Zcash rebounded last week after a sharp decline following the disclosure of a counterfeit coin vulnerability. The development team has recently proposed an upgrade called Ironwood, which plans to migrate users to a patched new privacy pool and enable users running Zcash software to verify the total circulating supply of ZEC themselves.
Price has rebounded, but the weekly chart remains under pressure.
According to CoinDesk data, ZEC rebounded to around $437 on Monday, a roughly 45% increase from its Friday low near $300. However, for the week, ZEC still declined by approximately 22%.
Previously, Shielded Labs disclosed a critical vulnerability in Zcash's Orchard privacy pool. The vulnerability, undetected since 2022, could theoretically allow attackers to forge an unlimited number of fake ZEC and withdraw assets from the protected pool without detection.
Ironwood plans to launch a new privacy pool.
On June 6, Shielded Labs, the Zcash Foundation, and the Zcash Open Development Lab jointly proposed the Ironwood plan. The core approach involves activating a new privacy pool with patched code while halting the creation of new coins in the old Orchard pool.
After the upgrade takes effect, any user running Zcash software can aggregate balances across various pools to verify that the total ZEC supply on the network has not been inflated. This allows users to assess whether the supply is normal without relying solely on statements from the development team or waiting for all funds to complete migration.
Migration of old pool or exposure of suspicious tokens
According to the plan, users will gradually transfer their funds from the old pool to the new pool. If any forged ZEC exists in the old pool, these tokens will either be exposed during the transfer attempt or fail to migrate and remain stranded in the old pool, rendering them invalid.
The development team stated that this process could also help outsiders determine whether the vulnerability was ever actually exploited. Shielded Labs previously indicated that existing evidence suggests a low likelihood of the vulnerability being abused.
The upgrade time has not been determined yet.
Prior to Ironwood's proposal, the relevant team coordinated with mining pools such as ViaBTC and Foundry to patch the vulnerability within days via an emergency network upgrade.
However, the developers have not yet provided a clear launch schedule for Ironwood. They noted that the plan still requires completion of development, testing, and network-wide coordination, and the actual timeline may be longer than expected.