Aztec Network suffered an attack that resulted in losses exceeding $2.15 million, stemming from a mismatch between ZK proofs and L1 settlement boundaries.

This article is machine translated

Show original

According to ChainCatcher, BlockSec Phalcon (@Phalcon_xyz) analyzed that Aztec Network's RollupProcessorV3 contract was attacked, resulting in losses exceeding $2.15 million. The root cause was that numRealTxs was not effectively bound to the transaction set enforced by ZK proofs, causing a discrepancy between the proof verification path and the L1 settlement logic's interpretation of the transaction list.

Attackers exploited this vulnerability to move real deposits to slots that were not processed by the settlement logic, bypassing the decreasePendingDepositBalance() function, creating unsecured private balances out of thin air, and then withdrawing them through the normal settlement process. A total of seven types of assets were involved.

Sector:

Privacy

Zero Knowledge Proofs

Layer 2

Source

Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.

Add to Favorites

Comments

Relevant content

TechFlow

Wall Street poured $160 million into the HYPE ETF in a month, betting on on-chain exchanges rather than Altcoin.

BTC

2.01%

Tin Tức Bitcoin

ZRO, SPK, ARB , and other Token will unlock big deals next week, with ZRO unlocking approximately $23.2 million.

ZRO

15.15%

Tin Tức Bitcoin

The US and Iran reach a peace agreement, reopening the Strait of Hormuz.