Future of Zcash dev funding — megathread / everything in one place


I like your usecases and that you want to use zec. I am just clearing up some confusion people seem to have regarding mining and miners. (be it cpu/gpu/asic)

they generated the zec in the first place, then processed the transactions that allowed you to buy zec. On top of that they are the people stopping others doublespending your zec. (thus allowing it to have any value at all)

I guess you think im a “bitcoin maximalist” because of my proposals? to be fair, I have no idea what this term means without the prefix “toxic”. ironic or otherwise.

Destroying trust in a coin is not done by what you would consider rational actors. you would see them as malevolent. where as they would see what they are doing as rational. It is why Proof of Work has stood the test of time as the main functional method for actually securing an asset.

ZEC does have other protections against 51% attacks and reorgs though. (this seems to be a particular bugbear for zooko. to the point where I genuinely think he loses sleep over it.)

Then there would be no one telling you any truths and no transactions would get processed, so it would not function.

The idea behind PoW distribution mining (the model zcash copied from bitcoin, on purpose) is to distribute the coins into as many peoples hands as possible, which is why the initial pledge of asic resistance. - zec is at a strange point where it is not clear if it is meant to be a replacement for cash or gold.

There is a very very long thread on here that strongly disagrees with your GPU statement.

You may have bought coins that I mined on my hardware in 2017. we can never know. If there isn’t a sell pressure on the miners then how would you accumulate coins yourself? youd have to mine them yourself. The problem (as others have outlined) is the sell pressure is too great from the inflation caused by the initial founders reward.

1 Like

What I meant in context is that my decision to choose zec over, say, zen, zcl, Komodo, monero, et cetera had zero to do with the actions of any miner.

I’m not advocating changing proof of work, merely stating it’s a truth machine, not a security feature.

100% incorrect. There would be a reduction of 80% of energy spent telling me truth, but more than enough still and would change absolutely nothing with regards to how many txs get processed.

Mining does not achieve this.

I have run many mining rigs. I am speaking from experience.

Sell pressure from miners isn’t a good thing innately. I’m not saying it’s a bad thing, but if there was no sell pressure, I’d still be able to get coins. The price would just go up until it reached a point they were happy to sell them to me. But that’s all beside the point.

My point is that GPU miners especially have little to no long term skin in the game. Paying 80% block subsidy to them in the hope they’ll become holders and then public advocates of the token is evidently not a very good thesis as evidenced by the thousands of coins competing for this outcome.

I love mining, I love GPU mining too. I’d point my rigs at Zcash if it was profitable to do so. But I don’t think it would in any way at all help get us toward better mobile wallets, more foreign exchange listings, improved scalability, or any of the other outcomes we need in order to bring financial freedom to a large number of people.

Thanks for your response to my points. I try to be very open minded and will consider any available evidence. More than willing to change my mind (wouldn’t be here if I wasn’t I suppose).

1 Like

Something that is everyone’s job ends up being no-one’s job.

1 Like

Welcome, by the way! I’m glad that you decided to join and share your thoughts!


This is categorically untrue 100%. Anyone saying this hasn’t got a clue.

Spend just a few minutes looking at the BTC price and usage when it was at a similar stage in its life cycle. Compare usage and price, and you’ll see ZEC is punching well above its weight.

Good grief this is a meme people from Bitcoin have been spreading since day one and is just a joke.

Thanks Sonya. Yeah you’re a cool bunch.



Welcome too. :slight_smile:

For me it was the talent at the ECC and the concept of a for profit kickstarting a coin. (and I really like zk proofs) - your ability to chose zec was all because of a miner.

I see @boxalex is composing a reply. I will let him answer this. it isn’t just the community it is also the ecc and the foundation have said it. - its a known and acknowledged thing.

How can you state it is 100% incorrect? if my current mining margins, which you acknowledge are razor thin, how does slashing them by 80% make anyone mine your coin? their is no incentive for them versus power costs.

I really don’t follow your logic.

There would be a 100% reduction in energy costs because no one would mine it.

I don’t understand the difference would you please explain? Proof of work however flawed in certain aspects is and was designed as a distribution and security mechanism. How is it not a security feature? what about it reduces or lowers security?

Seriously I am having a hard time following your logic. a truth machine is a security feature. add zero knowledge proofs on top and you have the basis for the ultimate security feature.

If you look back at projects like Hashcash (very much bitcoin’s predecessor) you will see that all that bitcoin did was use a distributed network and proof of work to replace the IBM Hardware Security Module that Hal Finney used to secure his “balance sheet”

I don’t need to look back at when bitcoin was 3 years old, I was already mining it and had been helping on the project for quite a while (I read the initial whitepaper, but didn’t get involved too much for the first 6 months or so - I am on a lot of crypto lists and it looked kinda cool, but I had other stuff to work on.). The stages are not comparable. Id even go as far as to say it is a false equivalence.

