Zcash Audit Results

As a security-focused team, made up of world-class talent, we prioritize the security of Zcash users. True security comes from empowering users directly, and to that end, we will always disclose vulnerabilities we find (as soon as we’re certain such disclosure won’t harm live users), and describe how we have fixed them or how we intend to fix them.

In keeping with that value, and with our launch imminent, it’s important to share the full details of our commissioned audits.

Security Recap

To give context, in April we highlighted a few vulnerabilities in our code that our team found and fixed. In August, we announced our work with two top security auditing teams, and we’re presenting those security audit results in this post [1].

We maintain a security page on this site with up-to-date security information about Zcash. We also maintain a security warnings document for each release.

Security Audits

Today we are publishing the final reports of each external security auditor we contracted this summer to review our code. We’ve triaged the issues found and addressed any we considered severe (e.g. could compromise user privacy, lose funds, break consensus, etc…).

Additionally, we’ve kept in touch with Bitcoin Core developers to ensure any findings relating to our codebase (which is derived from Bitcoin Core v0.11.2) does not present any substantial risk to Bitcoin users. We also sent private notifications to developers of Bitcoin Unlimited, Bitcoin XT, and Bitcoin Classic. We did not contact developers of any other projects derived from the Bitcoin Core codebase.

Each of the auditors have prepared reports of their work and findings. They are all hosted on their respective websites. Here we present links to those reports, our issue tracker searches to track their audit work, and their project summaries:

NCC Group

Report URL: https://www.nccgroup.trust/us/our-research/zcash-cryptography-and-code-review/?research=Public+Reports

Zcash Issue Tracking: NCC findings

Their Summary:

“NCC Group performed a two-part targeted review of the Zcash cryptocurrency implementation. The first part, performed by the Group’s Cryptography Services practice, focused on validating that Zcash’s implementation adhered to the Zcash Protocol Specification. An assessment looking for security errors within the cryptographic implementation was also performed. The second part was a C++ source code review for vulnerabilities using static and dynamic analysis and fuzz testing. The review also included a cursory assessment of dependent libraries and recommendations for improving software assurance practices at Zcash.

NCC Group identified an issue that would allow an adversary to tamper with the verification and proving keys used by the Zcash daemon as well as a number of C++ coding errors that could result in stack-based buffer overflows, data races, memory use-after-free issues, memory leaks, and other potentially exploitable runtime error conditions. Additionally, most, if not all, third-party open source library dependencies were identified as being out-of-date. In the end, NCC Group did not find any critical severity issues that would undermine the integrity of the Zcash blockchain or undermine the security of confidential transactions during the time that the review was conducted (from August 8 – September 2, 2016).”

Coinspect

Report URL: https://coinspect.com/doc/CoinspectReportZcash2016.pdf

Their Announcement: https://coinspect.com/zcash-security-audit-results

Zcash Issue Tracking: Coinspect findings

Their Summary:

“Coinspect reviewed Zcash’s innovations over the Bitcoin Core source code, focused on evaluating its resistance against specific threats to cryptocurrencies. Coinspect identified high-risk and moderate-risk issues during the assessment that affected the performance and availability of the Zcash p2p network. The security issues identified did not allow remote code execution nor allowed an attacker to steal funds or compromise the privacy of Zcash users. However we found exploitable 51% and isolation attacks with minimum resources.

It is an honor for Coinspect to contribute with our cryptocurrency security experience to the exceptional team behind this exciting project.”

Conclusion

We are committed to serving our users and community, and one of the best ways we can do that is to provide transparency. Zcash is still in a nascent stage, it is experimental and new; users are encouraged to educate themselves about the risks involved in being a direct part of the Zcash protocol and network.

Please join the Zcash developers and community in our Slack and Forum conversations.

[1] Our blog post also described our work with Solar Designer who is analyzing our Equihash Proof-of-Work system. We focus on security audits and mitigations in this post, and we’ll post the Equihash analysis in a later post.