Zcash Basis launched Zebra 4.5.3 and Zebra 5.0.0 after engineers discovered and glued a essential soundness bug within the Orchard Motion circuit.
Abstract
- Zcash Basis mounted an Orchard circuit bug earlier than identified exploitation and urged pressing Zebra upgrades.
- Zebra 4.5.3 disabled Orchard actions, whereas 5.0.0 re-enabled them via NU6.2 at mainnet peak 3,364,600.
- Zcash mentioned no unauthorized worth appeared, and Sapling plus clear transactions saved working usually throughout incident.
The muse mentioned Zebra 4.5.3 activated an emergency delicate fork at mainnet block peak 3,363,426. The discharge quickly rejected transactions and blocks containing Orchard actions whereas engineers ready a corrected circuit.
The delicate fork went stay at about 02:00 UTC on June 2 after an earlier coordination try confronted patch deployment points. The muse mentioned personal coordination with miners and exchanges began on Could 31 to cut back the prospect of exploitation earlier than public disclosure.
NU6.2 restores shielded transactions
Zebra 5.0.0 activated the NU6.2 laborious fork at mainnet block peak 3,364,600. The improve re-enabled Orchard actions with a corrected circuit and routed Orchard proofs to a brand new per-circuit verifying key. The discharge additionally marked the second security-driven protocol improve in Zcash historical past since 2016.
A tough fork was wanted as a result of a zero-knowledge proof circuit repair requires a brand new pinned verifying key.
“We strongly urge all node operators to improve to Zebra 5.0.0 as quickly as potential,” Zcash Basis mentioned.
No identified exploit discovered
The bug was found on Could 29 by unbiased safety researcher Taylor Hornby throughout a protocol audit for Shielded Labs. ZODL engineers Daira-Emma Hopwood, Kris Nuttycombe and Jack Grigg confirmed the difficulty inside hours and commenced work on a repair.
The muse mentioned the flaw might have allowed invalid state modifications inside Orchard and potential double spending inside that pool. It additionally mentioned Zcash’s turnstile mechanism protected whole ZEC provide, and “There isn’t a proof of unauthorized worth creation.” The affected code included older halo2_gadgets, orchard and zcash_primitives releases, plus zcashd variations 5.0.0 via 6.12.3.
Why Orchard stays vital
Orchard is Zcash’s latest shielded pool and a core a part of its privateness system. It launched with NU5 in 2022 and makes use of Halo 2, which eliminated the necessity for a trusted setup. That design made Orchard a key a part of Zcash’s present privateness roadmap.
Associated market protection has not too long ago targeted on rising Zcash shielded use. A current report mentioned about 30% of ZEC provide had moved into shielded swimming pools, with Orchard holding 4.2 million ZEC and many of the current progress.
The muse mentioned consumer privateness was not harmed in the course of the incident. Sapling and clear transactions additionally continued working usually whereas Orchard actions remained paused.
Node operators now face the primary activity of upgrading to Zebra 5.0.0, somewhat than counting on older releases. Operators that stayed on an incorrect fork after NU6.2 might have to resync from scratch or restore from a backup made earlier than activation.
