The Zcash shielded supply relies on trust, not math

@xmr_is_goated key image bug: https://www.getmonero.org/2017/05/17/disclosure-of-a-major-bug-in-cryptonote-based-currencies.html

Monero has had this type of bug and can potentially have this type of bug again.
Zcash was proactive in using AI to find these bugs. Monero is being proactive with extensive audits to hopefully find these bugs for fcmps.
I really don't see much of a difference here to be honest. Monero is not immune to something like this.

False.

Monero's bug was a detectable inflation bug. You can be mathematically certain it was never exploited. Zcash's TWO hidden inflation bugs were NOT detectable. You cannot be certain they were never exploited. That is the most severe class of vulnerability and Monero has NEVER had that issue.

The fact that Monero has not experienced this issue yet, and Zcash has experienced it twice, is critically important. It's not luck.

Monero's past bug was closer to Bitcoin's inflation bug than to Zcash's. Zcash's bug is significantly more severe, and if Monero experiences this bug it would fundamentally alter Monero's posture as a cryptocurrency that does not rely on trust.

@xmr_is_goated I mean the key image bug would have been very severe.
And bugs like this can still happen. It is why fcmps are taking so long to be audited.
With AI these days things are very fragile.

I'm not saying that Monero's issue was not a critical issue. I'm saying that a hidden inflation bug is more severe since it would fundamentally alter Monero's positioning as a cryptocurrency that does not rely on trust. Right now, there is no trust, only math. With Zcash, you have to rely on trust because of this issue.

Orchard is now a trusted pool.

It is why fcmps are taking so long to be audited.

Yes, it's good that Monero is not rushing to release something broken the way Zcash did. It is important to recognize this key difference between Monero and Zcash.

@xmr_is_goated where is your source that you can't confirm that this exploit never happened? From their official blog post, it says "Analysis conducted during the response found no evidence of unauthorized value creation and no impact to the total ZEC supply."

Lol their official blog post is misleading af just like their entire cabal.

Notice how the only evidence in the blog post is the turnstile:

There is no evidence that the vulnerability was exploited. Zcash’s turnstile mechanism, which provides visibility into how much value can legitimately enter and leave shielded pools, protects the integrity of the 21M supply cap.

Here is the code fixing the issue: https://github.com/zcash/halo2/pull/888/commits/d8e48efddbe4746d76eb2c8a843a6ddc2b9a727a

If you ctrl+f for InsecureUnanchoredBase, you'll see that they need to use that to verify proofs created before they deployed the fix. For example, see this comment:

// Old proofs must still verify under the old (unanchored) verifying key, so that a node
// can sync the chain from before the fix. These fixtures are the original (pre-fix)
// `vk`/`proof`, reproduced here by the `InsecureUnanchoredBase` circuit.

Also notice how they required wallets to update. Wallets needed to change how they construct transactions in order to verify with the new verifier.

This all means that you can't use the NEW FIXED code to verify past proofs. Any past proof could have exploited the bug and they have no way of knowing.

I'm not sure if that still negates the ability to check if the exploit has happened or not though. There could be other ways of finding out if it has been done, through metadata or something more subtle.

No, there is no way to tell and you're making shit up.

I'm taking the time to explain it to you over multiple comments and you're pulling shit out of your ass in response. You're giving too much credit to Zcash folk, they are being dishonest. Credit to you for making a strong effort at intellectual honesty though, that is another reason why the Monero community beats the Zcash one.

Here is a good conversation on x about it:
https://xcancel.com/JohnAlanWoods/status/2062217356974112892
https://xcancel.com/JohnAlanWoods/status/2062257479711416697

Here is Sean Bowe's one response in that thread: https://xcancel.com/ebfull/status/2062238214367457288

You'll notice he doesn't respond to John Woods' accurate explanation of the issue, only to something defending the existence of the bug.