Intro

The Aztec Network is the first private ZK-rollup on Ethereum. Aztec Connect provides a privacy-first toolkit for Ethereum, enabling users to transact with one another and access existing DeFi applications without leaking their account information.

Challenge

Aztec’s goal was to create a fully private ecosystem where Ethereum developers can integrate privacy and scalability into their protocol through the Aztec Connect SDK. Aztec’s rollup is secured by its PLONK proving mechanism. Its rollup contract is responsible for processing Aztec zkRolllups, relaying rollups to a verifier contract, and performing token transfers and DeFi interactions for its users. Aztec’s rollup contract makes use of a custom message encoding scheme, and relies on inline assembly for fine-grained control of the EVM. With this added complexity, it is incredibly important to ensure their encoding scheme and use of assembly was safe.

Solution

Third-party audits gave the Aztec team the opportunity to have security experts evaluate the protocol and make recommendations for better security. Arbitrary Execution was one of the organizations selected to perform these audits.

Arbitrary Execution security researchers performed an audit of the Aztec Connect code, focusing on Aztec’s RollupProcessorV2, Decoder, and DefiBridgeProxy contracts. The team focused the engagement around specific questions raised by the Aztec team, such as:

  • Can an attacker manipulate the encoded proof data such that the proof still passes, but actions other than expected are performed?
  • Can an attacker remove funds from the rollup, without a valid withdraw proof or valid deposit into a bridge?
  • Can an attacker brick the contract or freeze funds indefinitely?
  • Can an attacker escalate privileges?

The Arbitrary Execution audit process included a detailed, manual review of the source code as well as the use of customized automated static analysis tools. Multiple engineers analyzed each line of code to ensure the review was thorough.

Results

AE did not identify any situations where an attacker could perform the actions outlined by the Aztec team. The audit resulted in a total of 16 other findings, ranging in severity from note (informational) to low. The low severity findings did not have severe security implications, but could lead to the contracts behaving in unexpected ways. Identifying these findings and guiding their remediation has improved the project’s code hygiene, and resulted in additional safety checks added to the protocol. 

On top of code security, having a public audit performed on the protocol helps build user confidence that the protocol is secure. Today, Aztec Connect has successfully integrated with three major L1 DeFi applications and has planned integrations with many more. Aztec Connect crossed the $20 million mark for $DAI deposited since its launch in January.