Advertisement

Shielded Labs Proposes New Zcash Upgrade to Prove ZEC Supply After Orchard Bug

The Zcash developer said researcher Taylor Hornby used Anthropic's latest AI model to find a flaw that could have minted undetectable counterfeit ZEC inside the Orchard privacy pool. It wants a further network upgrade to prove the supply is sound, beyond the emergency fix activated June 3.
By: The Defiant Team
Shielded Labs Proposes New Zcash Upgrade to Prove ZEC Supply After Orchard Bug

Shielded Labs proposed a new Zcash network upgrade that would let anyone verify the privacy coin's supply has not been secretly inflated, after disclosing that a recently patched bug in the network's main shielded pool could have allowed undetectable counterfeiting of ZEC.

Shielded Labs, a nonprofit that funds development of Zcash, the roughly 11th-largest cryptocurrency by market value, said in a blog post the vulnerability sat undiscovered in the Orchard pool from its May 2022 launch until engineers closed it this week.

ZEC reversed the week’s gains and is down 16% in the past seven days, and plunged 25% in the past 24 hours, as the bug came to light, according to CoinGecko data.

Orchard, Zcash's newest and largest shielded pool, holds more than 4 million ZEC, the bulk of the roughly 30% of supply that sits in private pools, according to shielded-supply trackers.

The episode highlights a tradeoff at the heart of privacy coins. The same cryptography that hides balances also makes it impossible to prove from the chain alone whether a bug was abused. Shielded Labs said there is no way to cryptographically determine whether anyone exploited the flaw before the fix, though it judged prior exploitation unlikely.

How the bug was found

Independent security researcher Taylor Hornby found the flaw on May 29 during an audit Shielded Labs commissioned, and disclosed it that evening to engineers at the Zcash Open Development Lab, or ZODL, the group that maintains the protocol.

Shielded Labs said Hornby used Anthropic's Opus 4.8 model, which it said was released May 28, alongside a custom AI tool, to write a working exploit that generated unlimited counterfeit ZEC in a local test environment. Run on mainnet, Shielded Labs said, the same tool would have produced unlimited, undetectable counterfeit ZEC.

The issue was a soundness bug, meaning the network could be made to accept a transaction it should have rejected. It stemmed from an under-constrained part of the Orchard circuit that let an attacker pass false inputs through an elliptic-curve check and still have the check pass, Shielded Labs said.

Shielded Labs described the impact as the ability to create unlimited, undetectable counterfeit ZEC within Orchard.

Total Supply Stays Intact

The Zcash Foundation, which builds the Zebra software used to run the network, described the risk in a post published Wednesday. It said exploitation could have allowed double-spending within Orchard but could not have inflated the total ZEC supply, which is capped by the network's "turnstile" accounting. The turnstile limits how much value can leave each pool to the amount that entered it.

The Foundation said the turnstile confirmed the total supply stayed intact and that there was no evidence of unauthorized value creation. Both groups agree the bug was caught before any known exploitation and that user privacy was not affected.

How the fix rolled out

After private coordination with miners and exchanges that began May 31, engineers shipped an emergency soft fork that disabled Orchard transactions. It was activated on June 2 at block 3,363,426. A hard-fork upgrade called NU6.2 then re-enabled Orchard with a corrected circuit on June 3 at block 3,364,600, the Foundation said. It called the response the second security-driven upgrade in Zcash's history since the network launched in 2016. The fix is tracked in a Zebra security advisory.

Orchard transfers were frozen during the window while transparent and Sapling transactions kept running. Some block explorers briefly showed no new blocks afterward, fueling confusion that the network had gone down.

The proposed upgrade

Shielded Labs said NU6.2 closes the bug but does not prove the Orchard supply was never tampered with. Its proposal would deploy a new shielded pool and route all coins leaving Orchard through turnstile accounting, letting anyone verify that no counterfeit ZEC exists.

Like any major upgrade, it would need community support and would have to pass Zcash's governance process before activation. Shielded Labs said it plans to publish the details next week.

The coordinated response has drawn criticism. Some developers and commentators argued the confidential fix, which relied on a small group of engineers, miners and exchanges, showed how centralized the network's emergency response can be, and questioned whether shielded pools can ever be fully audited.

Zcash

Advertisement

Get an edge in Crypto with our free daily newsletter

Know what matters in Crypto and Web3 with The Defiant Daily newsletter, Mon to Fri

90k+ Defiers informed every day. Unsubscribe anytime.