I really think you underestimate the role of miners in the community and ecosystem. I will let others speak to the economics.

last edit I promise. you realise that by giving 80% of block distribution to an entity then they have 80% of the network hashrate for free. just another way to look at it.



Because there would be a difficulty adjustment. The network would not grind to a halt. It would carry on mining the exact same number of blocks each day without missing a beat. That’s how it’s designed.

1 Like

More people believing something untrue doesn’t make something true.

Because Bitcoiners have called it “securing the network” for so long it’s very hard for them to ever consider that mining is not a security feature. I’m not saying it reduces security.

I’m saying that the process of mining in ZCash is a system for solving the Byzantine generals problem of no one knowing what truth everyone else is going to agree on. Nothing more. It doesn’t need to be anything more either because it’s amazing.
I love mining. It’s an elegant solution.
But the security aspect isn’t the mining itself, it’s the RATIO of miners who want to re-org maliciously vs those who don’t.

The RATIO is the only thing we need to maintain to have good security, not just having mining per se.

1 Like

Are you sure? I will take the time and compare some things even it doesn’t make any sense to compare apples with melons and Bitcoin with an Altcoin.

BTC price April 2013: $230
ZEC price today: $29

BTC active adresses April 2013: ~100k
ZEC active adresses today: ~11k

BTC transactions per day April 2013: ~65k
ZEC transactions per day today: ~3k

And just generally. BTC didn’t have the competition than back as ZEC has today. That’s why the BTC inflation rate and supply curve made some sense, but unfortunatly not for ZEC in a totally different environment. The reason is as simple as ZEC not having enough adoption and demand as new coins are mined currently.
As well a reminder that BTC is the main trading pair versus any other crypto currency, making it unfortunatly the market leader. ZEC doesn’t have this luxory, just as an example why the adoption of BTC is x times higher.

It’s a devils spiral we are in. The inflation/supply rate is too big to maintain the price, leave alone a price increase, with the current adoption/demand.
With a higher supply/inflation than demand/adoption price goes down, this creates addtionally sell price for the ECC, ZF and miners. It’s logical that the less ZEC price is the more ZEC must be sold to keep operations going, no matter if it’s the ECC or the miner who has to pay for electricity. This results in addtionally higher sell pressure to the anyway high daily supply, hence why i call it a devils spiral.
There are only 3 solutions which could change this:
1.) Change the supply curve in favour of less daily mined ZEC, won’t going to happen.
2.) Wait for the halvings. The first one is in ~1year and won’t change much, the next one in ~5 years, and this one could have some impact. But 5 years are just that from today, 5 years.
3.) Increase adoption and demand. Sounds easy but isn’t or we wouldn’t lose daily ground and market shares to other crypto currencies and projects. While we all hope for more demand and adoption i can’t see it yet.

In short about the above: We fight inflation which generates sell pressure from everybody that MUST sell ZEC to keep it’s operations which generates even more sell pressure.

IF the rewards for miners would be changed from 80% to 20% it would be an absolute extreme case which would result mostly in the following (too tired to make a calculation for it).

  • every miner without access to free electricity would have to cease.
  • maybe the miners that would have free access to electricity could make profit and return their hardware investment as difficulty would be much lower as it’s today, but it would need an immediate algo change to avoid an attack vector from the current hardware owners.
  • Without a calculation i’am even not sure if a network would be possible at all. It would be make more sense in such case to go POS.
  • placeholder for about 20 other reasons why this wouldn’t work out.

Adding here that my personal opinion is that POW mining by today is totally flawed anyway.


So the Ethereum Classic blockchain is as secure as the Ethereum blockchain because the DAA has levelled it so it is economically viable to mine Eth Classic? Sorry, network hashrate is a fundamental of blockchain security. how else do you protect against reorgs and malicious actors?

1 Like

Mining as a consensus mechanism is what makes re-orgs possible.

Again, it’s the ratio of honest miners to malicious miners that is the only issue.

The only profitable incentive that exists for performing a re-org is the ability to double spend a large transaction on an exchange or a big purchase.

Exchanges need to watch for this and essentially keep the number of confirmations they require before allowing withdrawals long enough so that the cost of renting equihash off nicehash for that period would make a double spend unprofitable. When zencash got double spent exchanges merely lifted the confs required and it never happened again.

But there’s other ways to make exchanges safer and thus reduce confirmation numbers needed, like rolling checkpoints etc.

I wholeheartedly reject the dogma that says miners are some special class of user. They’re merely normal users who choose to compete with each other over the programmed issuance.

They follow incentives and nothing more. It’s up to the network users and devs to simply align the incentives correctly.

1 Like

What about BTC year 3 ZEC year three that would be a proper way to determine inflation when they were both inflating at the same pace.

