Frédéric JacobsJun 5

Taylor Hornby, paired with Opus 4.8, found a money minting bug in the Zero Knowledge Proof circuit of Zcash.

An element of the Orchard circuit was under-constrained element therefore it was possible to put arbitrary false inputs into an elliptic curve multiplication and still have the multiplication check pass.

Shielded Labs is initiating a project to formally verify the Orchard circuit.

https://shieldedlabs.net/the-orchard-counterfeiting-vulnerability/

The Orchard Counterfeiting Vulnerability - Shielded Labs

By: Zooko Wilcox, Jason McGee, and Taylor Hornby Summary On May 29, 2026, Taylor Hornby discovered a critical counterfeiting vulnerability in Zcash’s Orchard pool. Taylor disclosed the vulnerability to Zcash Open Development Lab (ZODL), who coordinated an ecosystem-wide emergency response to fix the vulnerability, which was completed on June 2. After reviewing Taylor’s report and […]

Shielded Labs
フմ尺Ǥ乇刀 キЦ乃Jun 6
Show threadFrédéric Jacobs

Between this and the Google Quantum Circuit ZKP bug/forgeries, I think it should become standard practice to formally verify zero-knowledge proof circuits.

Otherwise, we really have zero-knowledge about what's being proven.

Jun 5 at 7:48amIvory for Mac
Show threadJeremiah C. Foster 🇸🇪🇺🇸🍥Jun 5
@fj I see what you did there