Zcash developers temporarily suspended Orchard transactions after discovering a critical vulnerability in the privacy-focused blockchain’s latest shielded pool, then restored functionality through an emergency network upgrade.
On Wednesday, the Zcash Foundation said the vulnerability affected Orchard’s zero-knowledge proof circuit and could have allowed invalid state transitions within the pool. However, the Foundation said there was no evidence that the bug was exploited, no unauthorized value creation was detected, and user privacy was not affected.
The fix was carried out through a two-step emergency upgrade. Zebra 4.5.3 temporarily disabled Orchard actions, while Zebra 5.0.0 activated the NU6.2 upgrade to re-enable Orchard with a corrected circuit, according to the Foundation.
The emergency response shows how a bug in core privacy infrastructure can require coordinated action across miners, exchanges and node operators, even when user funds and total supply are not affected.
The upgrade also appeared to have caused confusion across parts of the Zcash ecosystem. One Zcash block explorer showed block 3,364,601 as the latest block mined at 5:27 am UTC, while the page listed it as mined about four hours earlier, prompting reports on X that the Zcash network was down.
Zcash Open Development Lab (ZODL)-affiliated contributor Tatyana said the network experienced “a brief period of instability” as miners upgraded and converged on new consensus rules. The post did not directly name the block explorer or wallet issues, but said network stability had been fully restored by about 3:00 am Eastern Time on June 2.
Cointelegraph reached out to the Zcash Foundation for comment but had not received a response by publication.
Zcash Block Explorer showing the last mined block four hours ago. Source: Zcash Block Explorer
According to the Zcash Foundation, the vulnerability was discovered on May 29 by independent security researcher Taylor Hornby during an ongoing protocol audit for Shielded Labs. The issue was disclosed to ZODL core engineers, who confirmed it and began preparing remediation options.
Zcash incident sparks confusion among community members
Mert Mumtaz, CEO of Solana infrastructure firm Helius, disputed the reports, saying the network was “not down” and that some explorer apps were connected to a bad node.
Pseudonymous community member Zerodarts echoed the sentiment, saying that “blocks are being mined” and that most block explorers need to update their nodes.
Related: Zcash is ‘running its own bull market’ as ZEC price paints 88% rally setup
However, community member Railgoon said Zcash miners and developers had frozen the Orchard shielded pool to patch a vulnerability before a hard fork. He said the network was therefore “partially intentionally down” at the time, but had since recovered.
Zcash’s ZEC token briefly fell below $600 to $599 after reaching a daily high of $637, according to CoinGecko data. However, it had recovered to $614 at the time of writing.
Magazine: Korea’s first memecoin rug-pull case, China’s crypto rules review: Asia Express
Be the first to comment