{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/signature-validation/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["zebra","zebra-script"],"_cs_severities":["critical"],"_cs_tags":["consensus failure","signature validation","network partition"],"_cs_type":"advisory","_cs_vendors":["Zcash Foundation"],"content_html":"\u003cp\u003eZebra version 4.4.0 improperly validates V5 transparent transactions using the \u003ccode\u003eSIGHASH_SINGLE\u003c/code\u003e signature flag.  Specifically, it fails to enforce a ZIP-244 consensus rule that requires validation to fail when an input is signed with \u003ccode\u003eSIGHASH_SINGLE\u003c/code\u003e and there is no transparent output at the same index.  Instead, Zebra asks the underlying sighash library to compute a digest, resulting in a digest over an empty output set. This divergence from \u003ccode\u003ezcashd\u003c/code\u003e, which correctly rejects such transactions, could allow an attacker to create a consensus split between Zebra and \u003ccode\u003ezcashd\u003c/code\u003e nodes.  The vulnerability exists due to a missed check in Zebra\u0026rsquo;s V5 sighash callback, which calls \u003ccode\u003elibrustzcash\u003c/code\u003e\u0026rsquo;s ZIP-244 implementation.  The issue was addressed in Zebra 4.4.1.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker crafts a V5 transaction with two or more transparent inputs.\u003c/li\u003e\n\u003cli\u003eThe crafted transaction includes fewer transparent outputs than inputs.\u003c/li\u003e\n\u003cli\u003eThe attacker signs an input whose index has no matching output (\u003ccode\u003evout\u003c/code\u003e entry) with \u003ccode\u003eSIGHASH_SINGLE\u003c/code\u003e (0x03) or \u003ccode\u003eSIGHASH_SINGLE|ANYONECANPAY\u003c/code\u003e (0x83).\u003c/li\u003e\n\u003cli\u003eZebra\u0026rsquo;s sighash callback incorrectly computes a digest for the invalid input using \u003ccode\u003elibrustzcash\u003c/code\u003e, rather than failing the validation.\u003c/li\u003e\n\u003cli\u003eThe attacker broadcasts the malicious transaction to the Zcash network.\u003c/li\u003e\n\u003cli\u003eZebra nodes verify the transaction\u0026rsquo;s transparent script using the incorrectly computed digest and accept the transaction (and any block containing it).\u003c/li\u003e\n\u003cli\u003e\u003ccode\u003ezcashd\u003c/code\u003e nodes reject the transaction due to the invalid \u003ccode\u003eSIGHASH_SINGLE\u003c/code\u003e signature.\u003c/li\u003e\n\u003cli\u003eThis divergence creates a consensus split, potentially isolating Zebra nodes from the rest of the network.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis consensus failure could lead to network partitioning, service disruption, and potential double-spend attacks against affected Zebra nodes. While the impact is currently mitigated by the dominance of \u003ccode\u003ezcashd\u003c/code\u003e among miners, a successful attack could still disrupt services relying on Zebra nodes, cause financial losses for affected users, and damage the reputation of the Zebra project.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to Zebra version 4.4.1 or later immediately to remediate the vulnerability.\u003c/li\u003e\n\u003cli\u003eMonitor network traffic for unusual transaction patterns, especially V5 transactions with \u003ccode\u003eSIGHASH_SINGLE\u003c/code\u003e signatures.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules in this brief to your SIEM to detect potential exploitation attempts based on transaction characteristics.\u003c/li\u003e\n\u003cli\u003eReview the fix in Zebra 4.4.1 (GHSA-pvmv-cwg8-v6c8) to understand the corrected validation logic.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-10-26T12:00:00Z","date_published":"2024-10-26T12:00:00Z","id":"/briefs/2024-10-zebra-sighash-single/","summary":"Zebra 4.4.0 failed to enforce a ZIP-244 consensus rule for V5 transparent transactions, potentially leading to a consensus split with zcashd nodes if an input is signed with `SIGHASH_SINGLE` and there is no corresponding output.","title":"Zebra Consensus Failure due to Improper SIGHASH_SINGLE Validation","url":"https://feed.craftedsignal.io/briefs/2024-10-zebra-sighash-single/"}],"language":"en","title":"CraftedSignal Threat Feed — Signature Validation","version":"https://jsonfeed.org/version/1.1"}