Closed attritionorg closed 6 years ago
https://github.com/z-classic/node-stratum-pool/pull/34
The exploit was in a dependency written by an old developer. The new dependency is a copy of the ZCashCo solution verifier, and was implemented by ZenCash.
@tarrenj excellent, thanks for the pointer
Regarding this disclosure: https://github.com/edwardz246003/misc/blob/master/Attackers%20Fake%20Computational%20Power%20to%20Steal%20Cryptocurrencies%20from%20Mining%20Pools.md
"Other major crypytocurrencies and mining pools like Zclassic, BTG and Zcash also took actions to resolve the vulnerability."
Can one of the developers link to the fixing commit and/or version that resolves this? Thanks!