. We know that 1 ZEC was created out of thin air at some point. So we donât allow that transaction to occur.
However, if someone counterfeited 50 ZEC (or something less than 100 ZEC), they could take it out of the bucket that we know 100 ZEC was moved into. The bucket would now contain 50 ZEC, after their transfer. Now we believe there is 50 ZEC left in the bucket and no one would be allowed to take out more than the 50 ZEC remaining. Thus, the total monitory supply is protected.
Does that make any more sense?
Sorry for the confusion. Weâll publish another article in the near future with an attempt to be more clear.
2 Likes
If people are not allowed to take out the ZEC that they put into the Sprout pool, then I expect they will demand the Zcash company make them wholeâŚ
1 Like
Thatâs about what i had in mind when i wrote one of the questions above.
what happens IF the counterfier for example buy 50,000 ZEC and counterfies 50,000 ZEC. If the bought 50,000 ZEC are sent to a shielded adress and the counterfeit 50,000 ZEC from the shielded adress to a transparent adress wouldnât that, at least temporary, hide traces and the alarm bells?
In the meaning the counterfier could put these 50,000 legally bought with proof into the sprout pool. Pull out at the same time his counterfeit 50,000 ZEC and than have a legal claim on the ECC company if he canât get out his real bought 50,000 ZEC, not?
âŚdoubt that would work as theyâve already been told what would happen under those circumstances.
bet a lot of zcash still in sprout pool are owned by dead 
people
2 Likes
Surprised the sprout pool hasnât emptied faster, its not exactly hard to do.
1 Like
Maybe not dead per say but the likelihood of it emptying completely is yea bout zip
1 Like
what have they been told? A counterfier wouldnât pull the coins to the same wallet he has the bought coins. Means the claims would be from the buyer of the legit coins while the counterfied coins leaving the sprout pool would have been used allready. Just in theory in this example to check if the defense would be a working one in such case âŚ
âWhat will happen to prevent the sprout pool going negativeâ is public knowledge already - joshs post for example, echoed in other places.
If someone tried to hold ECC liable I think theyâd fail, many examples of âWe told you soâ⌠just my humble opinion of course (not a lawyer).
Ok, i get now what you had in mind. But i doubt this will work that way. Letâs just for one second forget the counterfeit part but YOU, for whatever reason have 10,000 ZEC in the sprout pool. A sudden an unknow counterfier pulls his counterfeit ZEC and the sprout pool goes negative. Would mean you lost ALL your holdings without any vault other than having ZEC and having them in the sprout pool, which isnât forbidden.
Just my amateurish opinon on the legal side IF someone witholds legal bought ZEC, pretty sure there would be claims, leave alone maybe possible devastating community/holder feedback if the holdings of 100âs of small holders in the sprout pool are affected.
AHHH⌠I see. I was mixing the sequence of events up in my head assuming thatâŚ
âŚwe know how much in the sprout shielded pool because it is the total issued minus the unshielded amount, right?
If the vulnerability was exploited, maintaining the shield means going through saplingâs turnstile.
The only other way to escape with the infinite zcash is to go to market. There are not many markets supporting shielded addresses. Of those that do (Rock, etc), I presume exorbitant volume was not evidenced.
So, I can keep calm and carry onâŚ
There is the Sapling pool as well. Itâs actually possible to measure what goes in/out of the pools (which is what zcashd does) as it must come from a transparent address so it is visible going in and out at the individual transaction level.
Right and if there are indeed exchanges that support Sprout addresses itâs possible an attacker could get away with some funds but it would still be detectable when whoever bought the coins moved them out of the Sprout pool. So itâs functionally little different to an attacker just moving them to a transparent address and selling them assuming they donât make the pool go negative.
1 Like
The turnstile has the side effect of making Zcash less than fungible; ZEC in the Sprout pool carries some risk of being non-redeemable.
Perhaps a majority of Sprout balances is inaccessible, as one would expect it to be moved out to eliminate said risk.
2 Likes
âinaccessibleâ <â thatâs what iâm thinking