██ ██ ██████
██ ██ ██
██ ██ ██████
████ ██
██ ██████
A Z T E C
v 5 · 0 · 0 — none of the wait, twice the pace, half the gates.
Date: 2026-07-11 · Tag: v5.0.0 · Baseline: v4.4.0 · First stable v5 — supported on testnet AND mainnet
Install: aztec-up install 5.0.0 · Docker: aztecprotocol/aztec:5.0.0
Summary
v5.0.0 is the first stable release of the v5 line and the first Aztec release supported on both testnet and mainnet. It is built around three things. Speed: block production is now pipelined (AZIP-6) — the proposer builds and broadcasts a slot's checkpoint a slot ahead, so attestations and L1 submission are ready when the slot opens instead of eating an idle in-slot wait — cutting user-perceived transaction latency from an average of ~72s to under 6s; epoch proving starts optimistically the moment each checkpoint lands on L1; client-side proving is 2.0–2.5x faster than v4, with client proofs also smaller and cheaper to move; network proving is lighter, with the root rollup circuit roughly half its v4 size; and a separate Solidity Honk verifier optimization cuts epoch-proof verification on L1 by ~44%. Developer tooling: contracts choose message-delivery guarantees explicitly, PXE picks up on-chain contract upgrades automatically, the TXE test runtime runs contract tests in parallel worker threads, and the node/wallet APIs were consolidated and cleaned up. Security hardening: a broad audit-driven campaign closed classes of issues across the P2P layer, consensus, proving and fees, validator signing, and the circuits themselves. v5 is a hard fork from v4: every account and contract address changes, and local PXE state is reset on upgrade — see Breaking changes before doing anything else.
What contract developers should care about
- Explicit message-delivery guarantees — the new
aztec::messages::deliverymodule lets every note/event.deliver(...)call pickMessageDelivery::offchain(),::onchain_unconstrained(), or::onchain_constrained(), each with documented cost/privacy/guarantee trade-offs, plus a.with_sender(...)builder to control the discovery tag (#23875, #23866, #24432). - New
factsprimitive — contracts can record typed, immutable, reorg-safe facts in PXE's local store (record_retractable_fact/record_non_retractable_fact, with automatic pruning of retractable facts on reorg). Partial notes are reimplemented on top of it as an explicit state machine (#24139, #24369). - Contract upgrades now "just work" in PXE — PXE no longer tracks a contract's current class; it resolves it from the node on demand. After an on-chain upgrade via the
ContractInstanceRegistry, registered instances pick up the new class with no PXE-side action.pxe.updateContractis gone; register the new artifact withregisterContractClassinstead (#24282). - Immutable state committed into the address —
ContractInstancegainsimmutablesHash, folded into address derivation, enabling patterns like initializerless accounts and cheap in-circuit access to per-instance immutables;contract_class_idis renamedoriginal_contract_class_idto make the deploy-time/current-class distinction explicit (#23091, #23152, #23512). - New
TransientArray/TransientValuestorage tier — shared across all call frames of the same contract within one top-level PXE call, sitting betweenEphemeralArray(one call frame) andCapsuleArray(persistent) (#23576, #23982). - Faster L2-to-L1 message consumption — the Outbox supports partial-epoch proofs, so portals and bridges can consume messages as soon as a proof covering their checkpoint lands instead of waiting for the full epoch (#14342).
- Smaller public bytecode — the public dispatch macro deduplicates argument-unpacking code across public functions that share parameter shapes, shrinking bytecode for contracts with many public entry points (#23464).
- Cheaper passkey verification — the in-circuit ECDSA secp256r1 (P-256 / WebAuthn) verification cost dropped from 72,313 to 45,945 gates (~36% smaller), making passkey-based accounts meaningfully cheaper to prove.
- Faster contract test runs — the TXE test runtime now bundles its oracle server with esbuild and runs contract simulations across a pool of worker threads sharing one prebuilt contract-class store.
