A design flaw in the SAPLING_VERIFY_UPDATE Michelson opcode renders unshielding transactions from the shielded pools implemented in sapling_contract.tz malleable. This affects any deployment of this sample contract on the Tezos mainnet, and could potentially extend to other contracts following a similar pattern. We have implemented a new, strengthened, version of this primitive which should become the required opcode for safer integration of Sapling transactions in Michelson smart contracts. ...
