DoS is a type of cyber attack that would cost only $3 a day to cause problems to the Zcash network. It was revealed by the mathematician Duke Leto who, in a recent tweet, reported the bug, criticising Zcash for not having solved it yet.
Just a reminder that @ElectricCoinCo is demanding $1.1M USD per month salary, but can't be bothered to respond or fix a $ZEC Denial-of-Service on their main network that costs less than your daily coffee habit.
Will #ZcashDevFund be used to fix this? https://t.co/rOgRYU1LVd
— Duke Leto (@dukeleto) August 26, 2019
The Denial of Service (DoS) allows attacking any blockchain that uses the sapling protocol of Zcash 2.x. The severity of the attack depends on the blockchain values relative to the maximum size of the transactions and the maximum size of the block: a small number of machines is sufficient to block the entire network, as currently, the figure is 0.0576 ZEC per day.
The protocol has been listed with the name CVE-2019-11636 in the vulnerability database, explaining:
“Zcash 2.x allows an inexpensive approach to “fill all transactions of all blocks” and “prevent any real transaction from occurring” via “Sapling Wood-Chipper” attack.”
This protocol takes advantage of the fees of the Zcash blockchain, which by default are 0.0001 ZEC.
Leto hopes, as mentioned in the tweet, to have greater transparency on the fees and on the entire project so as to be able to intervene. This kind of DoS attack could be used to make unusable the blockchain which is already facing an uncertain period. The project could even be abandoned in the future, as declared by CEO Zooko Wilcox.