- Cross-contract utility calls expose
msg_sender— a utility function called from another contract can read the caller viaself.msg_sender(); top-level utility calls have none (usemaybe_msg_sender()). - Leaner protocol surface — only
ContractClassRegistry,ContractInstanceRegistry, andFeeJuiceremain protocol contracts (compacted to addresses 1–3);auth_registry,public_checks, andmulti_call_entrypointare now ordinary standard contracts with newSTANDARD_*address constants (#23262). - API tightening you will hit when recompiling —
PrivateContextfields are accessor-only (#24417); L1→L2 message secrets are[Field; N]arrays (#24599);for_eachiterates front-to-back and no longer supports mid-iteration removal (#24021);push_nullifieris renamedpush_nullifier_unsafe. See Breaking changes.
What node operators should care about
- Pipelined checkpoint production is now the only mode — the sequencer builds a checkpoint (multiple L2 blocks) per slot, broadcasts the proposal for slot N during slot N-1 so the committee attests ahead of time, and submits to L1 at the start of slot N. The idle wait-for-attestations window is gone — internal measurements put user-perceived transaction latency under 6s, down from an average of ~72s — and the non-pipelined code path was deleted (#23665, #23821, #23809, #24031).
- Optimistic epoch proving — the prover node was rearchitected around per-checkpoint provers that start gathering transactions and proving their sub-tree the moment a checkpoint lands on L1, rather than when the epoch closes; by epoch end, typically only the top of the proof tree remains. Early-finish submissions that another prover beats resolve as superseded without spending L1 gas (#23552, #24436, #24216, #24051).
- Halved rollup circuits — the root rollup recursive-verification circuit shrank from 12,998,775 to 6,351,528 gates (-51%), and the in-circuit cost of recursively verifying a client (Chonk) proof from 2,395,106 to 1,368,123 gates (-43%): faster proving and lower memory at every level of the rollup.
- Cheaper epoch-proof verification on L1 — the gas to verify an epoch proof on L1 dropped from ~3.6M to ~2M (~44% less) via the new gas-optimized ZK-Honk verifier, lowering prover L1 operating costs.
- Network-wide consensus config is enforced — config values that must match across the network (slot/epoch timing,
MAX_BLOCKS_PER_CHECKPOINT, committee size, staking and slashing parameters) are sourced from the network preset, and the node refuses to start if your environment diverges, unless you explicitly setALLOW_OVERRIDING_NETWORK_CONFIG(#23977). - JSON-RPC namespaces renamed —
node_*→aztec_*,nodeAdmin_*→aztecAdmin_*,nodeDebug_*→aztecDebug_*; the standalonep2p_*namespace folded into the node API (#23909). Update any tooling that used the old prefixes; do not rely on a legacy alias being present. - Prover RPC moved behind the admin port —
prover_startProofand friends now require the admin API key; a newaztec prover start-proof/get-jobsCLI is included (#24189). - Database schema bumps — the archiver and PXE stores auto-wipe and resync on first start. HA-signer setups must run
aztec migrate-ha-db up --database-url postgresql://...before starting any v5 node (idempotent; run as an init container on Kubernetes). See the forum migration guide. - Expanded slashing coverage — new offenses for proposers exceeding the max blocks per checkpoint (#24041), data withholding per AZIP-7 (attesters who cannot produce the txs for their attested blocks within a tolerance window), and checkpoint equivocation between P2P and L1. Several
SLASH_*env vars were renamed or removed — check your config. - Safer defaults and failure modes — the node shuts itself down rather than following an incompatible canonical rollup upgrade (#24269); world-state queries fail closed instead of serving stale or wrong-fork data (#24563); HA validator signing fails closed on persistence gaps and races that could previously lead to double-signing (#24556, #24565); peer bans persist across restarts (#23922).
- Lighter RPC responses — tx lookups no longer ship the ~35–52KB proof per transaction unless
includeProof: trueis passed (#23827). - Slasher replacement is time-delayed on L1 — replacing a rollup's slasher now goes through a queue with a 60-day delay (and a 30-day drain window for the outgoing slasher), so validators can exit if they object; the escape hatch is now set-once and validated against the rollup it serves.
