Privacy Infrastructure Needs Adversarial Eyes.
Zero-knowledge rollups compress execution and hide transaction details from everyone except the parties involved. Aztec is building the privacy layer for Ethereum and has just opened its smart contract attack surface to researchers, with bounties up to $50,000 USD.
The program is live now on Cantina. It covers the full L1 contract stack: the rollup processor that verifies proofs and manages state, the message bridge that moves data between L1 and L2, governance contracts that control protocol upgrades, staking infrastructure, token distribution vaults, and the Honk proof verifier that validates every zero-knowledge proof on-chain. If you want to probe the contracts that underpin a privacy-first L2 before mainnet hardens, this scope gives you a direct line.
Why This Bounty Matters
Aztec is one of the few L2s building encrypted state and private execution into the protocol itself, not as an optional sidecar. The architecture uses zero-knowledge proofs to verify computation without revealing inputs, which means the L1 contracts have a different risk profile than those of a typical optimistic or ZK rollup. The proof verifier must reject every invalid proof. The governance system must resist manipulation that could redirect protocol control. The staking and token distribution contracts manage the economic layer that aligns validators' behavior.
Each of these systems has a distinct failure mode. A bug in the Honk verifier could allow forged proofs to pass. A flaw in governance could let an attacker push a malicious upgrade. A vulnerability in the staking registry could disrupt validator economics. This bounty is designed to find these vulnerabilities before someone else does.
What's in Scope
The program is smart-contract-only, covering four major contract groups deployed on Ethereum mainnet.
Core rollup infrastructure includes Rollup.sol (the main rollup contract at 0x603bb2...), EscapeHatch.sol, and the message bridge contracts: Inbox (0x15c718...), Outbox (0xf006c4...), and FeeJuicePortal (0xe05dc9...). The RewardBooster, Slasher, and TallySlashingProposer contracts round out the core set. All supporting libraries under l1-contracts/src/core and l1-contracts/src/shared are also in scope.
Governance covers CoinIssuer, Governance.sol, GSE (the Governance Staking Escrow), GovernanceProposer, Registry, and RewardDistributor. These contracts control how protocol upgrades are proposed, voted on, and executed. Manipulation of governance voting outcomes that changes intended results is classified as Critical.
Periphery and proof verification includes FlushRewarder and the BaseHonkVerifier (0x77e3ba...), which is the on-chain verifier for Aztec's Honk proof system. The verifier is the trust root of the entire rollup: if it accepts an invalid proof, the rollup's integrity guarantee is broken.
Token and staking infrastructure under ignition-contracts covers the ProtocolTreasury, the Aztec Token contract, the full ATP (Aztec Token Position) vault system (linear, milestone, no-claim, and staker variants), the staking registry, multiple staker contract types (withdrawable, non-withdrawable, claimable), and the GovernanceAcceleratedLock and VirtualAztecToken contracts for the Uniswap periphery integration.
Reward Tiers
All rewards are paid in USDC on Ethereum, denominated in USD.
- Critical: $10,000 to $50,000 (10% of funds directly affected, with a $10K floor)
- High: $5,000 to $10,000
- Medium: $3,000
- Low: $1,000
For critical findings, the reward scales with the value at risk. Repeatable attacks on non-upgradeable contracts are evaluated on cumulative impact, meaning the total potential drain factors into the payout rather than only the first exploit. For temporary fund freezing, the reward doubles for each additional 24-hour period of the freeze, capped at the High maximum.
What Makes This Target Interesting for Researchers
Several things stand out in this scope.
The Honk proof verifier is a high-value target by nature. ZK verifier contracts translate complex cryptographic operations into Solidity, and the gap between the mathematical specification and the on-chain implementation is where bugs live. BaseHonkVerifier.sol and its supporting libraries are explicitly in scope, which is an invitation to probe the proof validation logic for edge cases in curve arithmetic, pairing checks, or transcript handling.
The governance stack is unusually deep. Aztec has a full governance pipeline from GovernanceProposer, through Governance.sol, to the Registry, with GSE handling vote-weight delegation via a staking escrow. The interaction between staking lockups, vote delegation, and proposal execution creates a multi-contract surface where timing attacks, flash-loan-style vote accumulation (if applicable), and state inconsistencies across the pipeline are worth investigating.
The ATP vault system introduces four distinct vesting/distribution models (linear, milestone, no-claim, staker-based), each with its own claim logic and withdrawal constraints. The interaction between these vaults, the staking registry, and the governance weight system means a bug in one vault type could cascade into staking or governance behavior.
The message bridge (Inbox/Outbox/FeeJuicePortal) handles L1-to-L2 and L2-to-L1 communication. Message bridges are historically one of the highest-risk components in any rollup architecture. Cross-layer message ordering, replay protection, and fee accounting are all areas where subtle bugs have caused significant losses on other protocols.
Program Rules Worth Noting
Eligibility to claim rewards must pass the privacy-preserving eligibility check. The program follows Primacy of Impact for Critical and High smart contract findings, meaning researchers get credit even if the vulnerable asset isn't explicitly listed, as long as the impact falls in scope.
Testing must happen on local forks only. Mainnet and public testnet testing is explicitly prohibited. Third-party oracle testing and interaction with external systems are also out of scope.
One known issue is already excluded: the voting power delegation behavior documented at forum.aztec.network. Check the program page for the full exclusion list and previous audit reports before submitting.
How to Submit
All reports go through the Cantina platform. Include the vulnerability description, reproduction steps with a working PoC, the conditions required for exploitation, and the potential impact. Severity classification uses the Immunefi framework, with Aztec-specific modifiers for fund-at-risk calculations and freeze-duration scaling.
The full program details, deployed contract addresses, and scope definitions are on the Aztec Network bug bounty page on Cantina.
If you specialize in ZK circuits, governance attack vectors, or bridge security, this scope was built for you.