leto
commented
4 years ago This paper seems to be the source of this new type of attack: https://orbilu.uni.lu/bitstream/10993/41278/1/Post_sapling_ZC_paper.pdf
Open leto opened 4 years ago
leto
commented
4 years ago This paper seems to be the source of this new type of attack: https://orbilu.uni.lu/bitstream/10993/41278/1/Post_sapling_ZC_paper.pdf
leto
commented
4 years ago Our new consolidation code changes take this attack into account, by only allowing 8 zinputs, we do not allow a high input arity to be spent at once, defeating attacks that send a unique number of dust outputs to an address and look for them to be spent.
leto
commented
4 years ago I consider our new "sapling consolidation" plus our modifications to add Sietch outputs and limit inputs to 8 are a good and viable defense against these kinds of attacks. They are not enabled by default, so the issue doesn't seem fully closed. Keeping this open to see what we learn.
leto
commented
4 years ago Current plan is to enable consolidation by default for SD, not sure what to do about SDL @DenioD
This is to track upstream issue: https://github.com/zcash/zcash/issues/4332
The current plan is to automate
z_mergetoaddressoperations for the user at the GUI wallet layer, detecting potential "zdust attacks" (lots of small unique amount zutxos) and triggering a "zsweep" with no user action. This fix does not need to change any RPC layer methods nor consensus rules, and does not address the issue for full nodes.For CLI full nodes, we can provide an RPC to opt-in to the "zsweep" or we can go the route of changing internals of hushd to autodetect the dust attack and auto-sweep the wallet.
This issue is to track this concern for hushd itself, SilentDragon, SilentDragonLite and any other wallets or software should get their own issue.