Zcash developers weigh new gated pool after Orchard bug.
Zcash developers and researchers are discussing whether a new hedged pool can restore trust in proof of supply after the recent patchy garden vulnerability.
Shielded Labs, an independent Swiss Zcash support firm, announced in a security update on Friday that it is testing a network upgrade that deploys a new shielded pool and enforces “turnstile accounting” on coins moving from Orchard, a transparent way for users to verify the authenticity of funds withdrawn from the pool.
The group said the proposal is still subject to further clarification and community review. Shield Labs said it plans to publish a follow-up post next week detailing how the update will work and what transactions it might involve.
Zcash Open Development Lab (ZODL) founder Josh Swihart said in a separate X post that a second fruit pool could in principle be targeted for the Zcash NU7 update by the end of July. But he said that the society is not taking a permanent position on whether to build a second fruit pool or not.
The discussion follows an unexpected Zcash update that covered an Orchard vulnerability Shield Labs said could have allowed fake ZEC into the pool, despite previously saying an exploit was unlikely.
Cointelegraph reached out to ZODL, the Zcash team and Shield Labs for comment, but did not receive a response by press time.
Source: Josh Swihart
ZEC will collapse after the release of the vulnerability statement
In a security update, the Shield Labs Orchard vulnerability could have allowed a bad actor to create an unlimited amount of fake ZEC in the Orchard pool. The team says there is no cryptographic way to prove the bug was used before it was fixed, though it believes early exploitation is unlikely.
As Cointelegraph reported on Wednesday, Zcash developers have temporarily suspended Orchard transactions after discovering the vulnerability and restoring operations through an emergency network update.
On Friday, ZEC fell from a daily high of $550.30 to $264.80, according to CoinGecko data, after the group publicly disclosed the vulnerability. The token has recovered to $308.07 at the time of writing, still down from Friday's high.
Zcash token 24-hour price chart. Source: CoinGecko
While the market fell, some community members defended the group's response to the crisis. Justin Bones, founder and chief investment officer of Cyber Capital, said the market was overreacting because the error was corrected and “the good guys caught it first.”
Gemini founder Cameron Winklevoss said the findings reflect Zcash's investment in security researchers rather than alarmism, arguing that bugs are inevitable in Layer-1 networks and that the key issue is whether teams can find and fix them before attackers do.
Related: Crypto Mining Losses Drop 90% Month to $68M: CertiK
Standard authentication enters the security argument
The incident has renewed discussion around formal verification, a method that uses mathematical proofs to ensure that software or cryptographic circuits adhere to prescribed standards.
According to Zcash developer and cryptography researcher Sean Bowe, encrypted protocols provide privacy by relying on cryptographic assumptions to protect the integrity of the supply. The long-term answer, he said, is to routinely check for protected protocols and their performance.
Swihart echoed that view, saying Orchard's vulnerability was a flaw in the circuit's handwritten rules rather than underlying encryption. Standardization, he said, can reduce human evaluation to a brief description and allow computers to verify that the circuit conforms to these rules.
Wei Dai, a research partner at blockchain venture firm 1kx, also said in an X-Post that Orchard's circuit error was “obvious in hindsight” but escaped diligent protocol designers, cryptographers and auditors. Expanding standard insurance coverage is “probably the only long-term solution,” he said.
Magazine: Bitcoin Miners Are Turning to AI, So Why Is Hashrate Near ATH?
