Josh Finer

Wait this is so cool: Zcash is about to audit a private shielded pool without breaking privacy. Orchard had a bug that could theoretically allow counterfeit notes. There’s no evidence it was exploited, but “no evidence” is not the same as “mathematically proven.” The plan: create a fresh pool called Ironwood. Wallets start using Ironwood by default. Old Orchard stops accepting new outside funds AND internal transcations. Now any value in old Orchard has to pass through the public turnstile before it can be useful again. The turnstile doesn’t reveal private tx history. It just enforces the aggregate accounting: no more ZEC can leave a pool than legitimately entered it. So the migration becomes an audit. If fake claims exist, they either create a supply mismatch on the way out, or they stay trapped in a pool that wallets no longer treat as economically live. That’s a very elegant crypto-native incident response: preserve privacy, preserve UX, and force the system to prove the old pool’s supply over time.

No, Zcash was not exploited. The people who patched it were all top 0.001% of their field. The methodology to find it is known and accessible to 0.01% of people. The circumstances to find it were to hire a person whom already discovered an inflation bug 10 years earlier. The circulating supply is following the predictable supply curve. The Orchard pool is growing at a predictable rate consistent with the chain’s usage. And even if it did get exploited (it didn’t), this is, worst case, similar to The DAO exploit in Ethereum, where 20% of the supply sat in the compromised smart contract, as opposed to the infinite mint bug on Bitcoin (21 million –> 184 billion). Coming to your favorite coin next, but not Zcash.

There's a lot of confusion about the recently patched Zcash bug. Here's how to actually understand it. If the bug had been exploited before the patch (very unlikely it was), it would have looked like the shielded pool getting drained. Whoever minted the counterfeit shielded ZEC would want to sell fast, before anyone else found the same bug. And remember, the market for ZEC is almost entirely transparent ZEC, not shielded. You can't dump freshly minted shielded ZEC on Binance or Coinbase without unshielding it first. The losers in that scenario are shielded holders who sit still. The transparent portion of Zcash is fully visible, so it's trivial to enforce that transparent ZEC never exceeds max supply. If you try to unshield more than the cap, you'll get stopped at the door. So if you hold transparent ZEC (anyone trading, on an exchange, or doing price discovery on ZEC) there's no marginal effect on you. The loss falls entirely on shielded holders. The team's next step is a new turnstile and a fresh shielded pool in the coming upgrade, which will confirm the shielded pool was not inflated. Think of it as taking headcount at the end of the field trip--that will make sure no extra kids snuck onto the bus. But while AI found this bug, AI will also deliver the fix for the whole category: formal verification. I'm very bullish on this as the path to harden all software across the industry. Formally verified cryptography can't have implementation bugs by construction. Right now AI is surfacing vulnerabilities across all our software--browsers, OSes, and blockchains are no exception. We're in the awkward adolescence where every wart is getting magnified and put on full display. But formally verified software is the only path forward for mission-critical software, and Zcash has put it front and center on their roadmap to deliver. Privacy is too important not to. (Dragonfly holds $ZEC and continues to. I'm personally an investor in ZODL.)

In the age of AI, formal verification is the way forward for securing software and Zcash is leading the way. Zcash will introduce formal verification in the next network upgrade, making "print money" bugs in shielded pools impossible. Encrypted money with provable correctness is unstoppable.