
On July 17, the Zcash Foundation revealed the launch of Zebra 6.1.0, which is the latest version of its popular Rust-based Zcash full node software. This update is very important for the network and users as it brings a new tool for wallets and adds 4 major security fixes.
However, there are no new changes to the network rules. In order to avoid any issue on the network, the Zcash Foundation has urged all node operators to upgrade with the latest version.
Zebra is one of the main programs people use to run a full Zcash node. This program plays a major role in keeping the network secure, private, and running smoothly. The new version of Zebra 6.1.0 will make the network safer and easier to use for developers and node operators.
Zebra 6.1.0 Implements Four Security Fixes
The biggest highlight of Zebra 6.1.0 is the getstandardfee RPC command. This tool will allow wallets and other programs to quickly check the current standard fee set by ZIP-317 rules. It returns the marginal fee amount. Developers can also access this value directly in Rust code through transaction::zip317::MARGINAL_FEE. This makes it easy for wallets to suggest the right fee when users send transactions.
Zebra 6.1.0 comes with 4 major security fixes. These problems could affect block verification, node operation, and mining, but they did not cause any network problems, according to the official announcement.
- Block Template Size Issue (Low severity)
When creating a block for mining, Zebra sometimes made templates that were slightly too big. This could waste a miner’s computing power because the block would be rejected by the network. This fix reserves proper space for the block header and transaction count so that templates can stay within the allowed size.
“Zebra now reserves the network-specific header size and the maximum transaction-count width before selecting transactions, so templates stay within the limit,” the official document states.
- Pushed Transaction Failures (Moderate severity)
When someone sent a bad transaction directly to a node, Zebra did not always track who sent it. This allowed attackers to send many bad Orchard proofs and slow down the node. The fix properly records the sender, so repeated bad behaviour can lead to a ban.
- Quadratic Value Check in Block Verification (Moderate)
During block checking, Zebra was doing extra heavy work on large blocks on the blockchain with many small transactions. A specially made block could take over 50 seconds to verify. The fix makes this check much faster by only looking at the needed data.
- Chain Stall from Old Error
In some cases, a node could get stuck for many hours when handling certain blocks due to an old error record. The fix can clean up these records in the proper manner when a good block is accepted.
The official post stated that “Using the same ZIP-244 coinbase-malleability primitive as GHSA-4m69-67m6-prqp, an unauthenticated peer that won the propagation race could get a poisoned block sharing a canonical block’s hash rejected first, so the canonical successor was then rejected against the stale entry, stalling the node at that height for roughly 41 hours per trigger and repeatable on each new block. The stall cleared on restart, with no crash, consensus divergence, or state corruption. Zebra now removes a hash from the map when the canonical block at that hash commits successfully.”
After the discovery of a bug in the Orchard zero-knowledge proof circuit on the Zcash network, the Zcash community has taken proactive measures to fix the “exploitable bug” on the network in order to ensure the security of users. The Zcash Foundation coordinated a network upgrade, NU 6.2, and released an updated Zebra version to fix the issue.
The upcoming Ironwood upgrade is a major part of this ongoing security development, which is expected to activate on the Zcash mainnet on July 28. This upgrade is important as it will introduce a new shielded pool to replace the Orchard pool affected by the earlier bug.



