Two separate security assessments have been completed on ZIPs that specify changes in the upcoming Zcash network upgrade (now named “Heartwood”).
ZIP 213: “Shielded Coinbase” and ZIP 221: “FlyClient Zcash SPV” were assessed for security by firms NCC Group and Trail of Bits.
Additionally, Trail of Bits produced some documentation helping to explain Sapling to newcomers, and NCC Group assessed the code implementation of the Blossom changes as part of their respective engagements.
Each team worked closely with the Electric Coin Co. engineering team, and both produced high-quality outputs that help provide vital security assurance on the Zcash network.
The following are now available:
NCC Group security assessment report
Trail of Bits security assessment report
Trail of Bits Sapling documentation