# Supply Related Articles

HTX News Center provides the latest articles and in-depth analysis on "Supply", covering market trends, project updates, tech developments, and regulatory policies in the crypto industry.

Four Questions on the Zcash Orchard Vulnerability: Was it Exploited? Can Funds Be Recovered? Is the Supply Verifiable? Are There Others?

**Summary: Zcash Orchard Vulnerability Analysis** A critical forgery vulnerability was recently discovered in Zcash's Orchard shielded pool, raising concerns about the coin's supply and user funds. The developers, led by Zcash Open Development Labs, acted swiftly to temporarily freeze the pool and deploy a fix. The article addresses four key questions: 1. **Was the vulnerability exploited?** While unknown, the developers believe it is unlikely for several reasons: the bug was difficult to find, using advanced AI tools; the fix was deployed quickly; and typical crypto exploits are fast, with no evidence of abnormal outflows. 2. **Can legitimate Orchard funds be recovered?** If the bug was not exploited, all funds are safe. If exploited, a mechanism limits total withdrawals from the pool to the amount legitimately entered, potentially blocking some legitimate funds. The developers deem this unlikely but advise cautious users to consider moving funds, noting the privacy and risk trade-offs of moving to transparent or Sapling pools. 3. **Can users verify Zcash's total supply?** Not currently. The vulnerability temporarily broke the ability for users to independently verify that no extra ZEC was created. 4. **Are there other forgery bugs?** Ongoing audits by multiple teams, including using advanced AI analysis, have so far found no others, increasing confidence. The proposed "Ironwood" network upgrade is the core solution. It will **seal** the Orchard pool, preventing new entries or internal circulation. This action, combined with the existing withdrawal mechanism, will restore the ability for any node operator to verify that Zcash's supply limit has not been violated, regardless of whether exploitation occurred in the past. The upgrade aims to restore the system's long-term credibility through user-verifiable supply integrity.

Odaily星球日报06/15 07:50

Four Questions on the Zcash Orchard Vulnerability: Was it Exploited? Can Funds Be Recovered? Is the Supply Verifiable? Are There Others?

Odaily星球日报06/15 07:50

ZEC Co-Founder Responds to Orchard Vulnerability: No Signs of Theft, Orchard Pool to Be Sealed

ZEC Co-Founder Addresses Orchard Vulnerability: No Signs of Theft, Plans to Sunset Orchard Pool A security vulnerability was recently discovered in Zcash's Orchard shielded pool, raising key concerns. The primary questions are whether the flaw was exploited, if user funds are safe, whether users can verify the total ZEC supply, and if other similar vulnerabilities exist. Analysis suggests the vulnerability was likely not exploited prior to its discovery. It was found proactively by a researcher using specialized tools, not due to an active breach. The development team and mining pools acted quickly to contain the issue. Typical financially-motivated attacks would likely have left visible on-chain evidence, which has not been observed. User funds in Orchard are considered safe and should be recoverable, assuming no prior exploitation. If the flaw was never used, all legitimate funds can be withdrawn. The article outlines risks associated with moving funds to transparent addresses or other pools, but concludes that leaving assets in place is a reasonable option. Currently, users cannot independently verify that the total ZEC supply hasn't been inflated due to this bug. However, the planned Ironwood network upgrade is designed to resolve this. It will permanently close the Orchard pool to new deposits and internal transfers, allowing only withdrawals. This mechanism will cap total withdrawals at the amount of legitimately deposited funds, enabling anyone to cryptographically verify the supply post-upgrade. Multiple teams, including Shielded Labs, have conducted extensive audits focused on counterfeiting vulnerabilities, assisted by advanced AI tools. No additional flaws of this type have been found so far, increasing confidence that no other similar undisclosed vulnerabilities exist. In summary, evidence indicates the Orchard bug was probably not used, user funds are secure, and no other counterfeiting flaws are currently known. The upcoming Ironwood upgrade will restore users' ability to independently verify the total ZEC supply, closing this chapter.

Foresight News06/15 03:49

ZEC Co-Founder Responds to Orchard Vulnerability: No Signs of Theft, Orchard Pool to Be Sealed

Foresight News06/15 03:49

Behind ZEC's Over 30% Plunge: An 'Unlimited Minting' Vulnerability with No Way to Prove if It Was Ever Exploited

A critical vulnerability was discovered in Zcash's Orchard privacy pool, allowing for the theoretical creation of undetectable counterfeit ZEC. Researcher Taylor Hornby found the flaw on May 29th, 2024, within the Orchard circuit's cryptographic constraints, which could let an attacker bypass asset conservation rules. Although a rapid emergency fix was deployed within days via a coordinated soft and hard fork, a core uncertainty remains: due to Orchard's privacy features, it is impossible to cryptographically prove whether this "unlimited mint" flaw was exploited in the nearly four years since the pool's 2022 launch. This uncertainty, rather than the patched flaw itself, triggered a market panic, causing ZEC's price to drop over 30%. While the Zcash Foundation stated no evidence of exploitation was found, independent entity Shielded Labs emphasized the impossibility of definitively proving no counterfeit ZEC was ever created. The incident highlights the unique trust challenge in privacy systems. To address this, developers are proposing a new network upgrade with enhanced auditing to allow verifiable proof of supply integrity. Notably, the researcher utilized the newly released AI model Claude Opus 4.8 as a tool during the security review, signaling the growing role of advanced AI in uncovering complex cryptographic vulnerabilities.

marsbit06/05 06:51

Behind ZEC's Over 30% Plunge: An 'Unlimited Minting' Vulnerability with No Way to Prove if It Was Ever Exploited

marsbit06/05 06:51

活动图片