What wallet / PXE users should care about
- Every account address changes — plan for a full reset. Four independent protocol changes each shift addresses (hash-only master keys per AZIP-8, signing-key-rooted derivation, Schnorr's move to Poseidon2, and
immutablesHashin address derivation), and the PXE schema bump wipes all local state on first open. Treat the v5 upgrade as: deploy fresh accounts, migrate funds, re-register contracts, re-sync from genesis. Details under Breaking changes. - Keys are rooted on the signing key — the signing key is now the derivation root and the privacy secret is derived from it (
deriveSecretKeyFromSigningKey); PXE never receives the seed or the message-signing/fallback secret keys, only the four privacy secrets plus public keys.deriveSigningKeyis removed (#24439, #24451, #24416). - Initializerless accounts — a new Schnorr account variant needs no deployment transaction: the address commits to the signing public key via
immutablesHashand the contract state is materialized locally in PXE, so the account is usable immediately. Sandbox test accounts use this by default (#23973, #23962). - Smaller client proofs, faster prover bootstrap —
AztecClientBackendgainscompressProof/decompressProof, cutting per-transaction proof serialization for P2P gossip from ~52KB (1,632 field elements) to ~35KB compressed (#21065); the G1 reference string now downloads in compressed form, halving the SRS data a browser or mobile prover fetches before it can start proving (#21112). - SQLite everywhere — the default PXE/wallet storage backend is SQLite on every platform; in the browser this means SQLite-OPFS instead of IndexedDB (
@aztec/kv-store/sqlite-opfs). Note OPFS takes an exclusive origin-wide lock, so handle the second-tab case inEmbeddedWalletapps (#24179). - Note discovery without pre-registration — unconstrained delivery to an external recipient defaults to a non-interactive handshake, so recipients can discover messages without having registered the sender first (at the cost of an on-chain marker derived from the recipient's address) (#24387); sender/shared-secret registration is unified under
TaggingSecretSource(#24280). - Gas handling is validated up front — wallets reject transactions whose gas limits exceed the network's advertised per-tx admission limit (
NodeInfo.txsLimits) before sending, instead of the tx silently never being included (#23947). - Cleaner client APIs —
getTxReceiptreturns aPending/Dropped/Minedlifecycle union (#23660);getPublicEventsis cursor-paginated so you can actually page through all events (#24324); L2→L1 message witnesses are computed node-side (#23646, #24207); the uncheckedAztecAddressconstructors carry anUnsafesuffix (#24230). - "What if" simulation —
simulate()accepts anoverridesoption to inject public storage values into an ephemeral fork, and afastForwardContractUpdatehelper simulates a full contract-class upgrade without performing one. - Custom oracle hook —
resolveCustomRequestlets a wallet intercept and answer caller-defined oracle requests from contract code (#24409). - Wallet SDK integration docs —
@aztec/wallet-sdknow ships a third-party integration README covering the discovery → key-exchange → encrypted-channel connection model for wallet extensions.
Breaking changes
v5 is a hard fork with no state migration from v4. The consolidated items below cover most of the impact; the full, per-change migration reference is the migration notes and, for operators, the v5 node migration guide.
Every address changes; local PXE state is wiped
Four protocol changes each independently alter account and contract addresses, and they all land at once:
- Hash-only master keys (AZIP-8) —
PublicKeyscarriesnpk_m/ovpk_m/tpk_monly as Poseidon2 hash digests (.npk_m_hashetc.); onlyivpk_mremains a curve point. Every address derived from a non-defaultPublicKeyschanges, and theContractInstancePublishedlog moves to a version-2, 13-field payload (#23159, #24284). - Signing keys as the derivation root — the privacy secret is derived from the signing key, not the other way around, and two new master keys (message-signing, fallback) join the derivation (#24451, #24348).
- Schnorr moves from blake2s/pedersen to Poseidon2 — with a new
[Field; 4]auth-witness format. Previously deployed Schnorr accounts cannot be controlled by new client code; ECDSA accounts are unaffected (#21808). - Address derivation v2 —
immutablesHashis folded into the salted initialization hash, and new domain separators harden every Merkle, block-header, and blob hash — which also changes every tree root, genesis constant, and block hash, so regenerate any pinned test fixtures.
