AztecProtocol · Thunkar · Apr 13, 2026 · Apr 11, 2026 · Apr 11, 2026 · Feb 20, 2026
diff --git a/avm-transpiler/Cargo.lock b/avm-transpiler/Cargo.lock
diff --git a/barretenberg/acir_tests/bootstrap.sh b/barretenberg/acir_tests/bootstrap.sh
@@ -108,9 +108,6 @@ function build {
     rm -rf acir_tests/{diamond_deps_0,workspace,workspace_default_member,regression_7323}
     # These use folding, which is not currently supported.
     rm -rf acir_tests/{fold_call_witness_condition,fold_after_inlined_calls,fold_complex_outputs,fold_basic_nested_call,fold_numeric_generic_poseidon,fold_fibonacci,fold_basic,fold_2_to_17,fold_distinct_return}
-    # These are breaking with:
-    # Failed to solve program: 'Failed to solve blackbox function: embedded_curve_add, reason: Infinite input: embedded_curve_add(infinity, infinity)'
-    rm -rf acir_tests/{regression_5045,regression_7744}
     # The following test fails because it uses CallData/ReturnData with UltraBuilder, which is not supported
     rm -rf acir_tests/{regression_7612,regression_7143,databus_composite_calldata,databus_two_calldata_simple,databus_two_calldata,databus}
     # Mark tests that are expected to fail with a failing_ prefix.

@@ -165,9 +165,9 @@ namespace constants;
     pol UPDATES_DELAYED_PUBLIC_MUTABLE_METADATA_BIT_SIZE = 144;
     pol GRUMPKIN_ONE_X = 1;
     pol GRUMPKIN_ONE_Y = 17631683881184975370165255887551781615748388533673675138860;
-    pol DOM_SEP__NOTE_HASH_NONCE = 1721808740;
-    pol DOM_SEP__UNIQUE_NOTE_HASH = 226850429;
     pol DOM_SEP__SILOED_NOTE_HASH = 3361878420;
+    pol DOM_SEP__UNIQUE_NOTE_HASH = 226850429;
+    pol DOM_SEP__NOTE_HASH_NONCE = 1721808740;
     pol DOM_SEP__SILOED_NULLIFIER = 57496191;
     pol DOM_SEP__PUBLIC_LEAF_SLOT = 1247650290;
     pol DOM_SEP__PUBLIC_STORAGE_MAP_SLOT = 4015149901;

@@ -257,9 +257,9 @@
 #define UPDATES_DELAYED_PUBLIC_MUTABLE_VALUES_LEN 3
 #define UPDATES_DELAYED_PUBLIC_MUTABLE_METADATA_BIT_SIZE 144
 #define DEFAULT_MAX_DEBUG_LOG_MEMORY_READS 125000
-#define DOM_SEP__NOTE_HASH_NONCE 1721808740UL
-#define DOM_SEP__UNIQUE_NOTE_HASH 226850429UL
 #define DOM_SEP__SILOED_NOTE_HASH 3361878420UL
+#define DOM_SEP__UNIQUE_NOTE_HASH 226850429UL
+#define DOM_SEP__NOTE_HASH_NONCE 1721808740UL
 #define DOM_SEP__SILOED_NULLIFIER 57496191UL
 #define DOM_SEP__PUBLIC_LEAF_SLOT 1247650290UL
 #define DOM_SEP__PUBLIC_STORAGE_MAP_SLOT 4015149901UL

