Zcash developers have locked in the consensus rule updates for the Ironwood upgrade, with activation targeted for late July at block height 3,417,100. The upgrade is designed to fix a critical flaw in the Orchard shielded pool that could have allowed unlimited counterfeit ZEC to be created.
Ironwood introduces a new shielded pool, applies stricter supply controls using the existing turnstile mechanism, and blocks new incoming transactions into the compromised Orchard pool. These changes are supported by formally verified zero-knowledge proof circuits and independent third-party security audits.
The Orchard Pool Flaw: What Ironwood Fixes
The Orchard pool, launched in May 2022 under the NU5 upgrade, brought the Halo 2 proof system to Zcash and served as its most advanced privacy layer. It uses zero-knowledge proofs to hide transaction amounts and user identities without relying on a trusted setup.
However, a vulnerability discovered in early 2026 exposed a flaw in the circuit design. An attacker exploiting it could have minted counterfeit ZEC without leaving any detectable trace on-chain.
This meant the total ZEC supply within Orchard was not strictly enforced by consensus rules. The same privacy features that protect legitimate transactions also made unauthorized issuance effectively invisible—not just to observers, but even to Zcash’s own developers.
The issue was uncovered through an AI-assisted security audit by external researchers, leading to a discreet patch and coordinated disclosure ahead of Ironwood’s formal rollout.
Turnstile Controls, New Pool, and Supply Integrity
Ironwood is being developed through a multi-stakeholder effort involving ZODL, Tachyon, Valar Group, the Zcash Foundation, and Shielded Labs, reflecting a broader governance approach rather than a single-team fix.
At its core is a redesigned Orchard circuit that includes a mechanism to disable outgoing payments within a pool while still allowing users to generate change outputs—a feature described as preserving privacy.
Once activated, this restriction will be permanently applied to the legacy Orchard pool. New transactions will be automatically redirected to the replacement pool, while the valueBalance field is constrained to prevent further risk.
The upgrade relies heavily on the existing turnstile mechanism to enforce supply limits. Any ZEC leaving the old Orchard pool must pass through the turnstile before entering the new one, ensuring that the total exiting supply does not exceed the amount originally deposited.
As explained by developer Sean Bowe, this system ensures that the amount of ZEC in circulation cannot exceed the intended supply.
After migration, full nodes will be able to independently verify that no counterfeit ZEC entered the new pool, restoring trustless supply verification at the protocol level for the first time since the vulnerability emerged.
The planned activation aligns with the end-of-support for zcashd at block 3,417,100. Before mainnet deployment, the upgrade will undergo testnet validation, ecosystem coordination, and final security reviews. Wallet providers are expected to offer simple migration tools, and the new pool is designed to maintain compatibility with existing Orchard addresses, avoiding the need for users to rotate keys.
