Zcash Plans Upgrade Following Orchard Counterfeit Bug

TLDR

• Zcash developers are evaluating a new shielded pool to strengthen supply verification after patching the Orchard vulnerability.
• Shielded Labs proposed turnstile accounting to improve transparency for coins exiting the Orchard pool.
• The team confirmed that the flaw could have enabled counterfeit ZEC, although prior exploitation is considered unlikely.
• ZEC price dropped nearly 50% after the vulnerability disclosure before partially recovering.
• Community members renewed calls for formal verification to prevent similar circuit flaws in future upgrades.

Zcash developers are assessing a new shielded pool after patching a counterfeiting flaw in Orchard. Shielded Labs said it is exploring a network upgrade to strengthen supply verification. Meanwhile, the proposal awaits community review as ZEC price volatility continues.

Zcash Considers Second Orchard Pool for Supply Assurance

Shielded Labs said it is evaluating a network upgrade that would introduce a new shielded pool. The group explained that the plan would apply turnstile accounting to coins exiting Orchard. As a result, users could verify funds leaving the pool with clearer accounting rules. However, the organization said it will publish detailed tradeoffs next week.

Josh Swihart, founder of Zcash Open Development Lab, addressed the proposal on X. He said a second Orchard pool could align with the NU7 upgrade planned for late July. However, he stated that he holds no fixed position on adopting the change. He emphasized that community discussion will guide the final direction.

The discussion follows an emergency upgrade that patched a vulnerability in Orchard. Shielded Labs said the flaw could have enabled unlimited counterfeit ZEC within the pool. However, the team believes prior exploitation remains unlikely. Still, it acknowledged that cryptography cannot confirm whether exploitation occurred before the patch.

Earlier, developers suspended Orchard transactions after identifying the issue. They restored functionality through an emergency network upgrade. Consequently, the network resumed normal operations after the fix. The team disclosed the vulnerability publicly on Friday.

Following disclosure, ZEC dropped nearly 50% within hours. The token fell from $550.30 to $264.80, according to CoinGecko data. Later, it recovered to $308.07, though it remained sharply lower.

Formal Verification Debate Intensifies Within Zcash Community

The vulnerability revived debate over formal verification in Zcash. Developers discussed whether mathematical proofs could prevent similar circuit errors. Sean Bowe said shielded protocols rely on cryptographic assumptions to preserve supply integrity. He argued that formal verification offers a long-term solution.

Swihart also addressed the circuit flaw in his comments. He said the error stemmed from handwritten circuit rules, not broken cryptography. He explained that formal verification could convert those rules into concise specifications. Then, computers could confirm whether implementations match intended designs.

Wei Dai, research partner at 1kx, commented on the flaw publicly. He said the bug appeared obvious in retrospect yet escaped expert review. He added that expanding formal verification coverage is “probably the only long-term solution.” His remarks echoed calls for stronger verification standards.

During the market decline, some figures defended the development team. Justin Bons of CyberCapital said the market overreacted because “the good guys caught it first.” Cameron Winklevoss stated that finding bugs reflects active security research. He argued that the key issue lies in discovering and fixing flaws before attackers exploit them.

The post Zcash Plans Upgrade Following Orchard Counterfeit Bug appeared first on Blockonomi.