[m_eiman]

In addition to the compute power, you also need som other things:

"An attacker would need to hijack the address for a peer that has been offline for 30 days or communicate only with other peers that do not have a cached identity for the hijacked address."

[_hyn3]

If you have access to the victim's ZeroTier dashboard (or API calls), that's trivial to get. Even if there are currently no disclosed vulns in the dashboard, that doesn't mean that none exist.