Aztec Network exploit drains over $2.15M after ZK proof and L1 settlement mismatch

BlockSec Phalcon (@Phalcon_xyz) reports that Aztec Network"s RollupProcessorV3 contract was exploited, with losses topping $2.15 million. The issue stemmed from numRealTxs not being correctly bound to the transaction set enforced by the ZK proof, leading to divergent interpretations of the transaction list between the proof verification path and the L1 settlement logic. By leveraging the gap, the attacker shifted legitimate deposits into slots the settlement logic did not account for, sidestepping decreasePendingDepositBalance(). This allowed the creation of unauthorized private balances, which were later withdrawn through standard settlement flows. The exploit impacted seven separate assets.