CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

GHSA-gf9r-m956-97qx: zebrad has consensus divergence via P2SH sigop undercount in pure-Rust disabled-opcode parser

criticalCVE-2026-52735
Am I affected You are affected if: 1. You run any version of zebrad up to and including v4.4.1. 2. Your node validates blocks on mainnet, testnet, or any network where both Zebra and zcashd nodes participate. All default configurations are affected. No feature flags, non-default settings, or special build options are required. Summary Zebra's P2SH sigop counter uses a pure-Rust code path that short-circuits on disabled opcodes (such as OP_CODESEPARATOR), returning a partial count of zero for any sigops following the disabled opcode. The reference implementation (zcashd) correctly counts through disabled opcodes in its static sigop analysis. This produces a consensus divergence: Zebra accepts blocks that zcashd rejects when the block-wide MAX_BLOCK_SIGOPS = 20,000 threshold is crossed on one side but not the other. An attacker can exploit this without mining capability. Broadcasting transactions that spend P2SH outputs with malicious redeem scripts is sufficient; any Zebra miner who includes those transactions in a block triggers a chain split between Zebra and zcashd validators. Details The P2SH sigop counter at zebra-script/src/lib.rs:399 calls script::Code(redeemed_bytes).sig_op_count(true), which is a pure-Rust path through zcash_script-0.4.4. The legacy (non-P2SH) sigop counter at lib.rs:282-289 correctly uses the C++ FFI via interpreter.legacy_sigop_count_script(). Only the P2SH path bypasses the FFI. The Rust parser in zcash_script-0.4.4/src/opcode/mod.rs:1247-1260 treats 16 disabled opcodes (0x7e through 0xab, including OP_CAT, OP_SUBSTR, OP_AND, OP_OR, OP_XOR, OP_2MUL, OP_2DIV, OP_MUL, OP_DIV, OP_MOD, OP_LSHIFT, OP_RSHIFT, and OP_CODESEPARATOR) as Err(Error::Disabled(...)). The sig_op_count function at iter.rs:104-115 uses try_fold, which terminates on the first Err and returns the partial sum accumulated so far. zcashd's GetOp2 (script.h:514-562) returns true for all non-pus

Details

Source
GitHub Security Advisories (INTL · database · site)
Severity
critical
Published
2026-07-02
Last updated
2026-07-02
Exploitation
Not in CISA KEV at last sync

Original advisory: https://github.com/advisories/GHSA-gf9r-m956-97qx

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-52735coverage & exploitation statusNVD · CVE.org

More from GitHub Security Advisories