The root cause of the @aztecnetwork exploit appears to be an unverified deposit proof issue.
Aztec lets users deposit assets into the rollup using ZK proofs. The intended flow is:
1. Generate a deposit proof
2. Call processRollup
3. The bridge verifies the proof, pulls the tokens from the user, and credits the rollup balance
In the attacker’s deposit processRollup calls, they supplied two proofs: one random proof and one deposit proof, but set numOfTxs = 1.
As a result, only one proof was processed, while the actual deposit proof was not verified. The bridge did not pull the tokens, but the attacker’s internal rollup balance was still credited.
The attacker repeated this “deposit” seven times, then withdrew the credited balances, draining around $2.1M.
Age verification is the Trojan horse for complete control of the internet.
Imagine you'd have to register your identity to read a newspaper. That's what this is about.
They say it's for the children, but it really is about taking away your right to use the web anonymously.
weekend project: https://t.co/SirJJ7epLk
one shelf for books, manifestos, essays, etc... built it for myself to keep everything I want to read and everything i love in one place.
First white-hat exploit on Ethereum: I unlocked 1,003.62
Ξ ($2,000,000) trapped in a 2016 ICO smart contract
for 9 years.
The 48 original investors can now claim their funds.
let's continue the technical insight posting today and i continue with something people still don't get: PoS or PoW (or DAGs) are NOT consensus protocols by themselves. they're _Sybil resistance mechanisms_ & block author selectors. it's this Sybil resistance mechanism combined with a chain selection rule (fork choice) that makes up a consensus mechanism. Ethereum currently runs _Gasper_: a consensus mechanism combining Casper FFG (finality gadget) with LMD-GHOST (fork choice rule), on top of PoS as the Sybil resistance mechanism & block author selector.
some good references:
- Casper: https://t.co/NnGFo5mcJb
- Gasper: https://t.co/awA6xREMd0
- https://t.co/PnSGHRiyfx
- https://t.co/qJfne7pPUL
💥NEW: 'PRO LAW ENFORCEMENT BILL' CLARITY PASSED OUT OF COMMITTEE
Feelings are mixed as U.S. Senate Banking Committee passes landmark cryptocurrency regulation while tension over core components remain.
🔗Full story: https://t.co/vlggPLaty9
Smart contract security requires lifecycle-level thinking, not just point-in-time snapshots 🔒
OpenZeppelin contributed to the new @blockchainssc Smart Contract Security Standard to support establishing a chain-agnostic baseline for full application-layer security.
I just became aware of a European Commission proposal that may create one of the biggest privacy risks to Europeans’ data in the last 20 years.
As a side effect, it may also expose EU data to foreign intelligence agencies.
I hope this is a technical glitch, not an intended outcome. Analysis incoming soon.
Find zero-days while you sleep. DeepZero is an automated vulnerability research framework that parses, decompiles, and analyzes thousands of Windows kernel drivers for exploitable IOCTLs natively using AI agents. https://t.co/lACioWjtkf