Shielded Labs is advancing a Zcash network upgrade proposal called Ironwood, designed to restore users’ ability to independently verify the soundness of Zcash’s circulating supply after a critical counterfeiting vulnerability was found in the Orchard shielded pool. The proposal was outlined by Zooko Wilcox, Zcash co-founder and Shielded Labs contributor, together with Jason McGee and Taylor Hornby of Shielded Labs, in a post on X describing coordination with the Zcash Foundation, Tachyon Group, Valar Group, and the Zcash Open Development Lab, known as ZODL.
Ironwood Seeks to Restore Zcash Supply Checks
The Ironwood proposal follows the discovery of a critical vulnerability in Zcash’s Orchard pool, the privacy-focused shielded pool introduced as part of the network’s broader shielded transaction architecture. The issue was addressed through an emergency network upgrade coordinated by ZODL and other ecosystem participants, with completion on June 2. The authors said prior exploitation was unlikely, but noted that Orchard’s privacy properties prevent users from independently confirming whether any counterfeit ZEC had been created.
In the proposal, Wilcox, McGee, and Hornby framed Ironwood as a way to shift supply assurance back from trust in expert assessment to direct verification by users running nodes. “Ironwood would allow users to verify that the circulating supply of Zcash is correct. Users would gain this ability immediately upon the activation of Ironwood, by simply summing up the balances of the active pools. They would not need to reason about other people’s incentives or actions, nor wait for migration from the Orchard pool, in order to verify that the total circulating supply of Zcash is correct.”
The proposal would create a new shielded pool using the Orchard circuit with the counterfeiting vulnerability fixed, while rejecting any transaction that creates a new output in the old Orchard pool. It also calls for additional assurance work on the codebase, including AI-assisted security auditing and formal verification, aimed at reducing the risk of further counterfeiting bugs. The central objective is not merely to patch the identified bug, but to restore a verifiable accounting model for circulating ZEC across the network’s active pools.
New Pool Rules Would Limit Orchard Risk Exposure
Ironwood’s key mechanism is to stop new activity from compounding risk inside the old Orchard pool. Once activated, transactions creating new outputs in that pool would be invalid under the proposed consensus rules, meaning ZEC could no longer continue circulating there in the ordinary way. Funds already in Orchard could only leave through Zcash’s turnstile accounting mechanism, which tracks value moving between pools and rejects transactions that attempt to withdraw more ZEC than legitimately entered.
The authors described the design as an immediate constraint on any excess supply that might have resulted from exploitation. “Together, these rules mean users do not need to wait for all, or even any, Orchard funds to migrate. As soon as Ironwood activates, users can verify from the consensus rules that no more than the correct amount of ZEC can be circulating. This provides an immediate, trustless guarantee of the soundness of the Zcash circulating supply.” They added that excess ZEC could not continue moving privately between Orchard users or escape into another pool.
The migration process may also generate evidence about whether the vulnerability was exploited, though the authors stressed that Ironwood’s supply-verification goal does not depend on that outcome. “As users migrate funds from the existing Orchard pool to the new pool, any hypothetical counterfeiter faces a choice: attempt to move counterfeit funds and risk exposing their existence, or leave them behind and risk being unable to move them in the future.” If no excess ZEC attempts to leave Orchard, the authors said that would be strong evidence against exploitation; if excess ZEC does try to leave, the turnstile rules would prevent it from exiting and would provide public evidence that counterfeiting occurred.
Wallet support and timing remain important open implementation issues. Shielded Labs recommends that wallets supporting the existing Orchard pool add support for the new pool, continue normal Orchard support until activation, and then migrate user funds. The authors acknowledged that migration can expose the amount transferred and timing of the transaction, but said the privacy impact should be modest and may be mitigated by wallet behavior. They also cautioned that Ironwood will require development, testing, review, and ecosystem coordination, with timing affected in part by the ongoing deprecation of zcashd and infrastructure migration to Zebra. “We want to emphasize that we believe prior exploitation of the Orchard vulnerability is unlikely. But users should not have to trust our assessment, or anyone else’s, when it comes to the integrity of the Zcash supply.”
AI Transparency Note: This article was prepared with the assistance of an AI system based on the sources listed and was reviewed, edited, and approved by a human editor before publication. All quotes, data points, and factual claims are intended to be grounded in the cited source material; however, errors cannot be ruled out entirely.