ZcashTracker

Zebra 4.3.0 Released, Includes Critical Security Fixes.

Zcash Tracker Logo
ZcashTracker
Zebra 4.3.0 Released, Includes Critical Security Fixes.

Key Takeaways

  • Zebra 4.3.0 has been released, including critical security fixes, and immediate upgrades are strongly recommended for all node operators.
  • The release addresses a V5 transaction proof verification bypass that could have led to a chain split and a transaction deserialization panic capable of crashing Zebra nodes.
  • An initial implementation of the Network Sustainability Mechanism (ZIP-235) is included, though currently disabled by default and intended for testing.
  • Performance profiling tools and documentation have been improved for developers.
  • Additional bug fixes resolve issues with Regtest block propagation, pre-Canopy block subsidy calculations, and a Testnet performance regression.
Zebra 4.3.0 is now available, delivering critical security updates that necessitate immediate upgrading for all node operators. This release focuses on enhancing network resilience and stability through essential patches and introduces foundational elements for future protocol advancements on the Zcash network. Two significant vulnerabilities within Zebra’s transaction verification and deserialization logic have been addressed. One fix corrects a V5 transaction proof verification bypass (issue #10425). This flaw allowed V5 transactions to skip full proof verification if automatically marked as verified by their mined transaction IDs. While invalid transactions were not accepted, this inconsistency posed a risk of a chain split among Zebra nodes and other network participants if a transaction with an invalid proof were to be mined. The updated logic ensures comprehensive proof verification for all V5 transactions. A separate fix mitigates a transaction deserialization panic (issue #10426). Certain crafted transactions could previously trigger a panic in librustzcash during deserialization, potentially enabling an attack to crash a Zebra node. This has been resolved by implementing robust validation to ensure safe transaction deserialization before further processing. The vulnerability was responsibly disclosed by robustfengbin.

New Protocol Integration and Developer Tools

Get the Z-Brief

Zcash signal & market insights, without the noise.

🔒Zero spam. Zero sharing. Unsubscribe anytime.
This release integrates an initial implementation of ZIP-235, the Network Sustainability Mechanism. This feature is crucial for the long-term economic health of the Zcash network. Currently, ZIP-235 support is disabled by default, gated behind a feature flag, and intended for testing and development rather than production environments (issue #10357). Developer tooling has also seen improvements, with a dedicated profiling Cargo profile and expanded documentation now available. This update aims to streamline the workflow for developers diagnosing performance bottlenecks and optimizing Zebra's behavior (issue #10411).

Resolved Issues and Test Coverage

Several other bugs have been resolved to enhance network operation and development workflows:
  • Block propagation on the Regtest network, previously hindered, has been restored for local development and testing (issue #10403).
  • The `getblocksubsidy` RPC now accurately calculates miner rewards for blocks predating the Canopy network upgrade, correctly subtracting the Founders’ Reward (issue #10338).
  • A performance regression on Testnet, which caused Zebra to consume an entire CPU thread due to repeated checkpoint parsing, has been fixed by caching parsed checkpoints (issue #10409).
Additionally, test coverage has been improved to prevent future regressions. The V5 transaction test generator and NU5 branch ID strategy have been updated to cover a broader range of edge cases (issue #10429). All Zebra node operators are strongly advised to upgrade to version 4.3.0 without delay, primarily due to the critical security enhancements detailed in this release. The new version is available on GitHub. This release was made possible by the dedicated efforts of @arya2, @conradoplg, @gustavovalverde, @judah-caruso, @nuttycom, @oxarbitrage, and @upbqdn.

More to Digest

Zcash: Channel Resistance Holds as Derivatives, Spot Flows Diverge.

Zcash: Channel Resistance Holds as Derivatives, Spot Flows Diverge.

Zcash Price Consolidates Amid 0.91 Bitcoin Correlation, Liquidation Clusters.

Zcash Price Consolidates Amid 0.91 Bitcoin Correlation, Liquidation Clusters.

Zebra 4.2.0 Expands RPC, Strengthens Mempool Policy

Zebra 4.2.0 Expands RPC, Strengthens Mempool Policy

Bitcoin Recovery Fuels AI, Privacy Altcoin Gains; Utility-Driven Demand Cited.

Bitcoin Recovery Fuels AI, Privacy Altcoin Gains; Utility-Driven Demand Cited.

Zcash (ZEC) Market Trends and Future Outlook Analysis

Zcash (ZEC) Market Trends and Future Outlook Analysis

Zcash Data Shows Resistance Prevails Despite Signals.

Zcash Data Shows Resistance Prevails Despite Signals.

Zcash (ZEC) Price Analysis Outlines Valuation Metrics.

Zcash (ZEC) Price Analysis Outlines Valuation Metrics.

Zcash, Monero, Remittix Lead 2026 Crypto Investment Outlook.

Zcash, Monero, Remittix Lead 2026 Crypto Investment Outlook.