ZEC▲$493.71 jumped 10% after Zcash patched a bug in its old Sprout pool that could have exposed 6.2 million worth of ZEC, a flaw discovered with the help of AI.
The price of Zcash (ZEC) rallied after developers patched a bug in its old Sprout shielded pool that could have exposed 25,000 ZEC, valued at about $6.2 million at current prices.
In a Tuesday blog post, March 31, the Zcash Open Development Lab, a team founded by ex-Electric Coin Company members, explained that the flaw went unexploited and was fixed in zcashd v6.12.0 on Tuesday after being discovered by security researcher Alex “Scalar” Sol.
The bug happened because Sprout is an old, no-longer-used pool. When Zcash added upgrades like the Sapling pool in 2018 and stopped supporting new Sprout transactions in 2020, a part of old code made the system think everything was already fine, so some checks were skipped.
The bug could have only affected the deprecated Sprout pool, the team said, highlighting that Zcash’s “turnstile mechanism would have prevented any inflation of the ZEC supply, which currently stands at around 16,630k ZEC.”
Zcash Avoided Chain Fork
Major crypto mining pools, including Luxor, F2Pool, ViaBTC, and AntPool deployed the update “within three days,” the post reads. The developers added:
“If exploited, it could have resulted in loss of user funds in the Sprout pool unless the exploit transaction were reversed by miners rolling back the entire Zcash blockchain to before the exploit block.”
The team added that the Zebra full node, maintained by the Zcash Foundation, wasn’t vulnerable, adding that it would have triggered a chain fork if someone tried to exploit the bug.
Sol, who discovered the bug “with the help of AI,” reported it privately to Shielded Labs, which coordinated with the Zcash Open Development Lab to develop the patch. For his disclosure, Sol will receive a total bounty of 200 ZEC (around $50,000) from multiple organizations, the team said.
After the news, ZEC jumped over 10% to $255 before easing back to around $247, according to data from CoinGecko. The privacy-focused token is still down more than 50% since the beginning of the year and over 64% since last November’s privacy token frenzy.