ZEC today is Zec year 3

1 Like

Yes so compare prices to Bitcoin year 3 their inflation was the same that year.

OR if BTC is “special” lets find a better example following the same emission curve.

But if BTC is “special” then it makes no sense to compare prices at all like you did above.

1 Like

This is not really true and how all attacks work:

For-Profit Attacks:


Timejacking exploits a theoretical vulnerability in Bitcoin timestamp handling. During a timejacking attack, a hacker alters the network time counter of the node and forces the node to accept an alternative blockchain. This can be achieved when a malicious user adds multiple fake peers to the network with inaccurate timestamps.

Sybil attack

A Sybil attack is arranged by assigning several identifiers to the same node. Blockchain networks have no trusted nodes, and every request is sent to a number of nodes.
During a Sybil attack, a hacker takes control of multiple nodes in the network. Then the victim is surrounded by fake nodes that close up all their transactions. Finally, the victim becomes open to double-spending attacks. A Sybil attack is quite difficult to detect and prevent.

Delay attack.

The goal of this attack is to slow down the propagation of blocks towards
or from a given set of nodes. Here an attacker can use routing attacks to the delivery of a block to
a victim node by 20 minutes while staying completely undetected. During this period, the victim
is unaware of the most recently mined blocks. So, it the victim is a merchant, it is susceptible to
double-spending attacks

Eclipse attack

An eclipse attack requires that a hacker control a large number of IP addresses or have a distributed botnet. Then the attacker overwrites the addresses on the tried table of the victim node and waits until the victim node is restarted. After restarting, all outgoing connections of the victim node will be redirected to the IP addresses controlled by the attacker. This makes the victim unable to obtain transactions they’re interested in. Researchers from Boston University initiated an eclipse attack on the Ethereum network and managed to do it using just one or two machines.

Immutable defects

Blockchain blocks are immutable by nature, which means that once a smart contract is created it can’t be changed. But if a smart contract contains any bugs in its code, they also are impossible to fix. There’s a risk that cybercriminals can discover and exploit code vulnerabilities to steal Ether or create a new fork, as happened with the DAO attack.

Finney attack

A Finney attack is possible when one transaction is pre-mined into a block and an identical transaction is created before that pre-mined block is released to the network, thereby invalidating the second identical transaction.

Race attack

A race attack is executed when an attacker creates two conflicting transactions. The first transaction is sent to the victim, who accepts the payment and sends the product without waiting for confirmation of the transaction. At the same time, a conflicting transaction returning the same amount of cryptocurrency to the attacker is broadcast to the network, eventually making the first transaction invalid.


Vector76 is a combination of two previous attacks. In this case, a malicious miner creates two nodes, one of which is connected only to the exchange node and the other of which is connected to well-connected peers in the blockchain network. After that, the miner creates two transactions, one high value and one low value. Then, the attacker pre-mines and withholds a block with a high-value transaction to an exchange service. After a block announcement, he quickly sends the pre-mined block directly to the exchange service. It along with some miners will consider the pre-mined block as the main chain and confirm this transaction. Thus, this attack exploits the fact that one part of the network sees the transaction the attacker has included into a block while the other part of the network doesn’t see this transaction. After the exchange service confirms the high-value transaction, the attacker sends a low-value transaction to the main network that finally rejects the high-value transaction. As a result, the attacker’s account is deposited on the amount of the high-value transaction. Though there’s a high chance for success with this attack, it’s not a common one because it requires a hosted e-wallet that accepts the payment after one confirmation and a node with an incoming transaction.

Alternative history attack

An alternative history attack may happen even in the case of multiple confirmations but requires a huge amount of computing power from the hacker. In this case, the malicious user sends a transaction to the seller and at the same time mines an alternative fork with another transaction that returns the same coins. Even if the seller sends their product after n confirmations, they may lose money if the attacker releases a longer chain and gets their coins back.

51% or majority attack

A majority attack is possible when a hacker gets control of 51% of the network hash rate and creates an alternative fork that finally takes precedence over existing ones. This attack was initially the only known blockchain vulnerability and seemed unrealistic in the near past. However, at least five cryptocurrencies — Verge, ZenCash, Monacoin, Bitcoin Gold, and Litecoin Cash — have already suffered from 51% attacks. In each of these cases, cybercriminals collected enough hashing power to compromise the network and pocket millions of dollars.
Unfortunately, all small cryptocurrencies are still at risk. Since they attract fewer miners, attackers can just rent computing power to create a majority share of the network. The developers of Crypto51 have tried to draw attention to the potential risks of hacking smaller cryptocurrencies. Their website shows the expected costs of a 51% attack on various blockchains.