@@ -18,9 +18,9 @@ void note_hash_tree_checkImpl<FF_>::accumulate(ContainerOverSubrelations& evals,
     const auto constants_NOTE_HASH_TREE_HEIGHT = FF(42);
     const auto constants_AVM_PUBLIC_INPUTS_PREVIOUS_NON_REVERTIBLE_ACCUMULATED_DATA_NULLIFIERS_ROW_IDX = FF(169);
     const auto constants_AVM_PUBLIC_INPUTS_AVM_ACCUMULATED_DATA_NOTE_HASHES_ROW_IDX = FF(386);
-    const auto constants_DOM_SEP__NOTE_HASH_NONCE = FF(1721808740);
-    const auto constants_DOM_SEP__UNIQUE_NOTE_HASH = FF(226850429);
     const auto constants_DOM_SEP__SILOED_NOTE_HASH = FF(3361878420UL);
+    const auto constants_DOM_SEP__UNIQUE_NOTE_HASH = FF(226850429);
+    const auto constants_DOM_SEP__NOTE_HASH_NONCE = FF(1721808740);
     const auto note_hash_tree_check_READ = (FF(1) - in.get(C::note_hash_tree_check_write));
     const auto note_hash_tree_check_PREV_LEAF_VALUE_UNIQUE_NOTE_HASH_DIFF =
         (in.get(C::note_hash_tree_check_prev_leaf_value) - in.get(C::note_hash_tree_check_unique_note_hash));

@@ -21,7 +21,7 @@ pub contract NFTPunk {
     struct Storage<Context> {
         admin: PublicImmutable<AztecAddress, Context>,
         minter: PublicImmutable<AztecAddress, Context>,
-        nfts: Map<Field, DelayedPublicMutable<bool, 2, Context>, Context>,
+        nfts: Map<Field, DelayedPublicMutable<bool, 2u64, Context>, Context>,
         owners: Owned<PrivateSet<NFTNote, Context>, Context>,
     }
     #[external("public")]

@@ -7,4 +7,4 @@ type = "lib"
 [dependencies]
 protocol_types = { path = "../../noir-protocol-circuits/crates/types" }
 sha256 = { tag = "v0.3.0", git = "https://github.com/noir-lang/sha256" }
-poseidon = { tag = "v0.2.3", git = "https://github.com/noir-lang/poseidon" }
+poseidon = { tag = "v0.3.0", git = "https://github.com/noir-lang/poseidon" }
@@ -1121,7 +1121,7 @@ impl PrivateContext {
         args_hash: Field,
         is_static_call: bool,
     ) -> ReturnsHash {
-        let mut is_static_call = is_static_call | self.inputs.call_context.is_static_call;
+        let is_static_call = is_static_call | self.inputs.call_context.is_static_call;
         let start_side_effect_counter = self.side_effect_counter;
 
         // Safety: The oracle simulates the private call and returns the value of the side effects counter after
@@ -1288,7 +1288,7 @@ impl PrivateContext {
     ) {
         let counter = self.next_counter();
 
-        let mut is_static_call = is_static_call | self.inputs.call_context.is_static_call;
+        let is_static_call = is_static_call | self.inputs.call_context.is_static_call;
 
         assert_valid_public_call_data(calldata_hash);
 

@@ -131,7 +131,9 @@ impl PublicContext {
     ///
     pub fn note_hash_exists(_self: Self, note_hash: Field, leaf_index: u64) -> bool {
         // Safety: AVM opcodes are constrained by the AVM itself
-        unsafe { avm::note_hash_exists(note_hash, leaf_index) } == 1
+        unsafe {
+            avm::note_hash_exists(note_hash, leaf_index)
+        }
     }
 
     /// Checks if a specific L1-to-L2 message exists in the L1-to-L2 message tree at a particular leaf index.
@@ -153,7 +155,9 @@ impl PublicContext {
     ///
     pub fn l1_to_l2_msg_exists(_self: Self, msg_hash: Field, msg_leaf_index: Field) -> bool {
         // Safety: AVM opcodes are constrained by the AVM itself TODO(alvaro): Make l1l2msg leaf index a u64 upstream
-        unsafe { avm::l1_to_l2_msg_exists(msg_hash, msg_leaf_index as u64) } == 1
+        unsafe {
+            avm::l1_to_l2_msg_exists(msg_hash, msg_leaf_index as u64)
+        }
     }
 
