零知识证明 zkDaily
ZKP Frontier Tracker 🎯
Tue
06.23
2026
Project avatar
Vulnerability
https://x.com/P3b7_/status/2069045986236695020
Charles Guillemet SGX Enclave TEE

Notes

零知识证明 zkDaily
Q&A Deep Dive 💬
Tue
06.23
2026
beginner
Why didn't other checks stop it?
The leaked key broke the signer check. The remaining guard, MREnclave pinning, was weakened because debug enclaves were accepted.
answer
intermediate
How was trust forged?
The L1 contract trusted enclaves by MrSigner. With the exposed key, the attacker could sign malicious code and appear as a trusted prover.
answer
expert
How were funds drained?
The attacker forged SGX attestations for fake L2 blocks, marked messages as retriable with processMessage(), then used retryMessage(), which lacked proof verification.
answer