NU7 Sentiment Polling: Questions for Community Review & Coinholder Voting via Zodl

What? That’s crazy. Of course future generations of Zcashers will upgrade the consensus rules to issue new ZEC as long as the currently-issued ZEC is less than 21M. There’s nothing we can do to stop them, and we shouldn’t even if we could. The only way I can interpret this “Affected funds will not be recycled via the NSM.” statement is that we’ll add yet another layer of complexity and future-uncertainty to the issuance schedule by leaving this inevitable simplification and improvement out of NU7. Oh well.

edited to add P.S. Sorry if I missed this part of the public discussion, but where did this “Affected funds will not be recycled via the NSM.” come from? Where was it previously discussed?

There hasn’t been enough public discussion yet about whether Sprout funds should be recycled through the NSM. I do believe @daira and @str4d have commented on this previously, either on GitHub or during an Arborist call. I’ll see if I can find those references. But regardless, this is a decision that requires more discussion.

In the meantime, I think we should:

1. Remove the language “Affected funds will not be recycled via the NSM” from the question.
2. Immediately start a public discussion about what should happen to funds remaining in the Sprout pool after Sprout is deprecated.
3. Since the timing of NU7 activation is still unclear, we can include this question in a future governance poll before activation so the community and coinholders can weigh in on whether funds remaining in the Sprout pool after deprecation should be recycled through the NSM.

It’s clear what ZIP 2003 currently specifies: Sprout funds are frozen, they are not unissued. But that’s just what the ZIP itself does, not a statement about future governance decisions (so it should be phrased as “This proposal does not unissue the affected funds; that is, they are not recycled via the NSM (but they could be in future, subject to further governance decisions).”

The reason I specified it that way is that it’s unnecessary to unissue them in order to achieve the primary aim of the ZIP, which is to reduce the protocol attack surface. Is there any dissatisfaction about this among the coinholders who voted against ZIP 2003 last time? Since I still have no idea why they voted that way, I don’t know.

So then we should make that clear in the poll and change “Affected funds will not be recycled via the NSM” to something more similar to the language in ZIP 2003, like: “This decision does not unissue the affected funds; i.e. they are not recycled through the NSM, though that could still be considered in the future through a separate governance process."

Thanks for the rationale, Daira-Emma!

I forgot to state my “Why”, in my comment above. I said we shouldn’t attempt to prevent future generations of Zcashers from issuing new ZEC, as long as the current supply is < 21M. Why? My goal is to make Zcash more trust-able to outsiders, like Bitcoin is. By “outsiders” I mean people who don’t know any of the history, any of the technical details, any of the people involved, don’t speak the same language, etc.

I think the biggest value-add for Zcash for the next 10 years or so is simply this: become trust-able by outsiders. I think that is why Bitcoin is as valuable as it is today.

In my view, the simpler ZIP-234-style of NSM (ie issuance smoothing), and the simpler rule that “Issuance will be proportional to 21 Million minus the current supply, regardless of how the current supply got to be what it is”… these make Zcash more trustable, like Bitcoin is.

They don’t make Zcash more Bitcoin-like in the sense of the issuance chart having halving events, but they make it more Bitcoin-like in the sense that issuance is determined by a very simple mathematical rule, there is universal social consensus supporting it, and it can credibly run indefinitely.

Critically, in order to build trust in this future version of Zcash, you do not need to understand anything about history, or how certain burned coins were historically different from certain other burned coins, or anything like that. It is just a super dead simple mathematical equation, that is too simple for anyone to squeeze their preferred policy into. That builds trust.

Here is the rule controlling issuance in ZIP 234: return ((2100000000000000n - s) * 7610682048512n) >> 64n; (That’s expressed in JavaScript. I copied it from Zcash Supply & Issuance just now. s == the current supply of ZEC. That’s the only variable.)

Screenshot 2026-05-20 at 10.06.26 AM1176×884 89 KB

Okay, that said, while I think ZIP 234 and “issuance will always continue as long as supply is < 21 M” make Zcash more Bitcoin-like and more trust-able to outsiders, neither of these is a hill I’m willing to die on.

NSM with the NSM-alt proposal (issuance that adds two things together to add together a halving schedule and sustainability) is, to me, more sustainable than what we currently have and is forward progress, so I’ll enthusiastically support it if the majority of coin-voters and other voters choose that.

Likewise, burning Sprout coins without marking them as ZIP-233-burned is protecting the whole network from security risks (which just two months ago nearly destroyed the entire Zcash project by allowing unlimited mint-and-sell of counterfeit ZEC!!), and is establishing a social precedent that you cannot expect all the world’s Zcashers to pay the costs to maintain your old, untouched coins indefinitely, so I will happily support that if the coin-voters and the rest of the voters prefer that over my preference of burning Sprout coins and marking them as ZIP-233 burned.

I agree on the need to remove Sprout, but this is not an accurate statement: the amount of funds that could have been forged was limited by the Sprout turnstile. (There was another vulnerability allowing turnstile bypass for zcashd nodes that had been directly attacked, but that could not have happened without detection and remediation, because the Zebra nodes, at least, would have caught it.)