     /// Returns `true` if an `unsiloed_nullifier` has been emitted by `contract_address`.
@@ -204,7 +208,9 @@ impl PublicContext {
     pub fn nullifier_exists_unsafe(_self: Self, unsiloed_nullifier: Field, contract_address: AztecAddress) -> bool {
         let siloed_nullifier = compute_siloed_nullifier(contract_address, unsiloed_nullifier);
         // Safety: AVM opcodes are constrained by the AVM itself
-        unsafe { avm::nullifier_exists(siloed_nullifier) } == 1
+        unsafe {
+            avm::nullifier_exists(siloed_nullifier)
+        }
     }
 
     /// Consumes a message sent from Ethereum (L1) to Aztec (L2) -- effectively marking it as "read".
@@ -662,7 +668,9 @@ impl PublicContext {
     ///
     pub fn is_static_call(_self: Self) -> bool {
         // Safety: AVM opcodes are constrained by the AVM itself
-        unsafe { avm::is_static_call() } == 1
+        unsafe {
+            avm::is_static_call()
+        }
     }
 
     /// Reads raw field values from public storage. Reads N consecutive storage slots starting from the given slot.

@@ -16,7 +16,7 @@ pub(crate) unconstrained fn create_note() -> (TestEnvironment, HintedNote<MockNo
     let note_owner = env.create_light_account();
 
     let note_message = env.private_context(|context| {
-        let mut mock_note = MockNote::new(69);
+        let mock_note = MockNote::new(69);
 
         lifecycle_create_note(
             context,

@@ -19,7 +19,9 @@ use std::{embedded_curve_ops::multi_scalar_mul, ops::Neg};
 ///
 /// See also: https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman
 pub fn derive_ecdh_shared_secret(secret: Scalar, public_key: Point) -> Point {
-    multi_scalar_mul([public_key], [secret])
+    // TODO(F-553): Drop the `.to_embedded()` / `.into()` round-trip once the custom `Point` wrapper is removed and we
+    // use `EmbeddedCurvePoint` directly.
+    multi_scalar_mul([public_key.to_embedded()], [secret]).into()
 }
 
 /// Computes an app-siloed shared secret from a raw ECDH shared secret point and a contract address.
@@ -76,8 +78,8 @@ unconstrained fn test_shared_secret_computation_in_both_directions() {
     let secret_a = Scalar { lo: 0x1234, hi: 0x2345 };
     let secret_b = Scalar { lo: 0x3456, hi: 0x4567 };
 
-    let pk_a = std::embedded_curve_ops::fixed_base_scalar_mul(secret_a);
-    let pk_b = std::embedded_curve_ops::fixed_base_scalar_mul(secret_b);
+    let pk_a: Point = std::embedded_curve_ops::fixed_base_scalar_mul(secret_a).into();
+    let pk_b: Point = std::embedded_curve_ops::fixed_base_scalar_mul(secret_b).into();
 
     let shared_secret = derive_ecdh_shared_secret(secret_a, pk_b);
     let shared_secret_alt = derive_ecdh_shared_secret(secret_b, pk_a);
@@ -90,8 +92,8 @@ unconstrained fn test_shared_secret_computation_from_address_in_both_directions(
     let secret_a = Scalar { lo: 0x1234, hi: 0x2345 };
     let secret_b = Scalar { lo: 0x3456, hi: 0x4567 };
 
-    let mut pk_a = std::embedded_curve_ops::fixed_base_scalar_mul(secret_a);
-    let mut pk_b = std::embedded_curve_ops::fixed_base_scalar_mul(secret_b);
+    let mut pk_a: Point = std::embedded_curve_ops::fixed_base_scalar_mul(secret_a).into();
+    let mut pk_b: Point = std::embedded_curve_ops::fixed_base_scalar_mul(secret_b).into();
 
     let address_b = AztecAddress::from_field(pk_b.x);
 
