In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade zebrad to version 4.5.0 or higher.
zebrad is a The Zcash Foundation's independent, consensus-compatible implementation of a Zcash node
Affected versions of this package are vulnerable to Operation on a Resource after Expiration or Release in the pop_tip process. An attacker can cause persistent corruption of subtree root data by triggering chain forks and subsequent block reverts, leading to incorrect wallet synchronization or wallet state for downstream consumers. This is only exploitable if the node participates in a network where chain forks occur and the default configuration is used.
This vulnerability can be mitigated by periodically verifying subtree root consistency using z_getsubtreesbyindex against a known-good reference.