ZCash is among privacy-focused coins that may be prone to undetectable inflation which is probably caused by a bug in its code. Although it is hard to measure or even detect the inflation, it is not entirely impossible and ZCash is one of the many that had a bug opening up the platform to undetectable inflation. The bug was found on the platform’s implementation of the zero-knowledge proofs that help in transactions being anonymous.
The Bug Allows Minting Of Coins without Detection
With the bug, an attacker would be able to mint “an infinite amount of ZEC and other affected coins without detection.”
The discovery was made in March 2018, and ZCash engineers kept it a secret and even worked on a solution secretly. However, it was after eight months later that the bug was fixed through a system upgrade. Since it was undetectable and could have allowed counterfeiting of ZEC tokens, the technical team said that they were unable to provide proof that the bug was not exploited although they haven’t encountered any issues related to the bug.
“The other privacy coins affected were not informed about the bug. After fixing the vulnerability on its network, the ZCash team informed the security team at Komodo and Horizen, two largest coins affected by the bug aside ZCash, detailing instructions on how to fix the bug. Both of these projects have managed to fix in on their networks, but other smaller privacy-coins are still open to the attack, including Bitcoin Private.”
Not only ZCash, there are other culprits. Other coins that may have bugs causing undetectable inflation are Monero, QuisQuis, and Grin.
Tim Ruffing, a tweeter user, noted:
“Among those, we’re aware of bugs that could lead to undetectable inflation in implementations of Zerocash (fixed) and Zerocoin (privacy features are disabled to make sure it’s not exploitable.) We can’t know to what extent those bugs have been exploited to print money.”
With undetectable inflation, some expressed their fears in joining the crypto movement.
“This is what scares me about crypto, how many people in the world are actually capable of spot checking the code in defense against nefarious actors (also what if those capable have already been targeted and converted). What if the coders are secretly attempting a coup?”
Beam, a privacy-focused cryptocurrency using a MimbleWimble implementation, recently underwent a spot check for vulnerabilities. Out of the audit, “the exploitable surface for undetectable inflation bugs in MimbleWimble implementations is much smaller than ZCash and includes the Bulletproofs implementations only,” noted a twitter user.
Zerocoin Is Also Not Safe
Zerocoin lacks an verifiable supply and may have fallen victim to undetectable inflation. For instance, in April, the network recognized suspicious patterns in the mint and spend operations prompting pools to deactivate Zerocoin awaiting investigations.
It was later revealed that the irregularities were caused by “a failure in the cryptography of the Zerocoin protocol and that it affected all Zerocoin implementations.” Later, the vulnerability was fixed. However, Ruffing notes that:
“This bug is exploitable in an undetectable way and in a detectable way.”