@@ -118,7 +120,7 @@ unconstrained fn test_shared_secret_computation_from_address_in_both_directions(
 #[test]
 unconstrained fn test_app_siloed_shared_secret_differs_per_contract() {
     let secret_a = Scalar { lo: 0x1234, hi: 0x2345 };
-    let pk_b = std::embedded_curve_ops::fixed_base_scalar_mul(Scalar { lo: 0x3456, hi: 0x4567 });
+    let pk_b: Point = std::embedded_curve_ops::fixed_base_scalar_mul(Scalar { lo: 0x3456, hi: 0x4567 }).into();
 
     let shared_secret = derive_ecdh_shared_secret(secret_a, pk_b);
 

@@ -17,7 +17,9 @@ pub fn generate_ephemeral_key_pair() -> (Scalar, Point) {
     // TODO(#12757): compute the key pair without constraining eph_sk twice (once in from_field, once in the black box
     // called by fixed_base_scalar_mul).
     let eph_sk = EmbeddedCurveScalar::from_field(randomness);
-    let eph_pk = fixed_base_scalar_mul(eph_sk);
+    // TODO(F-553): Drop the `.into()` once the custom `Point` wrapper is removed and we use `EmbeddedCurvePoint`
+    // directly. Applies to the other `fixed_base_scalar_mul(...).into()` call sites in this file as well.
+    let eph_pk: Point = fixed_base_scalar_mul(eph_sk).into();
 
     (eph_sk, eph_pk)
 }
@@ -35,7 +37,7 @@ pub fn generate_positive_ephemeral_key_pair() -> (Scalar, Point) {
     // anyway, and so the recipient already trusts them to not disclose this information. We can therefore assume that
     // the sender will cooperate in the random value generation.
     let eph_sk = unsafe { generate_secret_key_for_positive_public_key() };
-    let eph_pk = fixed_base_scalar_mul(eph_sk);
+    let eph_pk: Point = fixed_base_scalar_mul(eph_sk).into();
 
     assert(get_sign_of_point(eph_pk), "Got an ephemeral public key with a negative y coordinate");
 
@@ -51,7 +53,7 @@ unconstrained fn generate_secret_key_for_positive_public_key() -> EmbeddedCurveS
 
         // @todo Need to draw randomness from the full domain of Fq not only Fr
         sk = EmbeddedCurveScalar::from_field(random());
-        let pk = fixed_base_scalar_mul(sk);
+        let pk: Point = fixed_base_scalar_mul(sk).into();
         if get_sign_of_point(pk) {
             break;
         }

@@ -65,9 +65,8 @@ comptime fn generate_contract_library_method_compute_note_hash() -> Quoted {
     } else {
         // Contracts that do define notes produce an if-else chain where `note_type_id` is matched against the
         // `get_note_type_id()` function of each note type that we know of, in order to identify the note type. Once we
-        // know it we call the correct `unpack` method from the `Packable` trait to obtain the underlying note type,
-        // and
-        // compute the note hash (non-siloed).
+        // know it we call the correct `unpack` method from the `Packable` trait to obtain the underlying
+        // note type, and compute the note hash (non-siloed).
 
         // We resolve the log format calls here so that the resulting Quoted values can be spliced into the quote
         // block below.
@@ -175,9 +174,8 @@ comptime fn generate_contract_library_method_compute_note_nullifier() -> Quoted
     } else {
         // Contracts that do define notes produce an if-else chain where `note_type_id` is matched against the
         // `get_note_type_id()` function of each note type that we know of, in order to identify the note type. Once we
-        // know it we call the correct `unpack` method from the `Packable` trait to obtain the underlying note type,
-        // and
-        // compute the inner nullifier (non-siloed).
+        // know it we call the correct `unpack` method from the `Packable` trait to obtain the underlying
+        // note type, and compute the inner nullifier (non-siloed).
 
         // We resolve the log format calls here so that the resulting Quoted values can be spliced into the quote
         // block below.

