Shielded Labs rings the alarm as Zcash's double pivot tests whether Iron can bend without the Z stack 🥁
Zcash's Ironwood network upgrade, designed to close the door on a theoretical counterfeiting flaw in the privacy-focused blockchain's Orchard shielded pool, could face a postponement if exchanges, mining pools and wallet operators cannot get their systems ready by the targeted late-July activation window, Shielded Labs executive director Jason McGee said in a Zcash community forum post. Developers said the heightened readiness bar stems from two simultaneous projects running in parallel: deploying Ironwood, formally known as NU6.3, and retiring Zcash's long-standing node and wallet software, zcashd, in favor of a new Z3 stack that includes Zebra for operating a network node, Zaino for supplying blockchain data to applications and Zallet for wallet functions.
The Ironwood upgrade was announced in June after researchers discovered what they described as an "infinity" bug in Orchard, Zcash's main private transaction pool. The flaw could theoretically have allowed an attacker to create an unlimited amount of counterfeit ZEC tokens inside the pool without detection. Developers patched the bug on June 1 and said there was no evidence that the pool had ever been exploited, but Orchard's privacy features make it impossible to prove that no fake coins were created. Ironwood would open a replacement private pool and prevent new activity inside Orchard, with funds leaving the existing pool required to pass through an accounting checkpoint that blocks more ZEC from exiting than originally entered.
McGee said Zallet and Zaino remain under development and are not yet ready for production use, and that feedback gathered from infrastructure providers showed uneven preparedness, with some expecting to be on time and others asking for more runway. He added that no delay has been finalized. Zcash founder Zooko Wilcox said security reviews have found no additional serious bugs so far and that developers are also working to verify the new system before Ironwood activates, posting that "our current focus within the Zero project is to help them prepare to safely make the transition to Ironwood." Wilcox separately thanked "security researcher Taylor Hornby, using Anthropic's Claude Opus 4.8," for uncovering the four-year-old flaw.
Zcash developer Sean Bowe wrote on X on Thursday that "sufficient hash rate is signaling technical readiness for the mainnet upgrade" and that the "outstanding concern is that some wallets will not be prepared for the upgrade in time," adding that "this does not justify delaying Ironwood, given there will be adequate alternatives and sufficient time on testnet for anyone who needs it." An update from forum participant @aquietinvestor outlined the latest testnet progress and was shared by Wilcox. Official Zcash guidance documents warn that operators may need to modify their systems, as some zcashd functions will not have direct replacements in the new stack.
$ZEC's price has reflected the uncertainty since the vulnerability disclosure, with the token falling more than 50% in roughly two days, dropping from above $600 to a bottom near $300 before recovering part of the move. $ZEC recently traded at $457, per data from CoinGecko.
Mentioned Coins
Share Article
Quick Info
Disclaimer: This content is for information and entertainment purposes only. It does not constitute financial, investment, legal, or tax advice. Always do your own research and consult with qualified professionals before making any financial decisions.
See our Terms of Service, Privacy Policy, and Editorial Policy.