On September 17th, 2018, a discloser, who wishes to remain anonymous, provided the email@example.com mailbox with details of an issue they also supplied to Bitcoin Core. We immediately began an investigation on the claims. We found that the change, which made Bitcoin Core vulnerable to this issue, happened after we forked from Bitcoin. We then read the code in Zcash to see if we had removed the check separately and found we hadn’t, leading us to conclude that we are not vulnerable to this attack.
We are grateful to the anonymous contributor for this disclosure. We ask anyone who knows of an issue, current or future, which could potentially threaten Zcash users to let us know via gpg to firstname.lastname@example.org.