ZEBRA Consensus Vulnerability in Sighash Hash-Type Handling for V4 and V5 Transactions

A consensus vulnerability has been identified in ZEBRA, a Zcash node implementation in Rust, affecting versions prior to 4.3.1 for zebrad and prior to 5.0.2 for zebra-script. The issue arises from a failure to properly validate the allowed values of sighash hash types for V5 transactions, introduced in the NU5 network upgrade. This oversight allows ZEBRA nodes to accept and mine blocks that would be deemed invalid by zcashd nodes, leading to a consensus split. Similarly, for V4 transactions, ZEBRA incorrectly applied the 'canonical' hash type when calculating the sighash, while zcashd used the raw value as specified, potentially causing another consensus divergence.

Impact

Exploitation of this vulnerability creates a consensus failure, causing a network partition where affected ZEBRA nodes accept invalid transactions, disrupting normal transaction processing and potentially allowing double-spend attacks.

Reproduction

To reproduce this vulnerability, submit a V4 or V5 transaction with an invalid hash type. ZEBRA nodes will accept the V5 transaction, causing a consensus split with zcashd nodes, and vice versa for V4 transactions.

Remediation

Users should upgrade to ZEBRA version 4.3.1 or later. There are no known workarounds.