Zebra 4.4.1: Critical Security Fix

We are releasing Zebra 4.4.1 today. This release contains a fix for a consensus-critical security vulnerability, and we strongly encourage all node operators to upgrade immediately. You can update directly to it if you have not updated for the last couple of releases.

Note that the 4.4.0 release was just three days ago. If you have already upgraded, unfortunately you will need to upgrade again.

Security Advisories

GHSA-pvmv-cwg8-v6c8: Zebra still accepts V5 SIGHASH_SINGLE without a corresponding output

Zebra failed to enforce a ZIP-244 consensus rule for V5 transparent transactions: when an input is signed with SIGHASH_SINGLE and there is no transparent output at the same index as that input, validation must fail. Zebra instead asked the underlying sighash library to compute a digest, and that library produced a digest over an empty output set rather than failing. An attacker could craft a V5 transaction with more transparent inputs than outputs that Zebra accepts but zcashd rejects, creating a consensus split between Zebra and zcashd nodes.

A previous fix (GHSA-cwfq-rfcr-8hmp) addressed a closely related case in the same area of the code, but did not cover this specific one.

Thanks to @sangsoo-osec, @zmanian, and @fivelittleducks for reporting the issue.

Upgrading

We strongly recommend all Zebra node operators upgrade to 4.4.1 as soon as possible, particularly due to the consensus vulnerabilities described above. There are no known workarounds — upgrading is the only way to ensure your node remains on the correct chain and is protected against the issues listed in this release. You can find the release on GitHub.

Thank You to Our Contributors

This release was made possible by the work of @alchemydc, @arya2, @conradoplg, @daira, @gustavovalverde, @mpguerra, @oxarbitrage, @schell, and @upbqdn. Thank you for your continued contributions to Zebra.

Zebra is the Zcash Foundation’s independent, Rust-based implementation of the Zcash protocol. Learn more at github.com/ZcashFoundation/zebra.

Great to see more bugs patched

You can probably find more low hanging fruit for zcashd over at:

https://bitcoincore.org/en/security-advisories#past-security-advisories

I’ve done that, but it seems like there’s no bugs for the current zcashd

The CVEs are very new, so I don’t see how they are not present in zcashd. Are you sure you did check zcashd and not zebrad?

Zec.rocks infrastructure is now updated to 4.4.1 across our mainnet nodes, testnet should be updated soon.

Can we get a security mailing list going? (email)

I think some parts of the code have been modified, so the bitcoin bug doesn’t exist in exactly the same form. but, I think it does seem worth digging into this a bit more. thanks for a great suggestion . I reported here review of bitcoin core advisory · Issue #7156 · zcash/zcash · GitHub

zebra and zcashd are written in different programming languages. None of zcashd’s original functions directly exist in zebra bc the languages are not immediately compatible (so yes, they’re all modified versions).
Zcashds LEGACY transparent side might share some functionality w/ that bitcore repo but zcashd deprecation in the past few weeks has been accelerated more so it doesn’t seem logical to fix anything short of critical bc the software is scheduled to EoL in a relatively short time in favor of zebra.

Thanks for the fast response and release.

Glad this was caught and fixed quickly. Keeping these consensus-boundary cases tight is important for the ecosystem.