An trade on X between Polygon’s CTO Mudit Gupta and Zcash founder Zooko Wilcox reignited a long-simmering debate over whether or not privacy-preserving shielded swimming pools could be completely audited — and, by extension, whether or not ZEC’s 21 million cap could be trusted underneath all conceivable failure modes. The dispute hinged on a well-recognized fault line in privacy-coin design: zero-knowledge protocols can obfuscate particular person balances and flows, however they nonetheless should protect a tough financial base.
Polygon CTO Assaults Zcash
Gupta opened with a stark framing: “No person is aware of what number of Zcash tokens truly exist. Shielded belongings like Zcash are laborious to audit. In March 2019, an infinite mint bug was detected in Zcash shielded belongings. It was fastened in October 2019 however there is no such thing as a assured technique to inform if the bug was ever exploited.”
No person is aware of what number of zcash tokens truly exist.
Shielded belongings like zcash are laborious to audit.
In March 2019, an infinite mint bug was detected in zcash shielded belongings. It was fastened in October 2019 however there is no such thing as a assured technique to inform if the bug was ever exploited.
— Mudit Gupta (@Mudit__Gupta) October 26, 2025
He later softened the fast threat evaluation — “Based mostly on heuristic, it’s unlikely the bug was exploited so no cause to panic” — whereas stressing what he known as an everlasting class threat: “I’m simply highlighting an assault vector with Zcash and comparable privateness swimming pools… I’m not claiming any bug was exploited, simply mentioning the likelihood and threat.”
Wilcox pushed again, calling the preliminary put up “not correct,” and pointed Gupta to “publicly-verifiable on-chain audits” that monitor the financial base. “They present the integrity of the Zcash financial base. An easy game-theoretic evaluation additional exhibits zero counterfeiting,” he wrote, linking to neighborhood dashboards and documentation.
In a follow-on, Wilcox encapsulated the ZEC place with a thought experiment in regards to the legacy Sprout pool: “Suppose somebody counterfeited ZEC within the Sprout pool earlier than October 28, 2018. Then there’s a ‘race to the exits’ between the counterfeiter and his victims. Whoever strikes their ZEC out of the Sprout pool first will get to maintain all the cash. Conclusion: there was no counterfeiting.” He added that “even when there was counterfeiting… there would nonetheless be solely 16,355,911 ZEC in existence, and nonetheless solely 21 M ever. Thanks, turnstiles!”
Stripped to its necessities, the technical disagreement is much less about Zcash’s supposed financial coverage and extra in regards to the edge-case ensures when privateness meets auditability. Zcash’s printed economics mirror Bitcoin’s: a set 21 million higher certain and a halving-style issuance schedule. That cap is unambiguous in official supplies.
The Backstory
The controversy traces again to the counterfeiting vulnerability affecting ZEC’s earliest shielded pool, Sprout. Based on the Electrical Coin Firm (ECC) and the Zcash Basis, the flaw was found privately in 2018 and publicly disclosed on February 5, 2019; critically, the Sapling improve that activated on October 28, 2018 eliminated the susceptible building, and Zcash launched “turnstile” accounting to constrain exits from shielded swimming pools to, at most, the quantity verifiably entered.
ECC reported at disclosure that it had seen “no proof that counterfeiting has occurred,” a stance it has reiterated, and it described turnstile enforcement as a protection to protect the financial base even underneath hypothetical counterfeiting.
That is the guts of Wilcox’s argument. As a result of ZEC can solely enter or depart a shielded pool by way of transfers that reveal values on the boundary, the chain can compute an anticipated pool steadiness. If extra worth tries to exit than has ever entered, the discrepancy turns into observable on the turnstile.
The “race to the exits” instinct — whereas casual — captures the concept any attacker who minted bogus ZEC inside Sprout could be competing towards reliable holders to withdraw earlier than the turnstile constraint bites; absent an unexplained drain to zero or a damaging reconciliation, long-lived counterfeiting is inconsistent with noticed pool totals. Zcash’s documentation describes these value-pool turnstiles and their function in monitoring pool integrity, and neighborhood discussions courting again years have handled them because the canonical mitigation.
Gupta’s rejoinder is about epistemic certainty, not coverage intent. “Maybe I ought to have been clearer,” he wrote. “On account of [the] chance of bugs, there’s no assure that the shielded swimming pools have the identical quantity of Zcash circulating inside them as clear Zcash that went in. Subsequently, you’ll be able to’t be 100% certain of the particular whole provide… [though] the probability of a bug like this being exploited is basically 0.”
At press time, ZEC traded at $325.
Featured picture created with DALL.E, chart from TradingView.com
Editorial Course of for bitcoinist is centered on delivering completely researched, correct, and unbiased content material. We uphold strict sourcing requirements, and every web page undergoes diligent overview by our workforce of high know-how consultants and seasoned editors. This course of ensures the integrity, relevance, and worth of our content material for our readers.
