Wonderland — Aztec Core Contributor Report · Q1 2026
Summary
Q1 was hardening the standards contract set toward Alpha, plus closing the side tracks the launch needed alongside it: Vault security fixes, PrivateFPC for the L1 → wFJ → FJ private flow. Separately, we ran the Aztec CTF track at EthCC Cannes.
What we shipped this quarter
- Aztec Standards: we fixed security issues in the Vault contract, removed upgradeability by design, and tracked the protocol releases across five cuts.
aztec-standards - PrivateFPC and the L1 → wFJ → FJ flow: users can now fund Aztec accounts from L1 through a private path via PrivateFPC.
aztec-fee-payment- A metered FPC was prototyped and then discarded after the design moved away from oracles and offchain agents.
- FeeJuice frontend: built a three-step UI consuming PrivateFPC, with batched account deployment. Pending review
- Initializerless contracts via the
#[immutables]macro: any Aztec contract developer can now adopt the initializerless pattern with a single macro annotation, rather than forking our reference contracts. Users can receive funds before broadcasting any tx, because the contract address itself commits to the immutable parameters. Published as a standalone repo with docs, benchmarks, and noir tests.aztec-immutables-macro - Aztec Capture the Flag (CTF) track at EthCC Cannes: five Aztec challenges built specifically to be hard for LLMs to reason about, exercising protocol primitives that don’t yet have well-known attack patterns.
ethcc-ctf-aztec-challenges - Tooling:
- CAZT, a
cast-style CLI for Aztec key management (generate / derive / import / export / sign / verify / keystore)aztec-cazt - shared CI actions + benchmarking workflows now used across our Aztec repos.
aztec-ci-actions
- CAZT, a
What we’re shipping next quarter
Passkey wallet stack
Why it matters for Aztec: replaces the seed phrase with a WebAuthn passkey. The wallet runs in an iframe, out-of-process from the dApp, with capability-based permissioning.
Definition of done: account contract audited; SDK + iframe host consumed by at least one third-party dApp on testnet; recovery flow demonstrated end-to-end against a fresh device with no local state.
ARC-403 authorization extensions
Why it matters for Aztec: ARC-403’s hook pattern lets token issuers plug in authorization logic without forking the contract. We’re shipping four reusable hooks (allowlist, signature-by-authority, transfer volume cap, pausable) so issuers can drop them in directly.
Definition of done: all four hooks with integration and benchmark coverage, released as a versioned package compatible with the v4.2.0 Standards.
Multi-auth (in place of Multisig)
Why it matters for Aztec: we cut the heavy part of Q4’s multisig (threshold decryption) and swapped Schnorr-only signing for multi-auth, which composes with any authorization mechanism.
Definition of done: Multi-auth account contract with a defined threshold authorization scheme, full test coverage and benchmarks.
Preliminary analysis hints we may be blocked by reentrancy protection.
EIP-712: variable parameters and type combinations in call signatures
Why it matters for Aztec: the Q4 PoC proved the wallet approach. The next feature is what makes it general purpose: supporting variable amounts of parameters and combinations of types in the signature of the calls, so arbitrary dApp calls can be EIP-712 clear-signed.
Definition of done: circuit and JS SDK both support variable-arity calls with mixed type combinations; example dApp consumes the feature against testnet.
AZIP formalization of the contract standards
Why it matters for Aztec: moves the token, NFT, vault, and hook standards from our reference repo into Aztec governance so they can be reviewed and adopted formally rather than de facto.
Definition of done: at least one AZIP draft submitted with a public review thread.
Post-Quantum hardening research
Why it matters for Aztec: ephemeral keys underpin note encryption; a post-quantum scheme keeps that encryption secure if large-scale quantum computers become real.
Definition of done: research write-up with a recommended scheme and trade-off analysis. Additionally, once the analysis is reviewed and accepted, implementation proposal for the chosen scheme.
Reconciliation
- Fee Payment & Bootstrapping: Shifted from the original idea (private oracles) but delivered a fully private FPC model for L1 → wFJ → FJ flow.
- EIP-712 standalone repo: Slipped. Q1 wallet PoC proven; repo went stale through the quarter; Q2 picks it up around variable-parameters.
- Initializerless contracts: Delivered as
aztec-immutables-macro. - Speculative proving: Explored in Q4 2025 and dropped in Q1 2026. We concluded it’s a dead end.
- CAZT central debugging hub: Partially delivered. Key management is public; debugging-hub features deferred when the Alpha launch reshaped Q1 priorities.