Shielded Labs Proposes Zcash Upgrade to Verify Supply After Bug

Shielded Labs has proposed a new Zcash network upgrade that would allow anyone to verify the privacy coin’s supply has not been secretly inflated. The proposal follows the disclosure of a recently patched bug in the network’s main shielded pool, which could have allowed undetectable counterfeiting of $ZEC.

Shielded Labs, a nonprofit that funds Zcash development, said in a blog post that the vulnerability lay undiscovered in the Orchard pool from its May 2022 launch until engineers closed it this week. Zcash is roughly the 11th-largest cryptocurrency by market value. According to CoinGecko data, $ZEC has reversed the week’s gains, down 16% in the past seven days and plunging 25% in the past 24 hours as news of the bug emerged.

Orchard, Zcash’s newest and largest shielded pool, holds more than 4 million $ZEC. That is the bulk of the roughly 30% of supply that sits in private pools, according to shielded-supply trackers. The episode highlights a tradeoff at the heart of privacy coins: the same cryptography that hides balances also makes it impossible to prove from the chain alone whether a bug was abused. Shielded Labs said there is no way to cryptographically determine whether anyone exploited the flaw before the fix, though it judged prior exploitation unlikely.

How the bug was found

Independent security researcher Taylor Hornby found the flaw on May 29 during an audit Shielded Labs commissioned. He disclosed it that evening to engineers at the Zcash Open Development Lab (ZODL), the group that maintains the protocol. Shielded Labs said Hornby used Anthropic’s Opus 4.8 model, released May 28, alongside a custom AI tool. He wrote a working exploit that generated unlimited counterfeit $ZEC in a local test environment. Run on mainnet, Shielded Labs said, the same tool would have produced unlimited, undetectable counterfeit $ZEC.

The issue was a soundness bug, meaning the network could be made to accept a transaction it should have rejected. It stemmed from an under-constrained part of the Orchard circuit that let an attacker pass false inputs through an elliptic-curve check and still have the check pass. Shielded Labs described the impact as the ability to create unlimited, undetectable counterfeit $ZEC within Orchard.

Total supply stays intact

The Zcash Foundation, which builds the Zebra software used to run the network, described the risk in a post published Wednesday. It said exploitation could have allowed double-spending within Orchard but could not have inflated the total $ZEC supply, which is capped by the network’s “turnstile” accounting. The turnstile limits how much value can leave each pool to the amount that entered it. The Foundation said the turnstile confirmed the total supply stayed intact and that there was no evidence of unauthorized value creation. Both groups agree the bug was caught before any known exploitation and that user privacy was not affected.

How the fix rolled out

After private coordination with miners and exchanges that began May 31, engineers shipped an emergency soft fork that disabled Orchard transactions. It was activated on June 2 at block 3,363,426. A hard-fork upgrade called NU6.2 then re-enabled Orchard with a corrected circuit on June 3 at block 3,364,600, the Foundation said. It called the response the second security-driven upgrade in Zcash’s history since the network launched in 2016. The fix is tracked in a Zebra security advisory. Orchard transfers were frozen during the window while transparent and Sapling transactions kept running. Some block explorers briefly showed no new blocks afterward, fueling confusion that the network had gone down.

The proposed upgrade

Shielded Labs said NU6.2 closes the bug but does not prove the Orchard supply was never tampered with. Its proposal would deploy a new shielded pool and route all coins leaving Orchard through turnstile accounting, letting anyone verify that no counterfeit $ZEC exists. Like any major upgrade, it would need community support and would have to pass Zcash’s governance process before activation. Shielded Labs said it plans to publish the details next week. The coordinated response has drawn criticism. Some developers and commentators argued the confidential fix, which relied on a small group of engineers, miners and exchanges, showed how centralized the network’s emergency response can be. They also questioned whether shielded pools can ever be fully audited.

The post Shielded Labs Proposes Zcash Upgrade to Verify Supply After Bug appeared first on TheCryptoUpdates.