An alternate on X between Polygon’s CTO Mudit Gupta and Zcash founder Zooko Wilcox reignited a long-simmering debate over whether or not privacy-preserving shielded swimming pools may be completely audited — and, by extension, whether or not ZEC’s 21 million cap may be trusted below all conceivable failure modes. The dispute hinged on a well-recognized fault line in privacy-coin design: zero-knowledge protocols can obfuscate particular person balances and flows, however they nonetheless should protect a tough financial base.
Polygon CTO Assaults Zcash
Gupta opened with a stark framing: “No one is aware of what number of Zcash tokens really exist. Shielded property like Zcash are laborious to audit. In March 2019, an infinite mint bug was detected in Zcash shielded property. It was mounted in October 2019 however there isn’t a assured approach to inform if the bug was ever exploited.”
No one is aware of what number of zcash tokens really exist.
Shielded property like zcash are laborious to audit.
In March 2019, an infinite mint bug was detected in zcash shielded property. It was mounted in October 2019 however there isn’t a assured approach to inform if the bug was ever exploited.
— Mudit Gupta (@Mudit__Gupta) October 26, 2025
He later softened the instant danger evaluation — “Primarily based on heuristic, it’s unlikely the bug was exploited so no motive to panic” — whereas stressing what he referred to as an everlasting class danger: “I’m simply highlighting an assault vector with Zcash and related privateness swimming pools… I’m not claiming any bug was exploited, simply mentioning the chance and danger.”
Wilcox pushed again, calling the preliminary put up “not correct,” and pointed Gupta to “publicly-verifiable on-chain audits” that monitor the financial base. “They present the integrity of the Zcash financial base. A simple game-theoretic evaluation additional exhibits zero counterfeiting,” he wrote, linking to neighborhood dashboards and documentation.
In a follow-on, Wilcox encapsulated the ZEC place with a thought experiment concerning the legacy Sprout pool: “Suppose somebody counterfeited ZEC within the Sprout pool earlier than October 28, 2018. Then there’s a ‘race to the exits’ between the counterfeiter and his victims. Whoever strikes their ZEC out of the Sprout pool first will get to maintain all the cash. Conclusion: there was no counterfeiting.” He added that “even when there was counterfeiting… there would nonetheless be solely 16,355,911 ZEC in existence, and nonetheless solely 21 M ever. Thanks, turnstiles!”
Stripped to its necessities, the technical disagreement is much less about Zcash’s meant financial coverage and extra concerning the edge-case ensures when privateness meets auditability. Zcash’s revealed economics mirror Bitcoin’s: a hard and fast 21 million higher certain and a halving-style issuance schedule. That cap is unambiguous in official supplies.
The Backstory
The controversy traces again to the counterfeiting vulnerability affecting ZEC’s earliest shielded pool, Sprout. In response to the Electrical Coin Firm (ECC) and the Zcash Basis, the flaw was found privately in 2018 and publicly disclosed on February 5, 2019; critically, the Sapling improve that activated on October 28, 2018 eliminated the susceptible development, and Zcash launched “turnstile” accounting to constrain exits from shielded swimming pools to, at most, the quantity verifiably entered.
ECC reported at disclosure that it had seen “no proof that counterfeiting has occurred,” a stance it has reiterated, and it described turnstile enforcement as a protection to protect the financial base even below hypothetical counterfeiting.
That is the center of Wilcox’s argument. As a result of ZEC can solely enter or go away a shielded pool through transfers that reveal values on the boundary, the chain can compute an anticipated pool stability. If extra worth tries to exit than has ever entered, the discrepancy turns into observable on the turnstile.
The “race to the exits” instinct — whereas casual — captures the concept that any attacker who minted bogus ZEC inside Sprout can be competing towards authentic holders to withdraw earlier than the turnstile constraint bites; absent an unexplained drain to zero or a damaging reconciliation, long-lived counterfeiting is inconsistent with noticed pool totals. Zcash’s documentation describes these value-pool turnstiles and their position in monitoring pool integrity, and neighborhood discussions relationship again years have handled them because the canonical mitigation.
Gupta’s rejoinder is about epistemic certainty, not coverage intent. “Maybe I ought to have been clearer,” he wrote. “Because of [the] chance of bugs, there’s no assure that the shielded swimming pools have the identical quantity of Zcash circulating inside them as clear Zcash that went in. Due to this fact, you may’t be 100% positive of the particular complete provide… [though] the chance of a bug like this being exploited is actually 0.”
At press time, ZEC traded at $325.
Featured picture created with DALL.E, chart from TradingView.com
Editorial Course of for bitcoinist is centered on delivering totally researched, correct, and unbiased content material. We uphold strict sourcing requirements, and every web page undergoes diligent assessment by our crew of prime expertise specialists and seasoned editors. This course of ensures the integrity, relevance, and worth of our content material for our readers.