A team of academics has identified an issue with the
Zerocoin protocol, along with two security flaws in libzerocoin, the software library used for building actual cryptocurrencies around protocol.
Researchers said they found these three issues to affect at least five cryptocurrencies based on Zerocoin, each in varying degrees. The five are SmartCash, Zoin, Zcoin, Hexxcoin, and PIVX.
The four-man team of academics from Saarland University and the Friedrich-Alexander-Universität Nürnberg-Erlangen in Germany, have published their findings in a research paper titled "
Burning Zerocoins for Fun and for Profit."
The denial-of-spending issue
According to researchers, the Zerocoin protocol is affected by a denial-of-spending issue that allows attackers to halt a victim's legitimate transaction, and issue a "spend" operation before the legitimate request. This results in the approval of the attacker's "spend" and the rejection of the legitimate transaction —which is marked as a "double spend" operation/bug/attack.
Researchers say this protocol scheme issue affects SmartCash, Zoin, Zcoin, Hexxcoin, and PIVX. Three of the five —PIVX, SmartCash, and Hexxcoin— have disabled the Zerocoin protocol inside their respective cryptocurrency source code, following the disclosure of this issue.
The immediate result of such an action was that all the altcoins mined via the Zerocoin protocol became stuck in users' wallets.
.......
........
