Zcash, a cryptocurrency that employs Proof-of-Work consensus algorithm, has been designed to offer greater anonymity by hiding the sender, recipient and transaction value for all transactions. According to the crypto enthusiasts, Zcash is a cryptocurrency version of the “Swiss bank account in your pocket.”
Recently, the company had published the details of a bug that permitted attackers to mint an infinite amount of coins instead of mining them. Thus, allowing them to create counterfeit Zcash tokens. The blockchain is designed in a way that the details of some transactions to be seen only by the transaction participants. A system called Sprout shields the transactions. A possible attacker could create fake Sprout shielded notes containing counterfeit funds without being detected. Though the vulnerability was patched, the company felt that an overarching solution is essential because Zcash’s robust privacy protection features make it difficult for anyone to detect counterfeiting directly.
Following the development, the company disclosed its plans to include a new consensus rule that would protect their coins from counterfeiting attacks. Zcash via their blog announced that the consensus code, that preserves the Zcash monetary base in the event of a counterfeiting compromise within Zcash’s shielded supply, is scheduled for May.
In Zcash, all ZEC resides within “value pools” determined by the type of address holding the ZEC. It has two pools of shielded addresses and one pool of transparent address. So counterfeiting can be detected if more ZEC tokens leave a pool than have entered it. This is called the “turnstile effect.”
“If the value pool balance were to become negative as a result of accepting a block, then all nodes MUST reject the block as invalid,” reads the blog.
“An immediate implication is that if a user has funds in a shielded value pool, but the publicly tracked pool balance is less than the user’s funds, they will not be able to transfer all of their funds out of that value pool. This design decision contains counterfeiting bugs inside the affected shielded value pool. Users should be aware of and consider possible ramifications,”
The proposed mechanism would provide powerful security. It would also be able to tell if Zcash has found any vulnerability. Once the feature is activated in May, more details will emerge about the same.