Zcash Overwinter Layer 1 Blockchain Audit
Zcash engaged Coinspect and four other leading security companies to conduct a comprehensive security audit of the Overwinter network upgrade. The emphasis of Coinspect’s audit was on the impact on consensus and incentives of the Overwinter code changes. During the assessment, Coinspect identified 2 high-risk issues. The high-risk issues identified during the assessment were not remotely exploitable by themselves to steal funds or compromise the privacy Zcash users. However, they affected the performance and availability of the p2p network.
The review was limited to the following code changes in Zcash v1.0.15:
- Transaction format version 3 (ZIP-202)
- Network upgrade activation mechanism (ZIP-200)
- Transaction Signature Verification (ZIP-143)
- Transaction expiry (ZIP-203)
On November 2018, Coinspect was asked to review the modifications introduced in the code in order to fix the vulnerabilities reported, and concluded the fixes implemented were correct and as a result, both issues are now considered resolved.
We are proud to have contributed to the security and reliability of Zcash’s Overwinter network upgrade, a project built on Bitcoin technology. If you’re working on a blockchain project or planning to build on Bitcoin, let our expert team help you build and maintain secure, resilient systems. Visit Coinspect’s services page to learn more about how we can support your project’s success.
