Security Announcement 2019-03-19

Synopsis: A bug in the Zcashd wallet could result in Sprout z-addresses displaying an incorrect balance. Sapling z-addresses are not impacted by this issue. This would occur if someone sending funds to a Sprout z-address intentionally sent a different amount in the note commitment of a Sprout output than the value provided in the ciphertext (the encrypted message from the sender).

A code fix for the wallet has been written and the integration into an official Zcash release is targeted for our next release (version 2.0.4, expected March 25th).

Who is affected: Users that receive payments to their Sprout z-addresses using the Zcashd wallet are vulnerable. Users who do not receive payments to Sprout z-addresses are unaffected.

What can Sprout users do to protect themselves? Sprout users should suspend their trust in the receipt of funds to Sprout z-addresses until they upgrade to zcash v2.0.4, which is expected to be released on March 25th. If users need the fix earlier, they can manually build their own daemon with the code available now: https://github.com/zcash/zcash/pull/3897.

Once a fix has been applied, users are strongly advised to issue a rescan of the blockchain with “zcashd -rescan”.

Acknowledgements: Thank you to Alexis Enston for bringing this to our attention.