Blockchain security firm SlowMist has published a technical analysis of the $2.19 million exploit targeting Aztec Connect’s deprecated RollupProcessor contract, concluding that the attack stemmed from a flaw in how Layer 1 settlement logic handled transactions committed by the protocol’s zero-knowledge proofs.
According to the report, the attacker exploited a mismatch between the contract’s settlement boundary and the public inputs committed by the ZK proof, creating a discrepancy between Layer 1 and Layer 2 accounting that enabled the withdrawal of assets without corresponding deposits.
The incident highlights a critical design risk for ZK-rollups: if Layer 1 settlement checks do not fully align with the data committed by zero-knowledge proofs, attackers may create inconsistent L1 and L2 states and withdraw unbacked assets.
Settlement boundary mismatch enabled the exploit
The exploit targeted the deprecated Rollup Processor contract, which has remained on-chain since Aztec Connect was retired in March 2024 because it continues to custody legacy user assets.
SlowMist found that the contract’s settlement loop processed transactions based on the numRealTxs parameter, while the accompanying ZK proof committed to a larger set of decoded public input slots. The difference between those two values created a gap that attackers could manipulate.
According to the report, the forged transactions were included in the ZK proof and accepted into the Layer 2 state but were never examined during Layer 1 settlement verification. As a result, the protocol recorded deposits on Layer 2 without deducting assets from the Layer 1 liquidity pool.
Exploit created divergent L1 and L2 states
SlowMist described the vulnerability as a settlement boundary bypass, where the same calldata was interpreted differently by two separate verification paths. The ZK proof committed to 32 public input slots, while the Layer 1 settlement contract processed only the first slot based on the attacker-controlled numRealTxs value. This inconsistency allowed forged deposits in the remaining slots to be accepted by the rollup while remaining invisible to Layer 1 validation.
The report notes that the protocol’s security model relied on both the smart contract and the ZK circuit, enforcing the same assumptions. Once the circuit failed to constrain the unused slots, the Layer 1 contract lacked independent checks to detect the manipulated values.
Attack executed in a single atomic transaction
According to SlowMist, the exploit was carried out through 14 consecutive processRollup() calls executed within a single atomic transaction.
The first seven rollups allegedly created unsupported balances on Layer 2 by inserting forged deposits into the unverified slots. The following seven rollups withdrew those balances as legitimate assets from the Layer 1 pool. The attacker ultimately drained approximately $2.19 million, including ETH, DAI, wstETH, LUSD, yvDAI, yvWETH, and yvLUSD, from the RollupProcessor contract.
SlowMist’s on-chain investigation found that the stolen assets were routed through an intermediate attack contract before being transferred to the attacker’s externally owned wallet (EOA). As of June 15, the security firm said all of the stolen assets remained in that wallet and had not yet been moved or laundered.
Lessons for rollup developers
SlowMist concluded that rollup protocols should ensure the scope of Layer 1 settlement verification exactly matches the public inputs committed by zero-knowledge proofs.
The firm also recommended comprehensive external audits focused on Layer 1 and Layer 2 state consistency, calldata decoding logic, and independent verification of ZK public inputs. For deprecated smart contracts that continue to hold user funds, SlowMist advised projects to migrate or remove legacy assets to reduce long-term security exposure.
Recent exploits highlight risks in legacy smart contracts
The Aztec Connect incident follows several recent crypto exploits involving both legacy infrastructure and compromised administrative controls. On June 10, Solana-based decentralized exchange Raydium disclosed that attackers exploited a validation flaw in its deprecated AMM V3 program to drain approximately $1.34 million from five inactive liquidity pools that had remained on-chain since the protocol was phased out in 2021. Raydium said no current users or active programs were affected.
Separately, Humanity Protocol disclosed that a June 8–9 attack involving compromised private keys and bridge administration controls resulted in the theft or unauthorized minting of approximately 447 million H tokens across Ethereum and BNB Smart Chain. The project said attackers gained control of multiple bridge-related administrative contracts, allowing them to drain existing tokens and mint new ones.
Together, the incidents underscore how dormant smart contracts and compromised administrative privileges continue to be major attack vectors across the crypto ecosystem.
Also Read: XRP Jumps 10% Ahead of June FOMC Meeting As OI Rises to $2.7B
