A Denial-of-Service (DoS) attack can be conducted on the Zcash network at a cost of less than $3, daily. The attack causes the Zcash network to become full to its maximum and thus, prevent regular people from making transactions. Also, the attack is aimed at forcing the Zcash team to allow users to set their transaction fees.
A DoS attack on Blockchains Using Zcash 2.x Sapling Protocol
Duke Leto has created a protocol called Sapling Woodchipper. Sapling Woodchipper is a DoS attack that takes advantage of chain parameters such as the maximum block size and maximum transaction size. The protocol can implement DoS attacks on blockchains using the Zcash 2.x Sapling protocol, including Zcash.
Also, a study of how the Sapling Woodchipper attack works show that less than $3 is required to implement it daily. Despite its cheap cost, the attack still requires a powerful CPU to run smoothly.
Sapling Woodchipper has also been listed on the National Vulnerability Database (NVD). NVD considers it as a cheap method of filling all transactions of all blocks on a blockchain.
In the case of the Zcash blockchain, the protocol-level DoS causes the network to be full when regular transactions are to be made. As such, it prevents such transactions from being processed.
DoS Attack Exploits Zcash’s Hidden Market Fees
Reportedly, Sapling Woodchipper can influence the Zcash network by exploiting the platform’s hidden market fee to miners and mining pools. The latter is a fee attached to transactions even though users may not be aware of it. Similarly, users are unable to customize the fees themselves.
The latter can be linked to an excerpt from the Zcash Wallet Developer UX Checklist which states that: “Do not allow users to customize fees” because “Our network is fast enough that mining incentivization is not an issue.” Also, the inability to customize fees can be tied to the fact that Zcash users can still send transactions larger than 1MB, unlike other blockchains.
On the other hand, Duke Leto revealed that the inability for users to customize the fees for their transactions is why the protocol was created. It is in a bid to force the Zcash developers to allow users to decide the transaction fees themselves. Also, the protocol aims to cause a migration of Zcash’s source code forks to varying fees based on a transaction’s size.