News Heat Trend
Project Overview
Zebra is a decentralized exchange on Scroll offering users secure and dependable one-stop liquidity services. In Version 2.0, liquidity providers can set price ranges for the liquidity they provide, enabling them to bind their provided assets to a specific price range.
Zcash Foundation Releases Zebra 4.5.3 and 5.0.0 to Address Critical Orchard Vulnerability via Emergency Soft Fork and NU 6.2
The Zcash Foundation released Zebra versions 4.5.3 and 5.0.0 to address a critical soundness vulnerability in the Orchard zero-knowledge proof circuit. Version 4.5.3 temporarily disables Orchard operations via an emergency soft fork, while version 5.0.0 activates NU 6.2, re-enables Orchard using the patched circuit, and permanently closes the vulnerability.
Zcash Foundation Releases Zebra 4.5.1 Emergency Update: Fixes Critical Consensus-Level Security Vulnerability
Odaily news: The Zcash Foundation has announced the release of Zebra 4.5.1 version update to fix a consensus-critical security vulnerability and strongly recommends that all node operators upgrade immediately. The vulnerability, identified as GHSA-2prc-cj5x-4443, involves a sigops (signature operation count) counting error in P2SH transactions, which could lead to potential consensus fork risks. This fix corrects an incomplete patch in the previously released 4.5.0 version, which was just released yesterday.The Zcash development team stated that the issue stems from discrepancies in sigop counting logic between different implementations, which could cause nodes to produce different results when verifying transactions, thereby affecting consensus consistency on the chain. The fix resolves this by reverting and adjusting the Rust implementation logic to ensure alignment with the expected protocol behavior.The Zcash Foundation emphasized that there is currently no workaround for this issue, and upgrading to 4.5.1 is the only method to ensure nodes remain on the correct chain and avoid potential fork risks.
Zcash Foundation Urgently Releases Zebra 4.5.0: Critical Consensus Bug Fix and Mandatory Upgrade Recommended
: The Zcash Foundation has released version 4.5.0 of its node client, Zebra. This update includes multiple security fixes, addressing a critical consensus vulnerability and several high-severity Denial of Service (DoS) issues. All node operators are strongly urged to upgrade immediately.Key fixes in this release include a sigop counting error in P2SH script parsing (which could cause a consensus fork with zcashd), a logic flaw in NU5 block validation caching, a crash risk related to transparent address balance overflow, along with multiple crash and resource exhaustion vulnerabilities in RPC interfaces and mempool processing. The Foundation stated that some vulnerabilities could be exploited by malicious nodes, leading to node stalls, restart loops, or even permanent stoppage.Additionally, this version adds support for ZIP-213 (enabling shielded coinbase outputs to Sapling) and optimizes network performance and security boundaries. This includes limiting resource allocation during the pre-handshake phase, fixing risks related to multi-threaded queue abuse, and enhancing the misbehavior scoring mechanism.The Zcash Foundation stated that this update addresses over 80 security reports from the ZCG Vulnerability Disclosure Program (spanning April to May 2026), covering multiple layers including consensus security, memory management, RPC processing, and the P2P network attack surface. Officials emphasized that there is no alternative to this upgrade; upgrading is the only way to ensure nodes do not experience a chain split and remain secure.
Zcash Foundation: Zebra 4.4.0 Released—Multiple Consensus-Level Security Vulnerabilities Fixed; Nodes Urged to Upgrade Immediately
The Zcash Foundation officially announced the release of Zebra 4.4.0, which addresses multiple critical consensus-level security vulnerabilities. All node operators are strongly advised to upgrade immediately. The vulnerabilities include a denial-of-service (DoS) flaw that could permanently halt the discovery of new blocks; a signature operation (sigop) counting error in block validation that may cause consensus divergence; abnormal handling of transparent transaction signature hashes; and a memory allocation amplification attack risk. The Zcash Foundation stated that some of these vulnerabilities could cause Zebra nodes to accept blocks rejected by zcashd, potentially triggering a chain fork. Without timely upgrades, nodes risk interruption of block discovery, consensus forks, and amplified resource consumption. No alternative mitigations are currently available.
