Zcash weighs new shielded pool after counterfeiting flaw

Zcash developers are evaluating a new shielded pool design following discovery of the Orchard bug, which exposed critical vulnerabilities in the protocol's supply verification mechanisms.

The Orchard bug created conditions where counterfeit coins could theoretically be generated without detection. This undermines one of Zcash's core value propositions: a privacy-focused coin with cryptographically proven supply integrity. Unlike Bitcoin's transparent ledger, Zcash's shielded transactions obscure sender, receiver, and amounts, making supply audits exponentially harder.

The proposed solution involves implementing "turnstile accounting," a mechanism that tracks value flowing in and out of the shielded pool with deterministic precision. This would establish cryptographic proof that no coins were created from nothing during shielded transactions. Developers frame this as essential infrastructure for maintaining consensus on Zcash's total supply, even when transaction details remain hidden.

The bug's discovery forced hard questions about privacy-centric design trade-offs. Traditional blockchains sacrifice privacy for transparent auditability. Zcash attempted to preserve both. The Orchard flaw revealed gaps in that balance. A new shielded pool would incorporate hardened accounting rules from the start rather than patching existing structures.

This represents a significant technical undertaking. Zcash would need to migrate users and liquidity from the current Orchard pool to the new system, manage transition incentives, and ensure backward compatibility with existing infrastructure. The timeline and exact specifications remain under discussion within the developer community.

The incident reflects broader tensions in privacy coin design. Monero takes a different approach, relying on constant ring mixing and mandatory privacy. Zcash's optional shielding creates different attack surfaces. Fixing supply verification without sacrificing privacy features will determine whether Zcash can retain developer and user confidence.

Implementation details matter enormously