Shielded Labs Proposes Zcash Upgrade to Verify Supply After Orchard Bug Disclosure

Shielded Labs proposed a new Zcash network upgrade that would let anyone verify the privacy coin's supply has not been secretly inflated, the nonprofit disclosed alongside news that a recently patched bug in the network's main shielded pool could have allowed undetectable counterfeiting of $ZEC. The vulnerability sat in Zcash's Orchard pool from its May 2022 launch until engineers closed it this week, according to a Shielded Labs blog post. Shielded Labs said there is no way to cryptographically determine whether anyone exploited the flaw before the fix, though it judged prior exploitation unlikely.

The flaw was discovered on May 29 by independent security researcher Taylor Hornby during an audit Shielded Labs commissioned, and disclosed that evening to engineers at the Zcash Open Development Lab, or ZODL, the group that maintains the protocol. Shielded Labs said Hornby used Anthropic's Opus 4.8 model, which it said was released May 28, alongside a custom AI tool to write a working exploit that generated unlimited counterfeit $ZEC in a local test environment. Run on mainnet, Shielded Labs said, the same tool would have produced unlimited, undetectable counterfeit $ZEC. The issue was a soundness bug stemming from an under-constrained part of the Orchard circuit that let an attacker pass false inputs through an elliptic-curve check and still have the check pass.

The Zcash Foundation, which builds the Zebra software used to run the network, offered a narrower description of the risk in a post published Wednesday. It said exploitation could have allowed double-spending within Orchard but could not have inflated the total $ZEC supply, which is capped by the network's "turnstile" accounting. The Foundation said the turnstile confirmed the total supply stayed intact and that there was no evidence of unauthorized value creation. Both groups said the bug was caught before any known exploitation and that user privacy was not affected.

Zcash ranks as the roughly 11th-largest cryptocurrency by market value. $ZEC reversed the week's gains and is down 16% in the past seven days, and plunged 25% in the past 24 hours, as the bug came to light, according to CoinGecko data. Orchard, Zcash's newest and largest shielded pool, holds more than 4 million $ZEC, the bulk of the roughly 30% of supply that sits in private pools, according to shielded-supply trackers. The fix rolled out after Shielded Labs began coordinating with miners and exchanges following private disclosure.