According to @deanmlittle, a bug in the LLVM compiler introduced a vulnerability in an Aave contract deployed on ZKsync that could have enabled theft of user funds if it had not been discovered by security researchers first, source: https://x.com/deanmlittle/status/2012707916961415676. Certora’s technical disclosure details how the LLVM bug led to unsafe contract code on ZKsync and documents the exploitability of the affected deployment, establishing a verified security risk rather than a theoretical concern, source: https://www.certora.com/blog/llvm-bug. For trading decisions, this verified disclosure creates headline and operational risk around AAVE and ZKsync ecosystem exposure until official mitigations are confirmed, so monitoring the Certora report and subsequent project updates is prudent, source: https://www.certora.com/blog/llvm-bug. The incident underscores compiler-level attack surface in DeFi and highlights the need to verify compiler toolchains when assessing protocol risk on alternative execution environments like ZKsync, source: https://www.certora.com/blog/llvm-bug.