Well, if that’s how it would have played out, then replace the word “unlimited” in “unlimited counterfeit-and-sell” with “unlimited up until the CEXes and DEXes found out that Zebra nodes had forked off, and they shut off their Zcash deposit and/or sell functionality”. It still could have been devastating if not fatal for the Zcash project as a whole, IMHO, even if that Zebra-powered detection and remediation did kick in quickly. The point (which I think you generally agree with) is: people holding on to old coins without upgrading them are imposing a risk of a devastating loss on all other Zcashers, and imposing other costs as well, and they should pay a fee to all other Zcashers (through the NSM) for that service.

counterpoint: people holding on to old coins at some point showed long-term time preference and trust in the Zcash network and are economically providing price stability and funding (through dilution) the network.* [w/ a lot of nuances]

important to highlight since “imposing risk” was not a decision or up to the user’s control.

They have control over whether they upgrade. (Unless they’ve lost their keys, in which case their coins are already gone forever.) And, if they choose to upgrade they are still showing long-term time preference and providing price stability and funding, just as well or better than if they don’t.

I see zero reason for sprout users to not upgrade at this point.

Are they aware of that? Maybe they are unreachable

I think there’s an interesting thing here in this back and forth between you and me, tloriato, which is that you are focused on the position and the perspective of those holders of old, unmoved coins, and I am focused on the impact on everyone else. Like, you keep saying, it’s not their fault, and I’m saying, sure, maybe maybe not, but I don’t care whose fault it is, when someone imposes costs on everyone else—whether or not they intended to and whether or not they knew that they were doing so—then they should pay. Anything else is just an unstable and unsustainable system. Costs getting paid for by the people whose actions are imposing those costs—that’s a sustainable system.

One more idea. I like the thinking—from you, tloriato, and others, of destroying the Sprout coins as setting a precedent. It changes the future social contract.

Here are two possible understandings people could have of what they are getting into:

• You can keep your coins untouched indefinitely and everyone else will pay the costs for you → Not great. Not sustainable. It cannot be sustained indefinitely. And anyway, why should future generations pay the costs for previous generations?
• At some unpredictable point in the future a governance process that is unpredictable to you will destroy your coins → Not great. Undermines trust. How can you know this governance process won’t eventually be abused to benefit others at your expense?

What would a sustainable and trustworthy social contract be? How about something like:

• If you touch your coins at least once every year, they are first-class. They’re indistinguishable from everyone else’s coins mathematically, so nobody and no governance process can discriminate against you even if they tried. If you don’t, you’ll incur a 1% fee the first couple of years to get your attention and compensate everyone else for the costs, and then that fee will escalate year after year, until, if your coins are still untouched after 8 years, the fee reaches 100%.

In my view this kind of social contract would balance both goals nicely.

I liked your framing in both posts, and you kinda nailed the issue for me. Intuitively, crypto has also been about seizure-resistant money, and this reads — or “feels” — very similar to how, instead of raising taxes, governments let inflation create fiscal drag. I mean this in terms of the “mechanism feel”; I understand they are completely different in terms of morals, dynamics, incentives, systems, etc.

I like your idea about a sustainable and trustworthy social contract, and it’s fun designing systems around incentives. But the reality, I think, is that: (i) it adds additional complexity surface, both in code and in explaining Zcash; and (ii) people who are moving coins on this timeframe are probably already out of Sprout.

Truth be told, even if I dislike it, I think the argument that “Zcash was very experimental early on” plus “whatever the solution, we need a new social contract” points me toward the conclusion that the best solution is indeed to go in the originally argued direction.

It would apply only for obsolete pools?

Great question. I was kind of imagining it would apply to all pools equally, because that would be simpler for people to understand and gain trust in the social contract long-term. And, anyone can always just touch or upgrade their coins any time, so I don’t think it would do any harm if it applies to the latest pools.

I have an over-arching goal, here and as I mentioned in another thread recently, which is to make Zcash more trust-able to outsiders, the way Bitcoin is.

And I have an over-arching assumption, which is that people (including devs) will always imagine that the new thing they are building and migrating to is going to be the ultimate, final thing, and they will never be right about that. We’re always, from now on, going to have the same kinds of issues that we’re currently having with the Sprout pool.

This is needed imho

Following up to my own post… I guess if this “long-term storage fee” idea were agnostic to which pools, then it could be baked into the consensus rules, and it wouldn’t need to be changed as new pools come and old ones go. I think in general baking policies into consensus rules is better for earning trust-ability by outsiders, over the next 10 years, than making policies subject to future governance processes is.

Just to be sure, the yearly transaction needs to be to the newest pool?

Meaning I can’t sit in Sapling for 10 years doing a self transfer every 12 months, not pay any penalties and still stay a burden for the network?

Yeah, good questions. Maybe this is the kind of thing that should be primarily the job of the wallet, not the user and not the consensus rules. The deal is: you turn on your wallet and connect it to the internet at least once a year, the wallet protects your privacy and security, and the consensus rules impose fees on coins that don’t do that. Not sure. I think we can work out something that is both sustainable and trust-earning, long-term. It would probably require a few iterations of learning and improving along the way. The current NU7 vote about what to do with Sprout coins is the current iteration and learning opportunity.