Zcash developers and researchers are discussing whether a recent protected pool could facilitate restore delivery verification confidence after the recently patched Orchard vulnerability.
Shielded Labs, an independent Swiss organization supporting Zcash, he said in a security update on Friday, it said it was exploring a proposed network upgrade that would include implementing a recent shielded pool and enforcing “turnover accounting” for coins moving out of Orchard, giving users a clearer way to verify the integrity of funds moving out of the pool.
The group said the proposal is still subject to further clarification and community review. Shielded Labs said it plans to publish another post next week explaining how the update will work and what trade-offs it may involve.
Founder of Zcash Open Development Lab (ZODL) Josh Swihart he said in a separate post However, he said he has no firm position on whether the community should build a second pool in Orchard.
The discussion followed an emergency Zcash update that patched a security flaw in Orchard. Shielded Labs said it may have enabled ZEC spoofing in the pool, although it said earlier operate of the tool was unlikely.
Cointelegraph reached out to ZODL, the Zcash team, and Shielded Labs for comment, but did not receive a response via publication.
Source: Josh Swift
ZEC drops after vulnerability is disclosed
In a security update, Shielded Labs stated that a vulnerability in Orchard could have allowed a bad actor to create an unlimited amount of fraudulent ZECs in the Orchard pool. The group said there is no cryptographic way to check whether a bug has been exploited before it is fixed, although it believes prior exploitation is unlikely.
As Cointelegraph reported on Wednesday, Zcash developers temporarily suspended transactions on Orchard after discovering the vulnerability and restoring functionality via an emergency network update.
According to CoinGecko data, the value of ZEC fell by about 50% on Friday from an intraday high of $550.30 to as low as $264.80 after the team publicly disclosed the vulnerability. He had the token extractive to $308.07 at the time of writing, still down sharply from Friday’s high.
24/7 Zcash token price chart. Source: CoinGecko
While the market crashed, some community members defended the team’s response to the incident. Justin Bons, founder and chief investment officer of CyberCapital, he said the market overreacted because the mistake was fixed and “good people noticed it first.”
Gemini co-founder Cameron Winklevoss he said the discovery reflected Zcash’s investment in security researchers rather than a cause for concern, arguing that bugs are inevitable in Layer 1 networks and that the key issue is whether teams can find and fix them before attackers do.
Related: Cryptocurrency losses in May dropped by 90% in a month to USD 68 million: CertiK
Formal verification becomes a topic of security debate
The incident renewed discussion about formal verification, a method that uses mathematical proofs to verify that software or cryptographic circuits conform to intended specifications.
Zcash developer and crypto researcher Sean Bowe he said that shielded protocols ensure privacy by relying on cryptographic assumptions to maintain supply integrity. The long-term answer, he said, is to ensure formal review of shielded protocols and their implementation.
Swihart agreed with this view, stating that the Orchard vulnerability is a flaw in the circuit’s hand-written rules rather than the underlying cryptography. Formal verification, he said, could limit human control to a concise specification and allow computers to check whether the circuit meets those rules.
Wei Dai, research partner at blockchain venture firm 1kx, also he said in post He said expanding the scope of formal review is “probably the only long-term solution.”
Warehouse: Bitcoin Miners Are Switching to Artificial Intelligence, So Why Is Hashrate Close to ATH?
