Zcash will be launched tomorrow, and we’re excited about it. Zcash is an implementation of the Zerocash protocol based on the Bitcoin Core C++ code. It intends to offer a far higher standard of privacy and anonymity through a sophisticated zero-knowledge proving scheme which preserves confidentiality of transaction metadata. Zcash engaged Coinspect to perform a security audit of their implementation of the Zerocash protocol. Coinspect reviewed Zcash changes to Bitcoin Core focused on evaluating its resistance against specific threats that usually affect cryptocurrencies. Coinspect identified high-risk and moderate-risk issues during the assessment that affected the performance and availability of the Zcash p2p network. The security issues identified did not allow remote code execution nor allowed an attacker to steal funds or compromise the privacy Zcash users. However we found exploitable 51% and isolation attacks with minimum resources. It is an honor for Coinspect to contribute with our cryptocurrency security experience to the exceptional team behind this exciting project.
Our report is here: https://coinspect.com/doc/CoinspectReportZcash2016.pdf