Selfish mining

Selfish mining refers to the attempts of a malicious miner to increase their share of the reward by not broadcasting mined blocks to the network for some time and then releasing several blocks at once, making other miners lose their blocks. Possible measures for preventing this type of attack may be random assignment of miners to various branches of pools, preferring the block with a more recent timestamp, or generating blocks within a maximum acceptable time. This type of attack is also known as block withholding.
As a result of a selfish mining attack on the Eligius pool in 2014, miners lost 300 BTC. This type of selfish mining has high chances of success and may happen with all cryptocurrencies. Possible preventive measures against selfish mining may be registering only trusted miners or making changes to the existing Bitcoin protocol to hide the difference between a partial Proof-of-Work and full Proof-of-Work.


Fork-after-withhold (FAW) is a variation of selfish mining that turns out to be more rewarding for the attackers. During an FAW attack, the malicious miner hides a winning block and either discards it or releases it later to create a fork, depending on the situation. The concept of this attack was explicitly described by a group of researchers led by Ujin Kwon.

Bribery attack

In a bribery attack, the attacker offers payments to existing miners to deviate
from the default protocol and mine on the attacker’s branch. Note that we do not
use the term “bribery” to indicate illegal or unethical behavior, simply that a
side payment is being made. Several mechanisms for bribery have been proposed
with various trust and risk properties [1,12]. For an example, an attacker might
pay miners outside the protocol directly or through a negative-fee mining pool,
or within the system by broadcasting anybody-can-spend transactions or transactions with abnormally high fees which are redeemable only on the attacker’s
branch. We suggest that it is also feasible for an attacker to create a smart contract to autonomously bribe miners working on another blockchain by checking
that they have found blocks building on a designated starting point

Partition attack.

Any ISP can partition the Bitcoin network by hijacking few IP prefixes.
The goal of a partition attack is to disconnect as set of nodes from the network entirely. This
requires the attacker to divert and cut all the connection between the set of the nodes and the rest
of the network, and partition the network into disjoint components. By preventing nodes within a
partition to communicate with outside nodes, the attacker forces the creation the parallel
blockchains. To perform partition attack, the attacker first diverts the traffic and intercepts the
Bitcoin traffic (e.g., based on the TCP ports) and identifies whether the corresponding
connections cross the partition he tries to create. If So, the attacker drops the packets, if not
meaning that the connection is inside the partition P. The attacker keeps monitors the Bitcoin
traffic to detect the “leakage points.”

Pool hopping attack
is the result of miners leaving the pool when it offers fewer financial rewards and joining back when the rewards of mining yield higher rewards in blockchain networks. … This results in its competitors mining the block before they can finish mining.

Non-Profit Attacks:

Distributed denial of service

Distributed denial of service (DDoS) attacks are hard to execute on a blockchain network. Still, blockchain technology is susceptible to DDoS attacks and these attacks are actually the most common type on blockchain networks. When attacking a blockchain network, hackers intend to bring down a server by consuming all its processing resources with numerous requests. DDoS attackers aim to disconnect mining pools, e-wallets, crypto exchanges, and other financial services of the network. A blockchain can also be hacked with DDoS at its application layer when hackers use DDoS botnets. Bitcoin, along with other blockchain networks, takes measures to protect against DDoS attacks.

Transaction malleability attack

A transaction malleability attack is intended to trick the victim into paying twice. In the Bitcoin network, every transaction has a hash that is a transaction ID. If attackers manage to alter the transaction ID, they can try to broadcast a transaction with a changed hash to the network and have it confirmed before the original transaction. The sender will believe their initial transaction has failed, while the funds will still be withdrawn from their account. And if the sender repeats the transaction, they’ll spend the same amount twice. This hack is successful once the two transactions are confirmed by miners. MtGox, a Bitcoin exchange, went bankrupt as the result of a malleability attack in 2014.

Routing attack

A routing attack can impact both individual nodes and the whole network. The idea of this hack is to tamper with transactions before pushing them to peers. It’s nearly impossible for other nodes to detect this tampering as the hacker divides the network into partitions that are unable to communicate with each other. Routing attacks actually consist of two separate attacks:

  1. A partition attack, which divides the network nodes into separate groups
  2. A delay attack, which tampers with propagating messages and sends them to the network

Stoping here as this gets too long allready as there are many more for-profit and non-profit attacks like censorship attack, Punitive and Feather forking Attack, Balance Attack, Refund Attack, Spamming attack and whatever not …

The prices i posted are BTC and ZEC prices in year 3 for both of them.

I just replied to this as it is simply not true:

No. Its year 5 after the first halving. And with your numbers youre actually now proving my point that ZEC will be worth significantly more after the first halving.

And I have no idea what the vertical axis on this chart represents but you can see the years. (Looks like total supply)

BTC lost 95% of its value at year three and so did monero. ZEC lost more 97% from ATH, but thats comparable.