Script/patch to implement CVE-2019-16930 #32
Labels
bounty
make dat money
bug
Something isn't working
hacktoberfest
Hack zcash zaddrs
help wanted
Extra attention is needed
Comments
|
Thanks to @DenioD for adding another 1000 HUSH to the original 10000 HUSH bounty |
|
Anon donations for this bounty can be sent to this address, on HUSH, KMD or any smart chain: https://dexstats.info/assetviewer.php?address=RHFjxYLrncfBxwZrbxQxYcGc4aMSDL9U3P |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Current Bounty
0.1 BTC
0.1 BCH
11,000 HUSH
25 KMD
Background:
http://duke.leto.net/2019/10/01/zcash-metadata-leakage-cve-2019-16930.html
We all know that ECC lies via omission and tries to hide important security vulnerabilities and refuses to provide binaries to protect their users nor proof that the bug exists and is fixed. The only course of action is developing our own exploit, to verify new HUSH code works correctly.
A total of 11,000 HUSH bounty for a script/patch to a full HUSH node which can de-anonymize zaddrs to their IP addresses. Any language can be used. Access to a full node on localhost can be assumed, as well as any custom patches to the local node that are needed which don't break consensus.
Deliverable
A script which, given a zaddr, returns the IP address(es) associated with any nodes that have the private or viewing key of that zaddr. If no nodes which own that zaddr are online, the script is expected to fail. This bounty can assume the target node is online and this bounty is only concerned with Sapling zaddrs which start with zs1, not older-style zaddrs, which HUSH does not have.
The text was updated successfully, but these errors were encountered: