A 2.15 million dollars lesson: numRealTxs wasn’t tightly bound to the proof of lock-in—attackers directly moved deposits into ghost slots to cash out. Aztec’s vulnerability design is too subtle.

AZTEC1.14%
View Original
CoinNetwork
Crypto界消息,据BlockSec Phalcon分析,Aztec Network的RollupProcessorV3合约遭到攻击,损失超过2.15M美元。根本原因在于numRealTxs未有效绑定至zk证明所强制执行的交易集,导致证明验证路径与L1结算逻辑对交易列表的解释出现偏差。攻击者利用该漏洞将真实存款移至未被结算逻辑处理的槽位,绕过decreasePendingDepositBalance()函数,凭空创建无担保私人余额后通过正常结算流程提取,共涉及七种资产。
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned