Zcash weighs second shielded pool and turnstile checks

Zcash developers and support organizations are discussing a network upgrade that would add a second shielded pool and enforce “turnstile accounting” on funds leaving Orchard to help users verify supply integrity.

Shielded Labs, a Swiss-based independent Zcash support organization, published a security update saying it is exploring the proposal. The group said it will publish a follow-up post next week explaining how the change would work and what trade-offs, such as complexity or effects on privacy and performance, might be involved. The proposal remains subject to further community review.

Developers applied an emergency network upgrade earlier this month after discovering a vulnerability in Orchard, the protocol that manages a Zcash shielded pool. Orchard transactions were temporarily suspended and functionality was restored through the patch. Shielded Labs said the bug could have allowed a bad actor to create unlimited counterfeit ZEC within the Orchard pool. The group added there is no cryptographic method to prove whether the flaw was exploited before the fix, and it judged prior exploitation to be unlikely.

The public disclosure of the vulnerability led to sharp market moves. ZEC fell about 50% from a daily high near $550 to lows around $265, then recovered to roughly $308 at the time of reporting.

Reaction from community members and industry figures varied. Justin Bons, founder and chief investment officer of CyberCapital, wrote that the market had overreacted and that “the good guys caught it first.” Cameron Winklevoss, a cryptocurrency entrepreneur, noted that finding and fixing bugs is part of maintaining layer-1 networks and highlighted the role of security research in discovering vulnerabilities.

The incident renewed debate within the Zcash community about formal verification, a process that uses mathematical proofs to check that software or cryptographic circuits follow their specifications. Sean Bowe, a Zcash developer and cryptography researcher, argued that shielded protocols rely on cryptographic assumptions to preserve privacy and that making protocols and implementations amenable to formal verification is a long-term solution.

Josh Swihart, founder of the Zcash Open Development Lab, suggested in a social post that a second Orchard pool could, in principle, be included in the NU7 network upgrade planned for the end of July, while stopping short of endorsing the change. Swihart described the Orchard vulnerability as a flaw in the circuit’s handwritten rules rather than in underlying cryptography and said formal verification could reduce human review to a concise specification that software can check. Wei Dai, a research partner at venture firm 1kx, commented that the bug looked obvious in retrospect but had been missed by designers and auditors and that expanding formal verification coverage is likely the only long-term fix.

Shielded Labs described the proposed combination of a new shielded pool and turnstile accounting as a way to make coin flows visible enough for users to check that funds leaving Orchard match legitimate inflows, while aiming to preserve transactional privacy. Any change would require detailed design work, community feedback and formal review before being considered for inclusion in a scheduled network upgrade.

Developers, support organizations and community members continue technical and governance discussions on measures to strengthen supply verification and reduce the risk of similar vulnerabilities.