TechFlow reports that on June 15, according to analysis by BlockSec Phalcon (@Phalcon_xyz), the RollupProcessorV3 contract of Aztec Network was attacked, resulting in losses exceeding $2.15 million. The root cause lies in the fact that numRealTxs was not effectively bound to the set of transactions enforced by the ZK proof, causing a discrepancy between the proof verification path and the L1 settlement logic’s interpretation of the transaction list.
The attacker exploited this vulnerability to move genuine deposits into slots not processed by the settlement logic, thereby bypassing the decreasePendingDepositBalance() function. This allowed the attacker to create unbacked private balances out of thin air and withdraw them via the normal settlement process—across seven different assets.