Consequently: expect every account and contract address on the network to change. On first open, v5 PXE wipes the entire local database (accounts, contacts, aliases, synced notes) — there is no forward migration. Deploy fresh accounts (previous addresses are not recoverable from the same secret), migrate funds before upgrading where applicable, re-register contracts, and re-sync from genesis. Wallets should surface a "local state was reset" flow to users. The aztec-wallet CLI reflects the new key architecture too: --secret-key/SECRET_KEY becomes --signing-key/SIGNING_KEY, and saved accounts do not carry over.
Pipelined block production changes the protocol's shape
The speed-up pillar is one coherent redesign spanning L1 and the node, and its pieces are individually breaking:
- Proposer pipelining (AZIP-6) is the sole production mode — the proposer for slot N builds and broadcasts its checkpoint during slot N-1, and the non-pipelined block-building path was removed. (The block→checkpoint rename and multi-block checkpoints predate the v4 line; what is new in v5 is the pipelined timing, not the terminology.)
- L1 verifies checkpoint headers directly —
submitEpochRootProoftakes checkpoint headers instead of a prover-supplied fee array and re-verifies them against stored header hashes (#24190); the Outbox keys roots by checkpoints-covered to support partial-epoch proofs (#14342). - The sequencer's sub-slot timetable is always enforced (
SEQ_ENFORCE_TIME_TABLEis gone);SEQ_BLOCK_DURATION_MSandMAX_BLOCKS_PER_CHECKPOINTare consensus-critical network values. - Proposal and attestation signing moved to EIP-712 typed data under the "Aztec Rollup" domain — anyone running custom signing infrastructure must switch (#22531).
- The prover node's public JSON-RPC surface shrank and moved to the authenticated admin port (#24189).
Also breaking, in brief
- Node RPC: namespace renames (
aztec_*); unifiedgetBlock/getCheckpointwith an options bag (removesgetBlockByHash,getProvenBlockNumber, etc.); log retrieval consolidated togetPrivateLogsByTags/getPublicLogsByTags; tx lookups proofless by default;NodeInfo.txsLimitsis required (old clients cannot talk to new nodes). - Operator config: ~15 env vars removed, several renamed (notably the
SLASH_*family), and diverging from network-consensus values now fails startup.aztec start --archiver/--pxeflags removed (both are embedded in the node). - aztec.js / PXE:
estimateGas/estimatedGasPaddingremoved andgetGasLimitsmoved to@aztec/wallet-sdk;AccountWithSecretKeyremoved;pxe.updateContractremoved andregisterContractno longer takes an artifact;DeployMethod.send()always returns{ contract, receipt, instance };TxReceiptis no longer a class. - Aztec.nr:
messages::message_delivery→messages::deliverywith constructor-styleMessageDeliverymodes;PrivateContextfields accessor-only;consume_l1_to_l2_messagesecrets as arrays;push_nullifier→push_nullifier_unsafe;emit_private_log_unsafe/emit_raw_note_log_unsafetakeBoundedVec;MessageContext→ResolvedTx;for_eachiterates in order; standard-contract address constants renamed (STANDARD_*); hand-definedsync_statefunctions must move toAztecConfig::custom_sync_state(#23446). - L1 contracts: Empire slashing model removed — only the (renamed)
SlashingProposerremains, andslasherFlavorbecomesslasherEnabled(#21830);setSlasherreplaced by a queue/cancel/finalize flow with a 60-day delay; escape hatch is set-once; the rewards-claimable gate and "ignition" bootstrap phase are removed (a v5 rollup accepts transactions and pays rewards from genesis);RewardDistributorreworked around earmarked funding (#15991);IOutbox/IRollupABIs changed as above. - Databases: archiver and PXE stores auto-wipe on version mismatch; HA-signer Postgres requires a manual
aztec migrate-ha-db upbefore first start.
Security hardening
Six themes, the result of internal and external audit work across the release cycle:
- P2P network hardening — stricter validation, framing, and size bounds on gossip and req/resp traffic (ENR fields, message IDs, declared bytecode lengths, response buffering, per-stream rate limiting), closing malformed-input crash and resource-exhaustion vectors (#24214, #24215, #24552, #24553).