Zcash Foundation Releases Zebra 4.5.3 and 5.0.0 to Address Critical Orchard Vulnerability via Emergency Soft Fork and NU 6.2
The Zcash Foundation released Zebra versions 4.5.3 and 5.0.0 to address a critical soundness vulnerability in the Orchard zero-knowledge proof circuit. Version 4.5.3 temporarily disables Orchard operations via an emergency soft fork, while version 5.0.0 activates NU 6.2, re-enables Orchard using the patched circuit, and permanently closes the vulnerability.
Zcash Foundation Releases Zebra 4.5.1 Emergency Update: Fixes Critical Consensus-Level Security Vulnerability
Odaily news: The Zcash Foundation has announced the release of Zebra 4.5.1 version update to fix a consensus-critical security vulnerability and strongly recommends that all node operators upgrade immediately. The vulnerability, identified as GHSA-2prc-cj5x-4443, involves a sigops (signature operation count) counting error in P2SH transactions, which could lead to potential consensus fork risks. This fix corrects an incomplete patch in the previously released 4.5.0 version, which was just released yesterday.The Zcash development team stated that the issue stems from discrepancies in sigop counting logic between different implementations, which could cause nodes to produce different results when verifying transactions, thereby affecting consensus consistency on the chain. The fix resolves this by reverting and adjusting the Rust implementation logic to ensure alignment with the expected protocol behavior.The Zcash Foundation emphasized that there is currently no workaround for this issue, and upgrading to 4.5.1 is the only method to ensure nodes remain on the correct chain and avoid potential fork risks.
Zcash Foundation Urgently Releases Zebra 4.5.0: Critical Consensus Bug Fix and Mandatory Upgrade Recommended
: The Zcash Foundation has released version 4.5.0 of its node client, Zebra. This update includes multiple security fixes, addressing a critical consensus vulnerability and several high-severity Denial of Service (DoS) issues. All node operators are strongly urged to upgrade immediately.Key fixes in this release include a sigop counting error in P2SH script parsing (which could cause a consensus fork with zcashd), a logic flaw in NU5 block validation caching, a crash risk related to transparent address balance overflow, along with multiple crash and resource exhaustion vulnerabilities in RPC interfaces and mempool processing. The Foundation stated that some vulnerabilities could be exploited by malicious nodes, leading to node stalls, restart loops, or even permanent stoppage.Additionally, this version adds support for ZIP-213 (enabling shielded coinbase outputs to Sapling) and optimizes network performance and security boundaries. This includes limiting resource allocation during the pre-handshake phase, fixing risks related to multi-threaded queue abuse, and enhancing the misbehavior scoring mechanism.The Zcash Foundation stated that this update addresses over 80 security reports from the ZCG Vulnerability Disclosure Program (spanning April to May 2026), covering multiple layers including consensus security, memory management, RPC processing, and the P2P network attack surface. Officials emphasized that there is no alternative to this upgrade; upgrading is the only way to ensure nodes do not experience a chain split and remain secure.
Zcash Foundation: Zebra 4.4.0 Released—Multiple Consensus-Level Security Vulnerabilities Fixed; Nodes Urged to Upgrade Immediately
The Zcash Foundation officially announced the release of Zebra 4.4.0, which addresses multiple critical consensus-level security vulnerabilities. All node operators are strongly advised to upgrade immediately. The vulnerabilities include a denial-of-service (DoS) flaw that could permanently halt the discovery of new blocks; a signature operation (sigop) counting error in block validation that may cause consensus divergence; abnormal handling of transparent transaction signature hashes; and a memory allocation amplification attack risk. The Zcash Foundation stated that some of these vulnerabilities could cause Zebra nodes to accept blocks rejected by zcashd, potentially triggering a chain fork. Without timely upgrades, nodes risk interruption of block discovery, consensus forks, and amplified resource consumption. No alternative mitigations are currently available.
Related news
Zcash Foundation Releases Zebra 4.5.3 and 5.0.0 to Address Critical Orchard Vulnerability via Emergency Soft Fork and NU 6.2
The Zcash Foundation released Zebra versions 4.5.3 and 5.0.0 to address a critical soundness vulnerability in the Orchard zero-knowledge proof circuit. Version 4.5.3 temporarily disables Orchard operations via an emergency soft fork, while version 5.0.0 activates NU 6.2, re-enables Orchard using the patched circuit, and permanently closes the vulnerability.
