Zcash Developers Unveil Ironwood Shielded Pool Plan Following Orchard Security Breach
The Ironwood initiative aims to halt new transactions in the existing Orchard pool while implementing a verification turnstile for funds transitioning to an upgraded shielded pool.
A new shielded pool named Ironwood is being proposed by Zcash developers following the discovery and patching of a security flaw that sparked worries about potentially undetected counterfeit ZEC entering the market.
On Saturday, the Zcash Open Development Lab (ZODL) announced collaboration with Tachyon, Valar Group, the Zcash Foundation and Shielded Labs on this proposed network enhancement, which aims to incorporate formal verification methods and independent security audits into the Orchard protocol, a privacy-focused system enabling users to transfer ZEC while keeping transaction information concealed.
Under the proposal, the existing Orchard pool would be shut down for new deposits and internal transactions, mandating that all funds move through a "turnstile," functioning as an accounting verification point, prior to accessing Ironwood.
On Wednesday, the Zcash Foundation revealed that security auditors had identified a vulnerability within the Orchard shielded pool. Development teams indicated that no evidence suggested user funds were compromised or that the total supply of Zcash had been altered.
Security auditors from Shielded Labs stated that the vulnerability had the potential to enable malicious actors to generate unlimited counterfeit ZEC inside Orchard while evading detection.
Ironwood could show whether counterfeit ZEC existed
Through a separate post on X, Shielded Labs indicated that Ironwood might reveal evidence regarding whether the Orchard vulnerability was actually exploited, although the proposal's viability doesn't hinge on retroactively proving this matter.
Should users transfer their holdings from Orchard to Ironwood and no surplus ZEC attempts to exit the legacy pool, this would provide strong indication that the vulnerability remained unexploited, according to Shielded Labs. Should surplus ZEC attempt to exit, the turnstile mechanism would block it, effectively stopping counterfeit tokens from infiltrating the circulating supply.
This distinction has sparked considerable debate within the community. Certain members have raised questions about whether Zcash can demonstrate the bug went unexploited without suggesting the existence of some form of backdoor mechanism. Other community members have contended that if Orchard becomes deprecated and funds can exclusively exit via a turnstile, any surplus coins would become trapped even if such coins existed.
On X, David Schwartz, who previously served as Ripple's chief technology officer, stated that assuming no exploits occurred, users would maintain safety regardless of whether they migrate their coins. He noted that users choosing to remain in the pool might find themselves "lonely" there, but their holdings would stay secure and accessible.
At the time of writing, ZEC was trading at $429. The cryptocurrency dropped to as low as $303 from levels above $600 when market traders responded to Friday's vulnerability announcement, based on data from CoinGecko.
According to ZODL, they are aiming for an Ironwood activation timeline of late July 2026, subject to completion of testing, comprehensive review processes and coordination throughout the Zcash ecosystem.