ZEBRA Consensus Vulnerability Allowing Malicious Miners to Induce Network Splits
Vulnerability
A logic error in ZEBRA's transaction verification cache prior to version 4.3.1 in the ZEBRA node and prior to version 5.0.2 in the zebra-consensus package could enable a malicious miner to create a consensus split. This was achieved by submitting a transaction valid for height H+1 but invalid for H+2, and then mining it into a block at H+2. Vulnerable ZEBRA nodes would accept the invalid block, causing a split from the Zcash network.
Impact
Exploitation of this vulnerability could lead to a consensus failure, causing a network partition where the affected ZEBRA node is isolated from the rest of the network.
Reproduction
To reproduce this vulnerability, a transaction must be submitted with an expiry height of H+1. After mining a block at H+1, the same transaction can be included in a block mined at H+2, which is then submitted before the H+1 block. Vulnerable ZEBRA nodes will accept the H+2 block, leading to a consensus split.
Remediation
Users should upgrade to ZEBRA version 4.3.1 or later. There are no known workarounds for this issue.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.