_pERC20Labs

There's a lot of confusion about the recently patched Zcash bug. Here's how to actually understand it. If the bug had been exploited before the patch (very unlikely it was), it would have looked like the shielded pool getting drained. Whoever minted the counterfeit shielded ZEC would want to sell fast, before anyone else found the same bug. And remember, the market for ZEC is almost entirely transparent ZEC, not shielded. You can't dump freshly minted shielded ZEC on Binance or Coinbase without unshielding it first. The losers in that scenario are shielded holders who sit still. The transparent portion of Zcash is fully visible, so it's trivial to enforce that transparent ZEC never exceeds max supply. If you try to unshield more than the cap, you'll get stopped at the door. So if you hold transparent ZEC (anyone trading, on an exchange, or doing price discovery on ZEC) there's no marginal effect on you. The loss falls entirely on shielded holders. The team's next step is a new turnstile and a fresh shielded pool in the coming upgrade, which will confirm the shielded pool was not inflated. Think of it as taking headcount at the end of the field trip--that will make sure no extra kids snuck onto the bus. But while AI found this bug, AI will also deliver the fix for the whole category: formal verification. I'm very bullish on this as the path to harden all software across the industry. Formally verified cryptography can't have implementation bugs by construction. Right now AI is surfacing vulnerabilities across all our software--browsers, OSes, and blockchains are no exception. We're in the awkward adolescence where every wart is getting magnified and put on full display. But formally verified software is the only path forward for mission-critical software, and Zcash has put it front and center on their roadmap to deliver. Privacy is too important not to. (Dragonfly holds $ZEC and continues to. I'm personally an investor in ZODL.)

New EIP! pERC20 - Privacy-Native Fungible Tokens 🔗 https://t.co/DBDudAF6I7 Highlights: - Not ERC-20 compatible by design: pERC20 removes public balance/allowance concepts (no balanceOf/approve/allowance/transferFrom) and replaces transfers with a ZK note-based interface (transfer(PrivacyCall)), because public balances would defeat the privacy goal. - Privacy-native from issuance: tokens are always represented as encrypted ZK-UTXO notes (Orchard-style actions with Groth16 proofs); there is no “public-to-private shielding” step—transfers are note→note and amounts/participants are private by default. - Public, on-chain verifiable supply: totalSupply remains public and is updated only through controlled mint(amount, ...) and burn(amount, ...); transfers must conserve value (valueBalance == 0), enabling “no invisible inflation” while keeping balances private. - Built-in compliance via frozen-root binding: every action commits to the contract’s cmxFrozenRoot, and the ZK circuit must prove the spent note commitment is NOT in the blacklist SMT. Admin can update the root (setFrozenRoot) to freeze/unfreeze specific notes without revealing normal users’ balances. - Security-critical invariants and checks: implementations must prevent double-spends with nullifiers and must range-check each public field (< Fr) to avoid nf + Fr-style bypasses; the core bundle execution must not be publicly callable to prevent unaccounted supply changes; signature points must be curve/field validated and replay protection must bind chainId + contract + note data. ELI5: This EIP proposes a new kind of token standard for Ethereum where people’s token amounts and who they pay are hidden by default. Instead of keeping a public “balance” per account like ERC-20, the token exists as many encrypted “notes” (like digital cash bills) that can be spent with zero-knowledge proofs. Everyone can still see the total number of tokens that exist (totalSupply) so the issuer can’t secretly create extra tokens. It also adds an optional-but-built-in “freeze list” mechanism: the token contract keeps a public fingerprint (root) of a blacklist, and the zero-knowledge proof must show you are not spending a frozen note.