Zcash Foundation Releases Zebra 4.5.1 Emergency Update: Fixes Critical Consensus-Level Security Vulnerability
Odaily news: The Zcash Foundation has announced the release of Zebra 4.5.1 version update to fix a consensus-critical security vulnerability and strongly recommends that all node operators upgrade immediately. The vulnerability, identified as GHSA-2prc-cj5x-4443, involves a sigops (signature operation count) counting error in P2SH transactions, which could lead to potential consensus fork risks. This fix corrects an incomplete patch in the previously released 4.5.0 version, which was just released yesterday.The Zcash development team stated that the issue stems from discrepancies in sigop counting logic between different implementations, which could cause nodes to produce different results when verifying transactions, thereby affecting consensus consistency on the chain. The fix resolves this by reverting and adjusting the Rust implementation logic to ensure alignment with the expected protocol behavior.The Zcash Foundation emphasized that there is currently no workaround for this issue, and upgrading to 4.5.1 is the only method to ensure nodes remain on the correct chain and avoid potential fork risks.
Zcash Foundation Urgently Releases Zebra 4.5.0: Critical Consensus Bug Fix and Mandatory Upgrade Recommended
: The Zcash Foundation has released version 4.5.0 of its node client, Zebra. This update includes multiple security fixes, addressing a critical consensus vulnerability and several high-severity Denial of Service (DoS) issues. All node operators are strongly urged to upgrade immediately.Key fixes in this release include a sigop counting error in P2SH script parsing (which could cause a consensus fork with zcashd), a logic flaw in NU5 block validation caching, a crash risk related to transparent address balance overflow, along with multiple crash and resource exhaustion vulnerabilities in RPC interfaces and mempool processing. The Foundation stated that some vulnerabilities could be exploited by malicious nodes, leading to node stalls, restart loops, or even permanent stoppage.Additionally, this version adds support for ZIP-213 (enabling shielded coinbase outputs to Sapling) and optimizes network performance and security boundaries. This includes limiting resource allocation during the pre-handshake phase, fixing risks related to multi-threaded queue abuse, and enhancing the misbehavior scoring mechanism.The Zcash Foundation stated that this update addresses over 80 security reports from the ZCG Vulnerability Disclosure Program (spanning April to May 2026), covering multiple layers including consensus security, memory management, RPC processing, and the P2P network attack surface. Officials emphasized that there is no alternative to this upgrade; upgrading is the only way to ensure nodes do not experience a chain split and remain secure.
Zcash Foundation Announces Takeover of Zcash Core Community Asset Management
the Zcash Foundation has officially announced the takeover of the management rights for several core Zcash community assets, including the Zcash GitHub Organization, the website and domain names, as well as the official @Zcash account on platform X.As Zcash development gradually centers around Zebra and the infrastructure maintained by the foundation, consolidating these community assets under the foundation's management is expected to improve long-term coordination efficiency and accountability. The Zcash GitHub Organization includes core code repositories such as librustzcash, zips, lightwalletd, and zcashd. The Zcash Foundation will be responsible for access permissions and repository governance, while the existing open-source licenses, community contribution permissions, and collaborative development models will remain unchanged.Additionally, the foundation announced a multi-year funding partnership with ZecHub, which will be responsible for the day-to-day operations of the website and the @Zcash account.
Zcash Foundation: Zebra 4.4.0 Released—Multiple Consensus-Level Security Vulnerabilities Fixed; Nodes Urged to Upgrade Immediately
The Zcash Foundation officially announced the release of Zebra 4.4.0, which addresses multiple critical consensus-level security vulnerabilities. All node operators are strongly advised to upgrade immediately. The vulnerabilities include a denial-of-service (DoS) flaw that could permanently halt the discovery of new blocks; a signature operation (sigop) counting error in block validation that may cause consensus divergence; abnormal handling of transparent transaction signature hashes; and a memory allocation amplification attack risk. The Zcash Foundation stated that some of these vulnerabilities could cause Zebra nodes to accept blocks rejected by zcashd, potentially triggering a chain fork. Without timely upgrades, nodes risk interruption of block discovery, consensus forks, and amplified resource consumption. No alternative mitigations are currently available.