|

Polygon CTO Vs. Zcash: Clash Erupts Over 21 Million Coin Integrity

An alternate on X between Polygon’s CTO Mudit Gupta and Zcash founder Zooko Wilcox reignited a long-simmering debate over whether or not privacy-preserving shielded swimming pools will be completely audited — and, by extension, whether or not ZEC’s 21 million cap will be trusted beneath all conceivable failure modes. The dispute hinged on a well-recognized fault line in privacy-coin design: zero-knowledge protocols can obfuscate particular person balances and flows, however they nonetheless should protect a tough financial base.

Polygon CTO Attacks Zcash

Gupta opened with a stark framing: “Nobody is aware of what number of Zcash tokens truly exist. Shielded assets like Zcash are laborious to audit. In March 2019, an infinite mint bug was detected in Zcash shielded property. It was fastened in October 2019 however there isn’t any assured option to inform if the bug was ever exploited.”

He later softened the speedy danger evaluation — “Based on heuristic, it’s unlikely the bug was exploited so no cause to panic” — whereas stressing what he referred to as a permanent class danger: “I’m simply highlighting an assault vector with Zcash and comparable privateness swimming pools… I’m not claiming any bug was exploited, simply mentioning the chance and danger.”

Wilcox pushed again, calling the preliminary put up “not correct,” and pointed Gupta to “publicly-verifiable on-chain audits” that observe the financial base. “They present the integrity of the Zcash financial base. A simple game-theoretic evaluation additional exhibits zero counterfeiting,” he wrote, linking to group dashboards and documentation.

In a follow-on, Wilcox encapsulated the ZEC place with a thought experiment concerning the legacy Sprout pool: “Suppose somebody counterfeited ZEC within the Sprout pool earlier than October 28, 2018. Then there’s a ‘race to the exits’ between the counterfeiter and his victims. Whoever strikes their ZEC out of the Sprout pool first will get to maintain all the cash. Conclusion: there was no counterfeiting.” He added that “even when there was counterfeiting… there would nonetheless be solely 16,355,911 ZEC in existence, and nonetheless solely 21 M ever. Thanks, turnstiles!”

Stripped to its necessities, the technical disagreement is much less about Zcash’s supposed financial coverage and extra concerning the edge-case ensures when privateness meets auditability. Zcash’s printed economics mirror Bitcoin’s: a hard and fast 21 million higher certain and a halving-style issuance schedule. That cap is unambiguous in official supplies.

The Backstory

The controversy traces again to the counterfeiting vulnerability affecting ZEC’s earliest shielded pool, Sprout. According to the Electric Coin Company (ECC) and the Zcash Foundation, the flaw was found privately in 2018 and publicly disclosed on (*21*) 5, 2019; critically, the Sapling improve that activated on October 28, 2018 eliminated the weak building, and Zcash launched “turnstile” accounting to constrain exits from shielded swimming pools to, at most, the quantity verifiably entered.

ECC reported at disclosure that it had seen “no proof that counterfeiting has occurred,” a stance it has reiterated, and it described turnstile enforcement as a protection to protect the financial base even beneath hypothetical counterfeiting.

This is the center of Wilcox’s argument. Because ZEC can solely enter or depart a shielded pool by way of transfers that reveal values on the boundary, the chain can compute an anticipated pool stability. If extra worth tries to exit than has ever entered, the discrepancy turns into observable on the turnstile.

The “race to the exits” instinct — whereas casual — captures the concept any attacker who minted bogus ZEC inside Sprout can be competing towards reputable holders to withdraw earlier than the turnstile constraint bites; absent an unexplained drain to zero or a destructive reconciliation, long-lived counterfeiting is inconsistent with noticed pool totals. Zcash’s documentation describes these value-pool turnstiles and their function in monitoring pool integrity, and group discussions courting again years have handled them because the canonical mitigation.

Gupta’s rejoinder is about epistemic certainty, not coverage intent. “Perhaps I ought to have been clearer,” he wrote. “Due to [the] chance of bugs, there’s no assure that the shielded swimming pools have the identical quantity of Zcash circulating inside them as clear Zcash that went in. Therefore, you possibly can’t be 100% certain of the particular complete provide… [though] the chance of a bug like this being exploited is actually 0.”

At press time, ZEC traded at $325.

Similar Posts