CVE-2019-7167

Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a consistency check, and consequently transform the proof of one statement into an ostensibly valid proof of a different statement, thereby breaking the soundness of the proof system. This misled the original Sprout zk-SNARK verifier into accepting the correctness of a transaction.

Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a consistency check, and consequently transform the proof of one statement into an ostensibly valid proof of a different statement, thereby breaking the soundness of the proof system. This misled the original Sprout zk-SNARK verifier into accepting the correctness of a transaction.

Zcash, antes de la actualización de la red Sapling (28/10/2018), tenía una vulnerabilidad de falsificación. Un proceso generador de claves durante la evaluación de polinomios relacionados con una instrucción por confirmar producía ciertos elementos de omisión. La disponibilidad de estos elementos permitía que un "prover" falso omitiese una comprobación de consistencia y, en consecuencia, transformase la prueba de una instrucción en una prueba ostensiblemente válida de una instrucción diferente, quebrantando así la seguridad del sistema de pruebas. Esto hacía que el verificador Sprout zk-SNARK original aceptase que una transacción fuese correcta.