ZODL, together with Tachyon, Valar Group, the Zcash Foundation, and Shielded Labs, has proposed a network upgrade for Zcash featuring the new secure Ironwood pool. The pool is built on the existing Orchard scheme but addresses a vulnerability, includes additional formal verification, and undergoes independent audits.
After the upgrade is activated, the current Orchard pool will stop accepting new deposits and conducting internal transactions. Funds can only be withdrawn through a turnstile mechanism that limits transfers between pools to the amount of previously recorded incoming funds. This allows anyone to independently verify that no more ZEC is leaving the old pool than was originally deposited—without needing to trust the developers. Existing Orchard addresses will continue to function, and wallets will be able to offer one-click migration.
The proposal came after an emergency Zcash update that patched a vulnerability in Orchard, which theoretically could have allowed the issuance of fake ZEC within the pool. The bug was discovered by researcher Taylor Hornby on May 29 during an audit for Shielded Labs, using the latest AI model from Anthropic. On June 3, the network completed the NU6.2 hard fork with the corrected code. Over 4 million ZEC are currently held in Orchard—representing the majority of roughly 30% of the supply in private pools. Following the disclosure of the vulnerability, ZEC lost 25% in a single day and 16% over the week.
The activation of Ironwood is scheduled for late July 2026, after support for zcashd is discontinued at block 3,417,100. Final timing depends on testing and coordination among ecosystem participants.
