TL;DR:
- Zcash developers finalized the Ironwood upgrade plan, targeting late July activation after remediation of a critical Orchard shielded pool flaw.
- Ironwood adds a new shielded pool, flags legacy Orchard circuits, permits migration change notes and redirects future transactions away from the old pool.
- Its turnstile accounting aims to keep circulating ZEC supply verifiably bounded, though developers still cannot prove historically whether counterfeit ZEC was ever created before remediation during exposure.
Zcash developers have finalized the Ironwood upgrade plan, targeting late July activation as the network tries to turn an emergency fix into a verifiable recovery process. The proposal follows remediation of a critical flaw in the Orchard shielded pool, where privacy protected transaction data but also complicated proof of supply integrity. The central promise is not just a new pool, but a way for users to verify that circulating ZEC remains bounded after a bug that raised counterfeiting fears.
Ironwood turns migration into the audit
Ironwood introduces a new shielded pool built on the Orchard protocol with the vulnerability remediated, moving future private activity away from the legacy Orchard pool. Developer Sean Bowe described a design in which existing Orchard transaction circuits receive a special flag. That flag prevents users inside the old pool from continuing ordinary internal transactions, while still allowing change notes needed for migration. The migration path becomes the supply-check mechanism, because coins must exit through controlled accounting rather than quietly circulate inside the old pool.
That accounting relies on Zcash’s turnstile mechanism, which tracks value moving between shielded and transparent pools. Once Ironwood is active, the system should make the total circulating ZEC supply verifiably bounded, meaning users can check that more coins are not circulating than should exist. Wallet software will also redirect new incoming transactions toward the new shielded pool by adjusting transaction behavior around valueBalance. The audit is designed to happen through normal network rules, not through a one-time trust statement from developers or foundations.
The uncomfortable limitation remains historical. Because Orchard hides transaction details by design, developers cannot definitively confirm whether counterfeit ZEC was created before the bug was patched, or how much if it happened. The practical answer is forward-looking: isolate the old pool, guide users out, and make active supply checkable from there. Ironwood is therefore a confidence repair, not a time machine, even as ZEC rallied more than 10% after the finalized plan became public and traded near $461. The next test is coordination across wallets, node operators, exchanges, mining pools and infrastructure providers before late July, because a privacy coin’s recovery now depends on making its supply legible without abandoning privacy itself across the ecosystem.
