Zcash Weekly Developers Update 4-14-17


By Paige Peterson

Let’s start this update with work done in the middle of the week which focused on squashing a DoS vulnerability coming from an update in 1.0.4 to transaction priority handling. The result was a security announcement and hotfix release (1.0.8-1) which we HIGHLY recommend all users update to asap.

Investigation and mitigation of this vulnerability took about 24-48 hours of engineering time and we’re still working on finalizing related alerts which we’ll send to nodes requesting they upgrade. We still intend 1.0.9 to be released next week but it may include less than we originally planned and/or being pushed back a day or two.

This week started off continuing our refinement of release process. It was decided that after the upcoming 1.0.9 release, each subsequent release will go out on the 3rd Tuesday of each month. This means 1.0.10 will be planned to go out on May 16th. We’ve also decided to dedicate regular meeting times to discuss the future Sapling hard fork and a preliminary hard fork (HF0) which will be useful for standardizing a safe process and make the work for future hard forks more predictable. We also set up a regular meeting for the pre-Sapling priorities (payment disclosure, payment offloading & XCAT) to sync up on their progress and finalize remaining to-dos to get them out the door.

Speaking of HF0, we had a meeting about it! Here are the notes!

Some other engineering focuses earlier in the week included low memory proving which replaces loading the proving key into memory as a whole with a streaming process, loading it in in pieces and disguarding (PR 2243), further work on building a public block observatory, putting pieces together for a testnet faucet (which we intend to hand off for third party management once stable), work on a ZIP draft for XCAT, and more work on the javascript library for the payment offloading proof of concept.

We also posted part 4 of our series on explaining zk-SNARKS.

The website also saw some improvements to the getting started flow and the privacy & security recommendations. Let us know what you think!