SlowMist|6月 15, 2026 15:30
✍️ Technical Analysis Published: Analysis of the $2.19M Asset Theft from Aztec Connect
A deprecated Aztec Connect RollupProcessor contract was exploited through a settlement boundary bypass vulnerability, enabling attackers to create an L1/L2 state discrepancy and drain approximately $2.19M from the protocol.
The attack abused a mismatch between numRealTxs and decoded_slots, allowing forged deposits to be committed by the ZK proof while remaining invisible to the L1 settlement verification process.
Our report provides a complete reconstruction of:
🔹 Vulnerability root cause
🔹 ZK commitment vs settlement boundary mismatch
🔹 Dual-path state divergence model
🔹 Atomic exploit execution
🔹 On-chain fund tracing
This case highlights a critical security principle for Rollup systems: settlement boundaries must always be strictly aligned with the commitment scope of ZK public inputs.
Read the full analysis below 👇
https://medium.com/p/d867c59b1fc6?postPublishedType=initial(SlowMist)
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink