This article was first published on Komodo
At the beginning of November 2018, the Zcash Security Team contacted Komodo to initiate a vulnerability disclosure agreement. Later in the same month, Zcash reach out once again to inform the Komodo Development Team about a critical vulnerability with the Zcash code base. Komodo is grateful that the Zcash team handled this issue in such a secure and professional manner, allowing Komodo to quickly reach a solution.
Komodo’s Dev Team, along with developers from the Verus Coin project, began evaluating the situation immediately. The team of developers and security experts decided to merge the fix that Zcash had implemented with other, Komodo-specific improvements to the codebase.
This allowed the real purpose of the upgrade— eliminating a vulnerability— to remain concealed and thus less likely to be exploited in the time before the new code was activated. The Komodo Dev Team deemed this essential to the safety of the ecosystem.
Komodo activated these changes to the code base on December 15, successfully hard-forking over 40 blockchains at the same time with no complications. Of course, this upgrade included the ZCash Sapling upgrade, 7 new assetchain parameters upstreamed to Komodo from Verus Coin, and an increase in block size from 2 Mb to 4 Mb, as well as the fix to the vulnerability.
Komodo’s developers reacted fast, removing the vulnerability within weeks of notification. It’s important to point out that the Komodo Development Team didn’t simply eliminate this vulnerability for the KMD chain. Rather, the Dev Team created a solution and pushed the upgrade throughout the ecosystem, securing 40 independent blockchains with one update.
The Komodo Dev Team is constantly working behind the scenes with third-party security experts and professional cryptographic code auditors to ensure the security of the Komodo ecosystem. Keeping with best practices, when vulnerabilities are ...
To keep reading, please go to the original article at: