Zcash developers are proposing a new shielded pool called Ironwood after a recently patched bug raised concerns about whether counterfeit ZEC could have entered circulation unnoticed.

The Zcash Open Development Lab (ZODL) said Saturday that it is working with Tachyon, Valar Group, the Zcash Foundation and Shielded Labs on the proposed network upgrade, which would add formal verification and independent audits to the Orchard protocol, a privacy system that lets users move ZEC without revealing transaction details.

The proposal would close the current Orchard pool to new deposits and internal transactions, requiring funds to pass through a “turnstile,” which serves as an accounting checkpoint, before entering Ironwood.

The Zcash Foundation said Wednesday that auditors discovered a vulnerability in the Orchard shielded pool. Developers said there was no evidence that user funds were affected or that Zcash’s total supply changed. 

Auditors at Shielded Labs said the vulnerability could have allowed attackers to create an infinite amount of counterfeit ZEC within Orchard without detection.

Source: ZODL

Ironwood could show whether counterfeit ZEC existed

In a separate X post, Shielded Labs said Ironwood may produce evidence about whether the Orchard bug was ever exploited, though the proposal does not depend on proving the issue retroactively. 

If users migrate from Orchard to Ironwood and no excess ZEC tries to leave the old pool, that would be strong evidence that the vulnerability was never exploited, Shielded Labs said. If excess ZEC tries to leave, the turnstile would reject it, effectively preventing counterfeit coins from entering the supply. 

Related: Why ZEC fell 40% even after Zcash patched a shielded pool bug

The distinction has been a source of discussion among community members. Some questioned whether Zcash can prove the bug was not exploited without implying some kind of backdoor. Others argued that if Orchard is deprecated and funds can only leave through a turnstile, any excess coins would be trapped even if they existed. 

David Schwartz, Ripple’s former chief technology officer, said on X that if there were no exploits, users would remain safe whether or not they move their coins. He said users who stay in the pool may be “lonely” there, but their funds would remain safe and accessible.

Zcash 24-hour price chart. Source: CoinGecko

ZEC traded at $429 at the time of writing. It fell as low as $303 from above $600 when traders reacted to the vulnerability disclosure on Friday, according to CoinGecko.

ZODL said it plans to target Ironwood activation for late July 2026, pending testing, review and coordination across the Zcash ecosystem.

Magazine: Bitcoin miners are pivoting to AI, so why is the hashrate near ATHs?