- Consensus and proposer integrity — proposals are validated and bounded at propose time (out-of-range header fields rejected, checkpoint size limits enforced, attestations and archive roots verified before use), with slashing extended to cover violations (#24041, #24247, #24229).
- Proving and fee soundness — epoch-proof fee accounting is committed to attested checkpoint headers and re-verified on L1, so even a hypothetically unsound proof verifier could not be leveraged to forge fee recipients or amounts (#24190).
- Validator and HA-signer safety — the high-availability signing path now fails closed on persistence gaps, races, and misconfiguration that could previously open a path to double-signing (#24556, #24565).
- Kernel and note-handling soundness — circuit-level audit fixes bound and validate private-log squashing and nullifier injection so adversarial inputs cannot produce a valid proof of an invalid state transition, complemented by ZK-masking fixes in the ECCVM and new domain separators on protocol hashes.
- Input-validation hardening in client and tooling surfaces — schema validation on CLI-supplied artifacts, single-block-pinned L1 reads, and bounds checks on externally supplied buffers and counts (#23919, #23920, #23921).
Technical appendix
Node software
- Checkpoint-based proposer pipelining replaces per-slot block building; the sequencer proposes for slot N during N-1 and the non-pipelined path is deleted (#23665, #23821, #23809, #23776, #24031). The sequencer-client README was rewritten to document the new design.
- Prover node redesign: per-checkpoint provers, session manager, and a proof-publishing service supporting optimistic (checkpoint-level) epoch proving and superseded early-finish submissions (#23552, #24436, #24216, #24051); prover RPC moved to the admin endpoint with a new
aztec proverCLI (#24189); aborted proving jobs are revivable instead of permanently cached as failed (#24578). - New batched Chonk proof verification: a persistent native
bbprocess batches IPA verification into a single SRS MSM with out-of-order result delivery and per-proof bisection on batch failure. - Network-wide consensus config enforcement with
ALLOW_OVERRIDING_NETWORK_CONFIGescape hatch, plus startup cross-checks against the L1 rollup contract (#23977). - JSON-RPC:
aztec_*/aztecAdmin_*/aztecDebug_*namespaces (#23909); unifiedgetBlock/getCheckpointAPI with typed include-options; log retrieval consolidated to two tag-based methods; tx lookups proofless by default (#23827);getCheckpoint('proposed')semantics tightened. - Robustness: world-state queries resolve to concrete (number, hash) pairs and fail closed on sync/fork mismatch (#24563); event-triggered archiver sync cuts block-propagation latency inside the node with polling as fallback (#24317); sequencer start/stop is idempotent, fixing a silent publish-stall after restarts (#24475); auto-shutdown on incompatible canonical rollup upgrades (#24269).
- Slashing watchers: AZIP-7 data withholding, checkpoint equivocation, broadcasted-invalid-proposal, and oversized-checkpoint offenses (#24041); peer bans persist across restarts (#23922); finalized txs retained for a configurable margin (#24329).
- The legacy TypeScript
merkle-treepackage was removed, superseded by the native world-state implementation.
PXE / aztec.js
- Key management: signing-key-rooted derivation, privacy keys passable/retrievable explicitly, message-signing and fallback keys held as public keys only (#24439, #24416, #24451); initializerless Schnorr accounts (#23973, #23962).
- Contract-class tracking is dynamic (node-resolved with a cache);
registerContractClass/registerContractsplit (#24282). - Tagging/note discovery rewritten on
FactStoreandTaggingSecretSource(#24369, #24280); non-interactive handshake by default for external recipients (#24387); wallet-resolvable tagging strategy hook (#24040). - Storage: SQLite as the default backend everywhere; browser moves to SQLite-OPFS (#24179).
