How can this vulnerability impact me? :

The vulnerability can lead to a network split between Zebra nodes and zcashd nodes. This split can cause inconsistencies in the blockchain state across different nodes, potentially undermining the reliability and security of the network.

If you run a Zebra node, you might follow a chain that is considered invalid by the majority of the network (zcashd nodes), which can affect transaction finality and consensus.

Useful 0 Not Useful 0

Can you explain this vulnerability to me?

This vulnerability exists in Zebra, a Zcash node implementation written in Rust. Prior to version 4.4.0, Zebra's block validator undercounts transparent signature operations (sigops) against the 20000-sigop block limit (MAX_BLOCK_SIGOPS). This means Zebra accepts blocks that exceed the sigop limit, which are rejected by the official zcashd node with a bad-blk-sigops error.

As a result, a miner can produce a block that Zebra nodes accept but zcashd nodes reject, causing a network split where Zebra nodes follow a different chain than zcashd nodes. This issue was fixed in Zebra version 4.4.0.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade Zebra to version 4.4.0 or later, where the issue with undercounting transparent signature operations has been patched.

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0