Zcash prepares Ironwood to verify supply

The Zcash community has put forward Ironwood, a proposed network upgrade meant to restore a core property of the protocol: allowing each user to verify that the circulating supply of ZEC remains correct. The post on the Zcash Community Forum, authored by Zooko Wilcox, Jason McGee and Taylor Hornby of Shielded Labs, says Shielded Labs is working with the Zcash Foundation, Tachyon Group, Valar Group and ZODL on the change. It follows a critical counterfeiting vulnerability discovered in Orchard, Zcash’s current shielded pool, which was remediated through an emergency network upgrade completed on June 2. For developers, the important test is whether that rule can be shipped without breaking everyday shielded payments.

The issue is specific to confidential payment systems. In Zcash, shielded pools hide amounts and recipients, protecting privacy but making some internal balances harder to inspect publicly. The authors say they believe exploitation of the Orchard flaw was unlikely, but also note that Orchard’s privacy properties prevent users from verifying that directly. Ironwood is therefore not mainly a product launch. It is a protocol repair aimed at restoring a technical guarantee: a node should be able to check that active ZEC does not exceed the legitimate supply.

The proposal relies on two main rules. First, it creates a new shielded pool, also based on the Orchard circuit, with the counterfeiting flaw fixed. Second, it makes invalid any transaction that creates a new output in the old Orchard pool. Existing funds would then be able to leave only through a “turnstile”, an on-chain accounting mechanism that tracks value moving between pools. If a transaction tried to move out more ZEC than legitimately entered, it would be rejected. ZODL says the team is targeting late July 2026 for activation, subject to testing, audits and coordination with wallets, nodes and other network participants.

The practical stakes go beyond Zcash. Privacy blockchains must balance auditability and transaction secrecy, two goals that can pull against each other when a cryptographic bug affects a core pool. Ironwood shows a cautious response: isolate the old pool, route new movement toward a repaired version, and make supply verification depend on consensus rules rather than trust in developer assurances. It does not remove every risk. Migration can create operational work for wallets, exchanges and users, and it may reveal some timing and amount information. Still, the signal is clear: after Orchard, Zcash wants to turn a supply-verifiability crisis into a rule that ordinary nodes can check.