ZenCash is still under the threat of a replay attack, and the ZenCash team is getting closer to having a solution to the problem. Here is a brief update to keep everyone in the loop.
The nature of the replay attack threat for ZenCash right now is that a transaction that was completed on Zclassic can be accepted into the mempool, then placed into a block on the ZenCash blockchain. Because of the similar nature of the blockchain and addresses, this would then be broadcast on the Zen blockchain.
There are some ways to mitigate against the attack for anyone who has control of their wallet. The easiest is to set up a second wallet and send the ZenCash to the second wallet. At that point there are no ZenCash UTXO’s that can be replayed with a Zclassic transaction. Another way is to just not do any Zclassic transactions until the issue is fixed on the ZenCash zen node software. Although the replay is vulnerable to older Zclassic transactions as well, so it depends on your transaction history as to how well this would work.
The replay protection was originally put in place in the ZenCash node software by the former lead developer, and was set to expire after 4096 blocks. We don’t know why the choice was made to have the protection expire. Before announcing the vulnerability, the ZenCash former lead developer pushed an update that extended the replay protection checking to forever.
If everyone were running the latest ZenCash node software, there would not be a problem, because all the mining pool operators and solo miners whose software has the ability to accept transactions into the mempool would have software that protected the blockchain. Right now that upgrade is non-mandatory, and older versions of the software are still vulnerable.
The Zen team is discussing the best course of action to take, and we encourage all mining pool operators and solo miners to stay abreast of the latest announcements.
From an organizational standpoint, there is progress. The ZenCash former lead developer is of course welcome to contribute software to the Zen project just like any other developer is welcome to do so. He will not be welcome to be part of the Zen leadership team going forward, though.
There is currently funds accumulating in the ZenCash treasury, at the rate of 8.5% of every block mined. These funds will be used by the Zen leadership to bootstrap the building of a complete development, operations, and communications team.
With the ability to hire and contract talented contributors, Zen will be able to continue working through the goals outlined in the Zen White Paper.
Future ZenCash communications will be based on a new domain name, zensystem.io. Look for us there!
New ZenCash website — https://zensystem.io
New ZenCash blog — https://blog.zensystem.io
New ZenCash Github — https://github.com/ZencashOfficial
Originally published at ZenCash Blog.