Click here to join our community Discord server!

Aztec logoAztec

TVL: $1.63M

+40.20% / 7 days






Aztec is an open source layer 2 network that aims to bring scalability and privacy to Ethereum. It strives to enable affordable, private crypto payments via zero-knowledge proofs.

Risk summary


Validity proofs ensure state correctness[Edit][Issue]

Each update to the system state must be accompanied by a ZK Proof that ensures that the new state was derived by correctly applying a series of valid user transactions to the previous state. Once the proof is processed on the Ethereum blockchain the L2 block is instantly finalized.[1]

    Zero knowledge SNARK cryptography is used[Edit][Issue]

    Despite their production use ZK-SNARKs are still new and experimental cryptography. Cryptography has made a lot of advancements in the recent years but all cryptographic solutions rely on time to prove their security. In addition ZK-SNARKs require a trusted setup to operate.[2]

    • Funds can be stolen if the cryptography is broken or implemented incorrectly.

    All data required for proofs is published on chain[Edit][Issue]

    All the data that is used to construct the system state is published on chain in the form of cheap calldata. This ensures that it will always be available when needed.[3]


      The system has a centralized operator[Edit][Issue]

      Only specific addresses appointed by the owner are permitted to propose new blocks during regular rollup operation. Periodically a special window is open during which anyone can propose new blocks.[4][5]

      • MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.

      Users can force any transaction[Edit][Issue]

      Because the block production is open to anyone if users experience censorship from the operator they can propose their own blocks which would include their transactions. Periodically the rollup opens a special window during which anyone can propose new blocks.[6]

      • Users can be censored if the operator refuses to include their transactions and users lack resources to propose blocks themselves.


      Regular withdraw[Edit][Issue]

      The user initiates the withdrawal by submitting a transaction on L2. When the block containing that transaction is proven on L1 the assets are automatically withdrawn to the user.[7]

        Other considerations

        Payments are private[Edit][Issue]

        Balances and identities for all tokens on the Aztec rollup are encrypted. Each transaction is encoded as a zkSNARK, protecting user data.[8]

          Smart Contracts[Edit][Issue]

          The system consists of the following smart contracts:

          • RollupProcessor 0x7379…A2ba
            This contract stores the following tokens: ETH, DAI.
          • AztecFeeDistributor 0x41A5…6734
          • TurboVerifier 0xDCC8…F874
            The source code of the VerificationKeys library used by this contract is not verified on Etherscan.

          The current deployment carries some associated risks:

          • Funds can be stolen if the source code of unverified contracts contains malicious code (CRITICAL).


          1. RollupProcessor.sol#L395 - Etherscan source code
          2. TurboVerifier.sol#L37 - Etherscan source code
          3. RollupProcessor.sol#L359 - Etherscan source code
          4. RollupProcessor.sol#L97 - Etherscan source code
          5. RollupProcessor.sol#L369 - Etherscan source code
          6. RollupProcessor.sol#L347 - Etherscan source code
          7. RollupProcessor.sol#LL396 - Etherscan source code
          8. Fast Privacy, Now - Aztec Medium Blog