Dr Basha1

موضوع العقود الآجلة (Futures Contracts) في الشريعة الإسلامية من المواضيع التي أشبعها العلماء والجامع الفقهية بحثاً، والجهة الأكثر قبولاً واعتماداً في هذا السياق هي مجمع الفقه الإسلامي الدولي.
​إليك ملخص الحكم الشرعي والأسباب التي استند إليها العلماء:
​الحكم الشرعي: حرام (باطلة شرعاً)
​أجمع أغلب الفقهاء المعاصرين والمجامع الفقهية على أن العقود الآجلة المتداولة في البورصات العالمية اليوم غير جائزة شرعاً.
​أسباب التحريم الأساسية
​هناك عدة علل شرعية جعلت هذه العقود تدخل في دائرة المحظور، أهمها:
​بيع ما لا يملك: في العقود الآجلة، غالباً ما يبيع المتداول عقداً لسلعة لا يملكها أصلاً، وهذا يخالف الحديث النبوي: "لا تَبِعْ مَا لَيْسَ عِنْدَكَ".
​بيع الكالئ بالكالئ (الدين بالدين): في هذه العقود، يتم تأجيل البدلين (الثمن والسلعة). المشتري لا يدفع الثمن كاملاً فوراً (يدفع هامشاً فقط)، والبائع لا يسلم السلعة فوراً، وهذا منهي عنه شرعاً.
​عدم قصد التسليم والتسلم: الغرض من هذه العقود في البورصات هو المضاربة على فرق السعر فقط (تسوية نقدية) وليس الحصول على السلعة حقيقة، مما يحولها إلى نوع من القمار.
​الغرر والمقامرة: تعتمد العقود الآجلة بشكل كبير على المخاطرة العالية والمراهنة على تقلبات السوق، وهو ما يتنافى مع أصول المعاملات الإسلامية التي تقوم على الشفافية والعدل.
​البدائل الشرعية (الحلال)
​إذا كنت تبحث عن طرق للاستثمار أو التحوط بطريقة تتوافق مع الشريعة، فهناك بدائل فقهية يمكن استخدامها:
​عقد السلم: وهو أن تدفع الثمن كاملاً الآن مقابل استلام سلعة موصوفة في الذمة في موعد محدد (يستخدم كثيراً في الزراعة والصناعة).
​عقد الاستصناع: يستخدم في المشاريع الإنشائية والتصنيعية.
​التداول الفوري (Spot Trading): شراء السلعة أو السهم ودفع ثمنه بالكامل وامتلاكه فوراً (مع مراعاة الضوابط الشرعية لكل أصل).
​

On May 29, 2026, Taylor Hornby discovered a critical counterfeiting vulnerability in Zcash’s Orchard pool.
Taylor disclosed the vulnerability to Zcash Open Development Lab (ZODL), who coordinated an ecosystem-wide emergency response to fix the vulnerability, which was completed on June 2.
After reviewing Taylor's report and discussing the implications of the vulnerability internally, Shielded Labs believes it is important to provide additional context.
The vulnerability could have been exploited to undetectably create an unlimited amount of counterfeit ZEC within Orchard. Because of the privacy properties of Orchard, there is no way to cryptographically prove whether the vulnerability was exploited before it was remediated. However, a network upgrade can be deployed to protect users and prove the integrity of the Zcash supply.
Background
In April 2026, Shielded Labs engaged Taylor Hornby to conduct ongoing security research focused on the Zcash protocol. Taylor is an experienced security engineer with a deep understanding of Zcash.
The goal of this work was simple: identify vulnerabilities before malicious actors do. Taylor immediately began evaluating Zcash using the latest AI-assisted security auditing techniques alongside traditional security research methods.
Shortly after the release of Anthropic's Opus 4.8 model on May 28, Taylor used it as part of a highly targeted review of the Orchard circuit. On May 29, Taylor discovered the vulnerability in the Orchard circuit and immediately disclosed it to ZODL engineers. ZODL engineers and others from the Zcash ecosystem acted quickly and skillfully to close the window of vulnerability within days.
What We Know and What We Don’t Know
The vulnerability was real and exploitable. Taylor, with the help of Opus 4.8, wrote a complete exploit which, when he tested it in a local regtest environment, generated unlimited, undetectable counterfeit ZEC. If he had run the same tool on Zcash mainnet it would have generated unlimited, undetectable counterfeit ZEC in his mainnet Zcash wallet.
The vulnerability has to do with an under-constrained element of the Orchard circuit, because of which it was possible to put arbitrary false inputs into an elliptic curve multiplication and still have the multiplication check pass. See Taylor’s full report and work log for details.
The vulnerability was present from Orchard's activation in May 2022 until the emergency fix was deployed on June 1, 2026.
What makes this particularly challenging is that, due to the privacy properties of Orchard and the nature of the bug, there is no definitive way to determine using only cryptography whether such exploitation occurred before the vulnerability was discovered and fixed. We believe it is important to be transparent about that uncertainty.
Assessment: Prior Exploitation Of This Orchard Vulnerability Seems Unlikely
There are several reasons we are not overly concerned that counterfeiting occurred before this vulnerability was remediated.
First, the vulnerability had evaded years of scrutiny by many of the world’s best cryptographers.
Second, Shielded Labs specifically engaged Taylor Hornby for this purpose. The discovery was not accidental—it was the result of a deliberate effort to identify vulnerabilities of this kind before malicious actors could. Taylor is one of the most skilled people in the world at this. He used the most recent AI tools, available only to white-hat security researchers, along with a sophisticated custom-built AI harness and prompts, and worked hard to outrace the attackers. We think he probably succeeded.
Once the vulnerability was discovered, the window of opportunity for attack was sharply limited by the speed with which ZODL and the Zcash ecosystem executed the remediation.
Taken together, these factors suggest to us that there were few people who had the capability and opportunity to discover and exploit this vulnerability prior to it being fixed.
Proving the Integrity of the Zcash Supply
Our assessment is that exploitation of this vulnerability was unlikely. However, we do not believe that users should rely on our assessment, or anyone else’s. Shielded Labs is exploring —with the help of other Zcash developers—a proposed Network Upgrade to allow anyone to verify the integrity of the Zcash supply and to prove the non-existence of counterfeit Zcash in the Orchard pool. The proposal involves deploying a new shielded pool and enforcing turnstile accounting on all coins from the Orchard pool.
We plan to publish a follow-up post next week that explains the proposal in greater detail, including how it would work and the tradeoffs involved. Like all major network upgrades, it would require support from Zcash users and need to go through the standard governance process before it could be activated.
Accelerating Our Security Work
At the same time, we are doubling down on proactive security research, including using state-of-the-art AI tools, to find problems before the bad guys do. We have already begun the next stage of that, with the help of Taylor Hornby and Anthropic, and we’ll keep you updated.
In addition, Shielded Labs is initiating a project to formally verify the Orchard circuit—an attempt to write a mathematical proof that there are no more undiscovered bugs in it.
Shielded Labs is opening a search for a Head of Security and a Cryptographer to help deepen our security efforts. If you're interested, or know someone who may be a good fit, please reach out.
Conclusion
This was a serious vulnerability, and we believe it's important to be transparent about what it means for Zcash users.
We hired Taylor to find any vulnerabilities before the attackers, and that's exactly what he did. We're grateful for his work, the quick response from ZODL and the Zcash Foundation, as well as the many ecosystem participants who helped remediate the issue.
While no one wants to discover a vulnerability like this, we're confident that Zcash is well positioned to recover. We stand ready to continue to help the other Zcash development groups and the Zcash community as a whole in how they want to move forward.
Acknowledgements
Thanks to Sean Bowe, Dev Ohja, David Campbell, Alex Bornstein, Nate Wilcox, Kris Nuttycombe, and Vitalik Buterin for review and feedback.
$ZEC