Aggregated proof verification works in Rust but not EVM

[leonardoalt]

I haven't found an easy way to reproduce this (except for running powdr itself), but wanted to ask anyway in case someone sees something obvious that I'm missing.

I'm creating first a SNARK with PoseidonTranscript and Native Loader, then running the aggregation circuit (copied from the example with accumulators from this repo), to get a SNARK with EVMTranscript. I'm using the same params (size 22) for both, downsized accordingly for the app SNARK, whose circuit is auto-generated from a powdr-PIL circuit. The PoseidonTranscript proof works fine and is verified properly.

The aggr part is done here: https://github.com/powdr-labs/powdr/blob/single-snark-halo2/halo2/src/prover.rs#L309. The verification call after proof generation works fine. However, the EVM call right after fails. It computes the entire verification function, and fails at the end because success is not 1. The app SNARK does not have any publics.

Has anyone seen anything similar before? Is there an easy way to check that the contract is indeed verifying the same verification key that I have exported?

Thanks in advance!