{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/zebra/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Zebra","zcashd","librustzcash"],"_cs_severities":["critical"],"_cs_tags":["consensus","vulnerability","blockchain"],"_cs_type":"advisory","_cs_vendors":["Zcash Foundation"],"content_html":"\u003cp\u003eA critical vulnerability exists in Zebra, a Zcash node implementation, where it diverges from zcashd in handling \u003ccode\u003eSIGHASH_SINGLE\u003c/code\u003e for V5+ transparent spends. Specifically, when an input index in a transaction has no corresponding output, Zebra incorrectly computes a digest instead of failing, as zcashd does according to ZIP-244. This divergence allows Zebra to accept malformed transactions into its mempool and include them in block templates. The vulnerability, present in Zebra versions prior to 4.4.0, can lead to Zebra mining and accepting blocks that zcashd rejects, causing a consensus split in the Zcash network. This poses a significant risk to network stability and data integrity. The issue was identified through analysis of Zebra commit \u003ccode\u003ea905fa19e3a91c7b4ead331e2709e6dec5db12cb\u003c/code\u003e and zcashd commit \u003ccode\u003e2c63e9aa08cb170b0feb374161bea94720c3e1f5\u003c/code\u003e.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a V5 transaction with multiple transparent inputs and fewer transparent outputs.\u003c/li\u003e\n\u003cli\u003eThe attacker signs the first input normally.\u003c/li\u003e\n\u003cli\u003eThe attacker signs subsequent inputs using \u003ccode\u003eSIGHASH_SINGLE\u003c/code\u003e (or \u003ccode\u003eSIGHASH_SINGLE|ANYONECANPAY\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eFor an input where there\u0026rsquo;s no corresponding output, Zebra calculates a digest using \u003ccode\u003etransparent_outputs_hash::\u0026lt;TxOut\u0026gt;(\u0026amp;[])\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eZebra accepts the transaction into its mempool because it sees a valid signature.\u003c/li\u003e\n\u003cli\u003eZebra includes the malformed transaction in a block template via \u003ccode\u003egetblocktemplate\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAn external miner mines a block containing the invalid transaction based on Zebra\u0026rsquo;s template.\u003c/li\u003e\n\u003cli\u003eZebra accepts this block, while zcashd rejects it, leading to a consensus split.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis vulnerability creates a consensus split between Zebra and zcashd, potentially leading to network instability. Zebra can accept blocks that zcashd considers invalid, compromising the integrity of the Zcash blockchain. The primary impact is on Zebra node operators, who may unknowingly mine and propagate invalid blocks. This also affects external miners who rely on Zebra\u0026rsquo;s \u003ccode\u003egetblocktemplate\u003c/code\u003e for block construction, as they could unknowingly mine invalid blocks.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Zebra nodes to version 4.4.0 or later to incorporate the fix for this vulnerability.\u003c/li\u003e\n\u003cli\u003eMonitor Zebra mempools for transactions with a higher number of inputs than outputs, signed using SIGHASH_SINGLE, and deploy the Sigma rule \u003ccode\u003eDetect Zebra SIGHASH_SINGLE Mismatch\u003c/code\u003e to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eImplement monitoring for block validation errors related to transparent transaction signatures in zcashd to detect consensus splits, referencing the observed difference between Zebra and zcashd behavior.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T14:30:00Z","date_published":"2024-01-03T14:30:00Z","id":"/briefs/2024-01-03-zebra-sighash/","summary":"Zebra and zcashd disagree on a consensus rule for V5+ transparent spends related to SIGHASH_SINGLE handling when the input index has no corresponding output, leading to a consensus split where Zebra accepts invalid blocks rejected by zcashd.","title":"Zebra Consensus Split Vulnerability Due to SIGHASH_SINGLE Handling","url":"https://feed.craftedsignal.io/briefs/2024-01-03-zebra-sighash/"}],"language":"en","title":"CraftedSignal Threat Feed — Zebra","version":"https://jsonfeed.org/version/1.1"}