- API surface: cursor-paginated
getPublicEvents(#24324);getTxReceiptlifecycle union (#23660); node-side L2→L1 witnesses (#23646, #24207); gas admission-limit validation and gas-API reshuffle (#23947);AztecAddressUnsaferenames (#24230);simulate()overridesandfastForwardContractUpdate;resolveCustomRequestoracle hook (#24409). - Tooling: TXE oracle server bundled with esbuild and parallelized over a worker-thread pool sharing one contract-class store;
aztec-walletaccounts rooted on--signing-key; L1 deposit helpers use a 2x gas buffer to survive estimation variance (#24607);aztec-upno longer leaks ~40 transitive npm bins ontoPATH(only the seven@aztec/*bins are exposed);@aztec/wallet-sdkintegration README.
aztec.nr
messages::deliverymodule: builder-basedMessageDeliverywith offchain / onchain-unconstrained / onchain-constrained modes and.with_sender(...)(#23875, #23866, #24312, #24432); handshake registry standard contract with interactive and non-interactive flows (#24473, #24522, #23806).factsprimitive with retractable/non-retractable records and reorg-safe pruning (#24139, #24289); partial notes as an explicit FSM onFactStore(#24369); discovered handshakes persisted as facts (#24483).TransientArray/TransientValue, built on a sharedUnconstrainedArrayabstraction withEphemeralArrayandCapsuleArray(#23576, #23982).PrivateContextaccessor-only API with newget_side_effect_counter()/is_static_call()getters (#24417);push_nullifier_unsaferename;consume_l1_to_l2_messagegeneric over secret length (#24599);AztecConfig::custom_sync_statehook including full opt-out for stateless contracts (#23446);msg_senderin cross-contract utility calls;MessageContext→ResolvedTx;LogRetrievalRequestgainssource/from_block/to_blockfilters.- Public dispatch codegen deduplicates argument unpacking across same-signature public functions (#23464).
- Standard-contract reorg: protocol contracts compacted to addresses 1–3;
auth_registry,public_checks,multi_call_entrypointbecome standard contracts withSTANDARD_*address constants and a v4-style pin-build mechanism (#23262);public_checkshelpers moved intoaztec-nrproper. compute_note_hash_for_nullificationmade unconstrained (the constrained path forHintedNotewas unsound; usecompute_confirmed_note_hash_for_nullificationfor the constrained case); standard note-hash preimage order changed (storage slot first) for easier domain separation.
Cryptography / bb / circuits / AVM
- Client-side (Chonk) proving is 2.0–2.5x faster than v4 — the HyperNova kernel-folding reductions below, faster Poseidon2 (the Mega-arithmetized permutation drops from 73 to 27 gates), and MSM/allocator gains compound across the client proving stack; client proofs are also smaller and cheaper to move.
- Circuit-size reductions (pinned constants, asserted against real built circuits). Server-side (network provers): the root rollup 12,998,775 → 6,351,528 gates (-51%) and in-rollup Chonk-proof verification 2,395,106 → 1,368,123 gates (-43%), speeding up network proving and lowering prover memory. (The L1 verification-gas savings are separate — they come from the Solidity Honk verifier optimization, not these circuit-size changes.) Client-side (the user's HyperNova kernels): folding costs down 43–45% (init 24,226 → 13,877; inner 57,418 → 31,289; tail 31,295 → 17,421); the hiding kernel rose 34,341 → 38,940 (+13%), reflecting the proof-compression and masking logic added to that circuit.
- Chonk (the client IVC scheme, present since v4) received a substantial optimization and hardening pass, including a new
BatchedHonkTranslatorthat batches the hiding kernel's and translator's sumcheck and opening proofs into one joint reduction, eliminating two independent Honk proofs from the final stack. - Chonk proof compression in bb.js: point compression + u256 encoding shrink per-transaction proof serialization from ~52KB (1,632 field elements) to ~35KB (#21065); G1 SRS downloads move to a compressed 32-bytes-per-point format, halving prover bootstrap downloads (#21112).
- Multi-scalar multiplication (Pippenger) fully rewritten: round-parallel scheduling, GLV splitting, signed-Booth SIMD recoding, duplicate-scalar dedup, and batch-affine bucket reduction (#23691 among others). Note: the legacy MSM remains the default in v5.0.0; the new path is opt-in via
BB_MSM_NEW(orlegacyMsm: falsein TS). - ECDSA secp256r1 verification circuit reduced 72,313 → 45,945 gates (~36%); ECCVM recursive verifier grew modestly (224,223 → 234,059, +4.4%) as the bounded cost of audit-driven ZK-masking fixes.
