According to TechFlow TechFlow, on May 2nd, the Zcash Foundation officially announced the release of Zebra version 4.4.0. This update fixes several critical consensus-level security vulnerabilities and strongly recommends that all node operators upgrade immediately. These vulnerabilities include a denial-of-service vulnerability that could cause new blocks to stop being discovered permanently, consensus disagreements caused by incorrect block signature operation (sigops) counting, abnormal transparent transaction signature hash processing, and the risk of memory allocation amplification attacks.
The Zcash Foundation stated that some of these vulnerabilities could cause Zebra nodes to accept blocks rejected by zcashd, leading to chain forks. If not updated in time, nodes may face risks such as block discovery interruption, consensus forks, and amplified resource consumption, and there are currently no alternative mitigation solutions.
