In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade zebrad to version 5.0.0 or higher.
zebrad is a The Zcash Foundation's independent, consensus-compatible implementation of a Zcash node
Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the assign_advice process. An attacker can bypass circuit soundness and authorize unauthorized spends or double-spend notes by providing crafted private circuit inputs that exploit the lack of constraints on the base value. This allows repeated spending of the same note with distinct nullifiers or unauthorized spending of existing notes if the attacker knows the corresponding incoming viewing key. Exploitation is undetectable on-chain and only requires setting specific private inputs.