ZCash and Other Sapling-based Altcoins are Subject to Powerful DoS Attacks

Grudges can go a long way in the cryptocurrency world. This is particularly apparent where altcoins are concerned. In the case of ZCash, a new tool has been released. It is allegedly capable of performing a DoS attack against this network. Although the code is not publicly available, it won’t take long until someone decides to give this a try. 

The Sapling Woodchipper

Those who follow the development of ZCash will know about the most recent upgrade. Known as Sapling, it introduces a wide range of changes and upgrades. In most cases, the code introduced by such upgrades should make the network more secure. In the case of ZCash, that might not necessarily be the case this time around. 

What makes this particular tool so powerful is how it can be used. Not only can users perform DOS attacks against the ZCash network itself. It is possible to attack any blockchain implementing the ZCash 2.x Sapling protocol. Any currency forked from ZCash thus becomes a potential target for anyone looking to mess around. The consequences of such an attack are difficult to predict.

How Does it Work?

Using the Sapling Woodchipper doesn’t require a wide range of computers to flood the network. Instead, a lot of damage can be done with just one machine. It is a very CPU intensive method of attack, which means more powerful computers can cause more havoc. Interestingly enough, the code which allows this tool to be used was recently merged in the ZCash main code. 

Due to the Sapling upgrade, transactions can fill up entire network blocks. Since the ZCash protocol produces just 576 blocks per day, it becomes somewhat straightforward to exploit the network. By actively filling all network blocks, users could cripple this network altogether. It is also worth noting this attack vector can be mitigated, albeit it would also force the maximum transaction size down once again. 

Is it a Problem?

Even though the GitHub repository associated with the Sapling Woodchipper seems legit, it is unclear if this tool poses a real threat. It is a proof of concept which will not be shared with the general public at this time. In fact, this user doesn’t want any harm to be done through this tool. It is merely a research project to show how damaging these seemingly innocent code changes can be if anyone with nefarious intentions takes a closer look at things. 

That being said, it does show how vulnerable alternative blockchains can be, even in 2019. Since this code issue dates back to October 2018, it is almost a miracle no one has taken advantage of it as of yet. That situation can come to change fairly soon, depending on how the developers will handle this problem. Ignoring the code which can be abused wouldn’t be in anyone’s best interest, after all. 

Disclaimer: This is not trading or investment advice. The above article is for entertainment and education purposes only. Please do your own research before purchasing or investing into any cryptocurrency or digital currency.


Leave a Comment

Your email address will not be published. Required fields are marked *