A comprehensive bridge application for transferring tokens between Ethereum (L1) and Aztec Network (L2), featuring a modern React/Next.js frontend with seamless Web3 integration.
π¨ THIS IS A TESTNET BRIDGE WITH KNOWN VULNERABILITIES π¨
- NOT FOR PRODUCTION USE: This bridge is designed for testing and development purposes only
- KNOWN SECURITY ISSUES: The bridge contains known vulnerabilities and should never be used with real funds
- TESTNET TOKENS ONLY: Only use with testnet tokens that have no real value
- NO SECURITY GUARANTEES: Do not rely on this code for any production or mainnet deployments
- EDUCATIONAL PURPOSE: This implementation is for learning and testing Aztec network functionality
The Aztec Bridge UI enables users to:
- Bridge tokens between Ethereum Layer 1 and Aztec Layer 2
- Manage multiple token types (ERC20, NFTs)
- Interact with Aztec's privacy-preserving Layer 2 network
- Use sponsored transactions for improved UX
- Connect multiple wallet types including MetaMask and Silk Wallet
aztec-ui/
βββ frontend/ # Next.js React application
βββ bridge-script/ # Bridge automation scripts
βββ l1-contracts/ # L1 smart contracts (Foundry)
βββ aztec-contracts/ # L2 Aztec contracts (Noir)
βββ .github/ # CI/CD workflows
- Frontend: Modern Next.js app with TypeScript, Tailwind CSS, and Web3 integrations
- Bridge Scripts: Automated bridging logic and deployment scripts
- L1 Contracts: Ethereum smart contracts for token portals and handlers
- L2 Contracts: Aztec Noir contracts for private token management
- Node.js 18+ and pnpm
- Foundry (for L1 contracts)
- Aztec CLI (for L2 contracts)
# Clone the repository
git clone <repository-url>
cd aztec-ui
# Install frontend dependencies
cd frontend
pnpm install
# Install bridge script dependencies
cd ../bridge-script
pnpm installCreate environment files for sensitive configuration:
# Frontend (.env.local)
NEXT_PUBLIC_WALLETCONNECT_PROJECT_ID=your_walletconnect_id
FAUCET_PRIVATE_KEY=0x...
ETHEREUM_RPC_URL=https://sepolia.infura.io/v3/...
ALCHEMY_API_KEY=your_alchemy_key
# Bridge Scripts (.env)
L1_URL=https://sepolia.infura.io/v3/...
MNEMONIC=your_test_mnemonic
PXE_URL=http://localhost:8081# Start the frontend development server
cd frontend
pnpm dev
# The app will be available at http://localhost:3000cd frontend
# Development
pnpm dev # Start dev server with Turbo
pnpm build # Build for production
pnpm start # Start production server
pnpm lint # Run ESLintcd bridge-script
# Bridge operations
node index.js # Run main bridge script
node index-testnet.js # Run testnet deployment
node fees.ts # Fee management utilitiescd l1-contracts
# Contract operations
forge build # Compile contracts
forge test # Run tests
forge deploy # Deploy contracts- Mainnet: Ethereum Mainnet
- Testnet: Sepolia
- Testnet: Aztec Testnet (Chain ID: 1337)
- Design System: Custom Tailwind CSS components
- Responsive: Mobile-first responsive design
- Dark Mode: Theme support
- Toast Notifications: Real-time user feedback
- Multi-Wallet Support: MetaMask, Silk Wallet, WalletConnect
- Token Management: ERC20 and NFT support
- Transaction Tracking: Real-time transaction status
- Gas Optimization: Sponsored transactions support
- Datadog Integration: Performance monitoring and logging
- React Query: Efficient data fetching and caching
- Persistent State: Local storage persistence
THIS IS A TESTNET BRIDGE WITH KNOWN VULNERABILITIES - NOT PRODUCTION READY
This bridge implementation:
- β Contains known security vulnerabilities
- β Has not undergone professional security audits
- β Should never be used with real value or on mainnet
- β May have unpatched critical security flaws
β οΈ Is intended for educational and testing purposes only
- β Environment variables for all sensitive data
- β Proper secret management in CI/CD
- β No hardcoded production credentials
- β Basic input validation
β οΈ However, these do not address the underlying architectural vulnerabilities
All sensitive information is properly managed through environment variables:
- API keys, private keys, and RPC URLs are never committed
- Production secrets are managed through Vercel and GitHub Secrets
- Test values are clearly marked and separated from production
- Bridge contracts may have reentrancy vulnerabilities
- Insufficient access controls in some components
- Lack of comprehensive validation in bridge operations
- Potential for fund loss due to architectural issues
- Missing security features required for production use
The project uses GitHub Actions for automated deployment:
# Triggers on main branch push
# Deploys to both preview and production environments
# Manages environment variables securely# Build and deploy frontend
cd frontend
pnpm build
vercel --prod
# Deploy L1 contracts
cd l1-contracts
forge script script/Deploy.s.sol --broadcastcd frontend
pnpm test # Run unit tests
pnpm test:e2e # Run end-to-end testscd l1-contracts
forge test # Test L1 contracts
cd aztec-contracts
aztec test # Test L2 contractsPOST /api/faucet- Request test ETH for gas fees- Body:
{ "address": "0x..." }
POST /api/mint-tokens- Mint test tokens- Body:
{ "address": "0x...", "amount": "1000" }
GET /api/alchemy/nfts- Fetch user NFTsGET /api/alchemy/tokens-balances- Get token balances
- ESLint: Configured with Next.js and React rules
- Prettier: Code formatting
- TypeScript: Full type safety
- Git Hooks: Pre-commit validation
main: Production-ready codedevelop: Integration branchfeature/*: Feature development
- Fork the repository
- Create a feature branch:
git checkout -b feature/amazing-feature - Commit changes:
git commit -m 'Add amazing feature' - Push to branch:
git push origin feature/amazing-feature - Open a Pull Request
- Follow TypeScript best practices
- Maintain test coverage
- Update documentation for new features
- Ensure security review for sensitive changes
This project is licensed under the MIT License - see the LICENSE file for details.
- Documentation: Check the
/docsdirectory - Issues: GitHub Issues for bug reports
- Discussions: GitHub Discussions for questions
Built with β€οΈ for the Aztec ecosystem