According to recent estimates, it costs almost $3-per-day to conduct a Denial-of-Service attack on Zcash. One can do this with the ‘Sapling Woodchipper’ protocol.
Recent metrics regarding the implementation of a Denial-of-Service (DoS) protocol indicates that it costs just a few dollars to attack Zcash (ZEC) daily. The protocol’s creator, Duke Leto (@dukeleto), says that he created it to compel the Zcash team to act on the severe issues plaguing the network.
An Extremely Cheap Way to Clog the Entire Zcash Network
The so-called ‘Sapling Woodchipper’ is a protocol that allows for DoS attacks on any cryptocurrency which implements the Zcash 2.x Sapling protocol. Most notably, this is what Zcash itself uses.
The severity of the attack depends on chain parameters, like maximum transaction size and maximum block size. However, only one or a few machines can disable a network in an asymmetric attack. It works by making sure that the blockchain is filled to the maximum to prevent regular users from making transactions. The Sapling Woodchipper attack does require a powerful CPU to run correctly, however, but is still extremely cheap to conduct.
The protocol-level DoS is listed under CVE-2019-11636 on the National Vulnerability Database and has been recognized as an “inexpensive approach to ‘fill all transactions of all blocks'” on Zcash.
To be clear, the creator of Sapling Woodchipper is not trying to use the protocol-level DoS for evil. Instead, as is listed on its website, “the motivation for this CVE is to make the Zcash protocol, source code and network more secure.”
A ‘Hidden’ Zcash Fee Market
Sapling Woodchipper exploits what the creator, Duke Leto, calls a ‘hidden’ fee market, which the network doesn’t speak of but everyone knows of. This shadow market works for miners and mining pools, but “various Zcash people, up to and including the CEO, would prefer to tell people that no fee market exists,” he writes.
This is evident on the Zcash Wallet Developer UX Checklist where one of the points is “[disabling] users from setting their own transaction fees.” Users are not allowed to customize fees since “our network is fast enough that mining incentivization is not an issue.”
What this means is that incentive structures are not public, and can thus easily be exploited. For example, although most mining pools will not mine a transaction larger than 1MB, the Zcash codebase still nonetheless ‘allows’ for this. Paying a double fee clearly speeds up confirmations, which indicates that a shadow fee market undeniably exists.
The author of Sapling Woodchipper hopes that “all source code forks of Zcash migrate to variable fees based on transaction size, to fully mitigate transaction-based Denial-of-Service attacks.” Also, users should have the option to choose network fees just like they can in regular Bitcoin wallets. Given how easy it is to implement this DoS attack, the request seems altogether reasonable.
The Zcash team has yet to respond to this exploit formally. Zcash was recently dropped by Coinbase’s U.K. branch as well.
Do you agree with the solutions put forward by Leto? Is it reasonable? Let us know your thoughts in the comments down below.
Images are courtesy of Shutterstock.