- New gas-optimized ZK-Honk Solidity verifier template alongside the existing non-ZK optimized verifier, cutting on-L1 epoch-proof verification gas from ~3.6M to ~2M (~44% less).
- New
acir_components_checkstatic-analysis tool flags disconnected or unconstrained witnesses by comparing ACIR-side and circuit-side connectivity — targeting the under-constrained-witness bug class. - AVM: the in-memory trace container was rewritten lock-free (sharded columns behind atomic pointers), and Shplemini polynomial batching is parallelized across cores — both prover-throughput wins. New in-process
bbapientry points (avm_prove_from_bytesetc.) with per-stage timing stats. Circuit-soundness fix: MSM terms with a zero scalar now still validate the point is on-curve. EC points in AVM bytecode drop the explicitis_infiniteoperand ((0,0) is infinity). The AVM opcode set itself is unchanged from v4.4.0.
Security
- The six hardening themes above (P2P, consensus/proposer, proving/fees, validator/HA-signer, kernel/note soundness, input validation) span the node, the L1 contracts, and the circuits; the rc.2 notes carry the itemized operator-facing subset.
- Defense-in-depth on L1: checkpoint header fields validated as canonical BN254 field elements at propose time and genesis; epoch-proof fees derived from attested, re-verified headers (#24190); proving-cost fee parameter rate-limited (bounded step per 30-day cooldown) so a single governance action or compromised key cannot spike the fee model; staking-queue and reward-booster configs validated against deposit-trapping and double-claim edge cases.
- Release AVM builds strip internal column/subrelation names; gossipsub message IDs are length-framed; response buffering and per-stream rates are capped in req/resp.
Network / L1 contracts
- EIP-712 typed proposal/attestation signing under the "Aztec Rollup" domain (#22531); checkpoint header fields validated as canonical field elements at propose time. (The block→checkpoint rename on L1 landed in 2025 and is not a v5 change.)
submitEpochRootProoftakesProposedHeader[]; L1 rehashes and verifies each against stored hashes before deriving fees (#24190); Outbox partial-epoch proofs (#14342).- Governance safety: slasher replacement queued behind a 60-day delay with a 30-day legacy drain window, and validator exit delay capped so exits never outlast the rotation window; escape hatch set-once and validated against its rollup;
setLocalEjectionThresholdremoved (construction-time only). - Rewards: claimability gate and ignition phase deleted — transactions and rewards from genesis;
RewardConfigsplit into immutable (distributor, booster) and mutable (sequencerBps,checkpointReward) parts;RewardDistributorsupports earmarked per-recipient funding and constrained recovery paths (#15991). - Slashing: Empire model removed,
TallySlashingProposerrenamedSlashingProposer(#21830); offense catalog reworked with AZIP-7 data-withholding coverage (#23468, #23436, #23116, #23494). V5UpgradePayloadis the one-shot governance proposal (AZUP-2) that moves a live network from v4 to v5: drains the v4 reward distributor into the v5 one, migrates the flush incentive into a v5-boundFlushRewarder, makes the v5 rollup canonical, registers it with the GSE so attesters follow without redepositing, and activates the escape hatch (#23752).- Deployment infra: first Ethereum-mainnet environment in spartan (chain id 1, with a WAF policy on the public RPC ingress); KEDA-based prover-agent autoscaling on queue depth, including scale-to-zero (#23554, #23553); validator publisher keys allocated per replica with a schema-v2 keystore format (custom keystore tooling must migrate).
Reference
- v5.0.0-rc.1 release notes — first (testnet-only) release candidate.
- v5.0.0-rc.2 release notes — hardening and operability fixes since rc.1.
- v5 node migration guide — the operator-facing cutover runbook (RPC renames, env-var churn, database migrations, grace period).
- Migration notes — the complete per-change migration reference for contract and wallet developers.
- AZUP-2 governance proposal — the on-chain upgrade that activates v5 on the live network (upgrade payload, canonical rollup, reward migration, and network parameters).