@@ -57,7 +57,7 @@ pub comptime fn event(s: TypeDefinition) -> Quoted {
 
     let serialize_impl = derive_serialize_if_not_implemented(s);
 
-    s.add_attribute("abi(events)");
+    s.add_abi("events");
 
     quote {
         $event_interface_impl

@@ -116,9 +116,9 @@ pub fn assert_is_initialized_private(context: &mut PrivateContext) {
 
 /// Asserts that the contract has been initialized, from a utility function's perspective.
 ///
-/// Only checks the private initialization nullifier in the settled nullifier tree. Since both nullifiers are emitted
-/// in the same transaction, the private nullifier's presence in settled state guarantees the public one is also
-/// settled.
+/// Only checks the private initialization nullifier in the settled nullifier tree. Since both nullifiers are
+/// emitted in the same transaction, the private nullifier's presence in settled state guarantees the public one
+/// is also settled.
 pub unconstrained fn assert_is_initialized_utility(context: UtilityContext) {
     let address = context.this_address();
     let instance = get_contract_instance(address);

@@ -137,8 +137,8 @@ pub comptime fn noinitcheck(f: FunctionDefinition) {
     }
 }
 
-/// An `allow_phase_change` function will allow transitioning from the non-revertible to the revertible phase during
-/// its execution.
+/// An `allow_phase_change` function will allow transitioning from the non-revertible to the revertible phase
+/// during its execution.
 ///
 /// This is an advanced feature that is typically only required for account contract entrypoints that handle
 /// transaction fee payment.
@@ -245,8 +245,6 @@ pub comptime fn only_self(f: FunctionDefinition) {
             f"The #[only_self] attribute can only be applied to #[external(\"private\")] or #[external(\"public\")] functions - {name} is neither",
         );
     }
-
-    f.add_attribute("noinitcheck");
 }
 
 /// View functions cannot modify state in any way, including performing contract calls that would in turn modify state.

@@ -25,25 +25,10 @@ comptime fn make_functions_uncallable<let N: u32>(functions: [FunctionDefinition
         // directly and a std::mem::zeroed() to make the compilation fail on the static_assert and not on a missing
         // return value.
         let error_message = f"{error_message_template}{name}. See https://docs.aztec.network/errors/6";
-        let body = f"{{ std::static_assert(false, \"{error_message}\"); std::mem::zeroed() }}".quoted_contents();
-        let body_expr = body.as_expr().expect(f"Body is not an expression: {body}");
 
-        // Prefix all parameter names with "_" to suppress unused variable warnings
-        let params = function.parameters();
-        let prefixed_params = params.map(|(param_name, param_type)| {
-            let prefixed_name = f"_{param_name}".quoted_contents();
-            (prefixed_name, param_type)
-        });
-
-        function.set_body(body_expr);
-        function.set_parameters(prefixed_params);
-        // We need to add the `contract_library_method` attribute to the function to prevent this function from being
-        // compiled as an entrypoint function (function that's compiled as its own circuit).
-        function.add_attribute("contract_library_method");
-
-        // Contract functions need to have a public return type so we mark it as such to avoid undesired compilation
-        // errors.
-        function.set_return_public(true);
+        // Disabling the function also adds a `contract_library_method` attribute to the function to prevent this
+        // function from being compiled as an entrypoint function (function that's compiled as its own circuit).
+        function.disable(error_message);
     });
 }
 

@@ -30,7 +30,9 @@ pub(crate) comptime fn is_fn_initializer(f: FunctionDefinition) -> bool {
 }
 
 pub(crate) comptime fn fn_has_noinitcheck(f: FunctionDefinition) -> bool {
-    f.has_named_attribute("noinitcheck")
+    // #[only_self] functions automatically skip the initialization check as the check is assumed to be done by the
+    // calling external function or explicitly skipped. See only_self function docs for more details.
+    f.has_named_attribute("noinitcheck") | is_fn_only_self(f)
 }
 
 pub(crate) comptime fn fn_has_allow_phase_change(f: FunctionDefinition) -> bool {