Zcash Ironwood Upgrade Activates July 28 to Fix Orchard Pool Vulnerability

ZEC8.23%

Zcash has locked in the activation date for its Ironwood upgrade, formally designated NU6.3, which will deploy on July 28 at block height 3,428,143, expected around 8 a.m. EST, according to core developer Sean Bowe. The upgrade directly addresses a critical vulnerability discovered in the Orchard shielded pool—Zcash's primary privacy transaction layer—that theoretically allowed unlimited counterfeit ZEC creation. Developers found no evidence the flaw was exploited before emergency patches were deployed and the NU6.2 hard fork activated on June 3. The Ironwood upgrade introduces an accounting checkpoint requiring all funds exiting Orchard to pass verification, designed to detect any hypothetical counterfeit coins created through the earlier bug. The vulnerability disclosure triggered a roughly 50% ZEC price drop from $602.68 to $299.25 on June 3, with partial recovery to $492.61 following the network's transparent response and technical remediation plan.

Zcash Ironwood Upgrade Activates July 28 at Block 3,428,143

Sean Bowe confirmed the final activation parameters in a public statement: "All of the major organizations are committed to activation of NU6.3 at height 3428143, which is approximately July 28th at 8AM EST." The announcement resolved weeks of uncertainty about the upgrade timeline.

The July 28 date represents a one-week delay from the originally planned July 21 rollout. Shielded Labs raised concerns that exchanges, mining pools, and wallet providers were simultaneously migrating from the legacy zcashd software to the new Z3 stack—a bundle including Zebra, Zaino, and Zallet. The organization flagged that running two major transitions concurrently created tight preparation windows. Despite discussions about extending the delay further, Bowe's confirmation established July 28 as the final activation date.

Orchard Pool Vulnerability Discovered and Patched Before Public Disclosure

The Ironwood upgrade was conceived as a direct response to what developers termed an "infinity bug" discovered inside the Orchard shielded pool. The flaw theoretically allowed a bad actor to mint unlimited counterfeit ZEC without detection inside the shielded environment.

Shielded Labs disclosed the issue and stated that no evidence was found of the vulnerability being exploited. Emergency software updates were deployed before the bug became public knowledge. Developers first disabled Orchard transactions entirely through a temporary network patch, then activated the NU6.2 hard fork on June 3 to fix the underlying code and restore pool functionality.

The disclosure and remediation timeline left a residual uncertainty: even with no proof of exploitation, the theoretical possibility that counterfeit coins could exist inside Orchard required a verification mechanism beyond the code fix itself.

Accounting Checkpoint Filters Funds Exiting Orchard Pool

The technical core of the Ironwood upgrade is an accounting checkpoint embedded into the fund migration process. Under the new protocol, any ZEC leaving the Orchard pool must pass through this checkpoint before entering the newly created private pool that Ironwood establishes. The checkpoint is designed to expose discrepancies—if counterfeit ZEC was created, moving it would trigger detection.

The design creates an asymmetric outcome for any hypothetical counterfeiter: attempt to migrate fake coins and risk exposing them, or leave them permanently stranded in a pool that will no longer accept new activity. The migration process itself functions as a distributed audit, with every user who moves funds participating in the verification.

ZEC Price Dropped 50% After Vulnerability Disclosure, Recovered to $492.61

The vulnerability disclosure triggered a sharp market reaction. When the Orchard bug became public on June 3—the same day as the NU6.2 hard fork—ZEC fell approximately 50%, sliding from $602.68 to $299.25.

The token has since recovered a portion of those losses, trading back up to $492.61. The partial recovery reflects market response to the network's rapid disclosure, transparent communication, and concrete technical remediation plan.

Zcash Circulating Supply Exceeds 80% of 21 Million Maximum

Zcash crossed a supply threshold this week unrelated to the security upgrade. According to a post by community account ruZCASH on July 6, the circulating supply reached 16,806,723 ZEC—more than 80% of the cryptocurrency's 21 million maximum supply. The account noted they may have been the first to flag the milestone publicly.

The timing coincides with the Ironwood upgrade addressing the network's most significant security incident to date.

FAQ

When is the Ironwood upgrade for Zcash scheduled to activate?

The Ironwood upgrade is scheduled to activate on July 28 at block height 3,428,143, expected around 8 a.m. EST, according to core developer Sean Bowe's confirmation.

What is the purpose of the Ironwood upgrade?

The Ironwood upgrade replaces the Orchard shielded pool to address a vulnerability that theoretically allowed unlimited counterfeit ZEC creation. It introduces an accounting checkpoint that any funds leaving Orchard must pass through, designed to detect whether any fake ZEC was created through the earlier bug. Developers found no evidence the flaw was exploited before the fix.

Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments