Zcash Foundation issues emergency Zebra upgrades after critical Orchard bug found The Zcash Foundation pushed two urgent Zebra releases this week after engineers discovered and patched a critical soundness bug in the Orchard Action circuit — the part of Zcash that validates shielded transactions in the newest privacy pool. What happened - Zebra 4.5.3 activated an emergency soft fork at mainnet block height 3,363,426. For the short term, the release rejected transactions and blocks containing Orchard actions while engineers prepared a corrected circuit. - After a coordination hiccup during initial deployment, the soft fork went live at about 02:00 UTC on June 2. The Foundation had begun private coordination with miners and exchanges on May 31 to limit the risk before public disclosure. - Zebra 5.0.0 then activated the NU6.2 hard fork at mainnet block height 3,364,600. This upgrade re-enabled Orchard actions with the corrected circuit and routed Orchard proofs to a new per‑circuit verifying key. Because fixing the zero‑knowledge circuit required a new pinned verifying key, a hard fork was necessary. Discovery and response - The bug was reported on May 29 by independent researcher Taylor Hornby during a protocol audit for Shielded Labs. Zcash developers Daira-Emma Hopwood, Kris Nuttycombe and Jack Grigg (ZODL) confirmed and fixed the issue within hours. - The Foundation said the flaw could have allowed invalid state changes inside the Orchard pool and possible double‑spending limited to that pool. Importantly, Zcash’s turnstile mechanism preserved total ZEC supply, and there is “no evidence of unauthorized value creation.” - Affected components included older releases of halo2_gadgets, orchard, zcash_primitives and zcashd versions 5.0.0 through 6.12.3. Why this matters - Orchard is Zcash’s newest shielded pool, launched with NU5 in 2022. It uses Halo 2 (which removed the need for a trusted setup) and has become central to Zcash’s privacy roadmap. - Recent reporting shows growing shielded usage: roughly 30% of ZEC supply is estimated to have moved into shielded pools, with Orchard holding about 4.2 million ZEC and accounting for most recent growth. - The Foundation emphasized that user privacy was not compromised during the incident. Sapling and transparent transaction types continued to operate normally while Orchard actions were paused. - This NU6.2 activation is only the second security‑driven protocol upgrade in Zcash’s history (since 2016). Action required - The Foundation “strongly urge[s] all node operators to upgrade to Zebra 5.0.0 as soon as possible.” Operators still running older releases risk being left on an incorrect fork after NU6.2; such nodes may need to resync from scratch or restore from a backup made before activation. - Total ZEC supply was confirmed intact throughout the process. The Zcash Foundation published a full update with technical details and guidance for node operators. If you run a node or operate infrastructure for Zcash, upgrade to Zebra 5.0.0 immediately and follow the Foundation’s remediation steps.
Zcash Urges Immediate Upgrade to Zebra 5.0.0 After Critical Orchard Bug Fix
ChainGPTShare
Summary
Zcash has issued a call for an urgent network upgrade to Zebra 5.0.0 following a critical fix to the Orchard Action circuit. The bug, reported by Taylor Hornby on May 29, could have enabled invalid state changes and limited double-spending in the Orchard shielded pool. Zebra 4.5.3 paused Orchard actions, while Zebra 5.0.0 re-enabled them with a corrected circuit via the NU6.2 hard fork. The Zcash Foundation confirmed no unauthorized value creation and urged all node operators to complete the blockchain upgrade immediately to avoid being left on an incorrect fork.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.