Week 73 — Ethereum’s ACDC Call #136, Solana’s ZK Compression, Polygon’s PIP-42 & Sportsbet’s $3.5M Hack
GM! Buidlers
In this latest issue of HashingBits, we’re diving deep into Ethereum’s Core Developers meetings, covering all the major updates in the Ethereum ecosystem. But that’s not all — we’ll explore the latest happenings in the Blast, Polygon, and Solana ecosystems, along with recent advancements in the AI & Web3 space. For developers, we’re highlighting new tools designed to assist smart contract developers and auditors. And, of course, we’ll delve into the headlines about Sportsbet’s $3.5M hack and Farcana’s wallet compromise.
EtherScope: Core Developments 👨💻
- Summary of All Code Devs — Consensus (ACDC) call #136
- Rainbow WalIet Introduces ETH Rewards Program
- Aave Community Backs Lido Alliance, Greenlighting stETH-Focused V3 Deployment
- Vitalik Buterin and Noah Smith on using blockchain to subvert authoritarian regimes
- EigenLayer Internalized in Ethereum Protocol?
- Tether discontinues support for Algorand and EOS
- Future of EOA/AA breakout #5: EIP7702 delegation designation proposal to be merged next week
- EIP7594 PeerDAS: peerdas-devnet-1 launched with 3 consensus layer clients
- PeerDAS breakout #2: passing max blobs per block is preferred solution for decoupling layers
Layer1 & Layer2
- Paradigm urges ESMA to reconsider stance toward MEV
- Zerion deploys L2 Testnet
- EF Protocol Security Research team explainer of what they do
- Vitalik Buterin backs new blockchain MegaETH
- Renzo introduced pzETH in collaboration with Symbiotic and Mellow.
- QiDao launched MAI on Morpho (mMAI) on Base. mMAI generates yield from usage fees on Morpho.
- Dydx introduced in-app staking. Users can now stake and unstake DYDX and earn USDC staking rewards using the dydx.trade interface.
- Origin DAO proposed a merger of primeETH into YieldNest ynLSD.
- Optimism Fjord upgrade will go live on the OP Mainnet on July 10th at 16:00:01 UTC.
- Scroll unveils Curie, its next major protocol upgrade scheduled for July 3rd.
- Linea Mainnet Alpha v3.2 is live
- DIN has expanded its failover protection to include multiple networks
- Gossipsub performance, recommends reducing concurrent IWANT messages sent & lowering heartbeat frequency
- EF Protocol Security Research team explained what they do
- Arbitrum Timeboost proposed, auction for express transaction submission (non-express transactions have a short delay), proceeds will either be in ARB (burnt) or ETH (collected)
- Flashbots: MEV on L2s
- Offchain Labs BlobWatcher: monitor transaction pool for blob transactions
- Blast phase 1 airdrop, goes in at $2B FDV
- L2Beat ZK Catalog: code verification of onchain ZK verifiers
- Hyperlane’s EigenLayer AVS Explained
ERCs
- ERC-7729: Token with Metadata
- ERC-7730: Structured Data Clear Signing Format
EIPs
- EIP-7727: EVM Transaction Bundles
RIPs
EcoExpansions: Beyond Ethereum 🚀
Solana
- VanEck filed a registration statement for a spot SOL ETF, becoming the first firm to file for a potential solana ETF in the US.
- Solana Foundation Launches New Developer Tooling To Promote Mainstream Adoption
- Solana’s ‘ZK Compression’ Scaling Solution Ignites Controversy
- Solana launches Blockchain Links
- Asynchronous Program Execution (APE) in Solana
- A look into State of Solana DePIN 2024
Blast
- Blast introduces Blast Foundation.
- Blast Phase 1 Claim is live now
- Juice, a Blast-based cross-margin lending protocol, launched Juice Pro.
- Blast Airdrop Phase 2 now begins
- Blast introduced Governance & Progress Council Proposal 1
Polygon
- Polygon Protocol Governance Call (PPGC) #21
- PIP-42: Polygon 2.0 — Upgrade PoS Staking to Use POL
- A Deep Dive into Polygon POS
- Nodekit teamed up with Polygon by bringing composability to CDK rollups and the AggLayer!
- An Ultimate Guide to the Polygon CDK
DevToolkit: Essentials & Innovations 🛠️
- MetaMask SDK has been updated to work with Wagmi
- Paradigm releases RETH 1.0
- List of crypto tools to understand onchain activity
- LiteSVM is here!
- MVP of kona, a suite of portable, no_std Rust implementations of the OP Stack rollup state transition
- Erigon v2.60.2: fixes
- Lighthouse v5.2.1: small fixes for sync & backfill
- Nimbus v24.6.0 is here
- Snekmate v0.1 (Vyper contracts): contracts made module friendly, targets Vyper v0.4.0
- Patrick Collins: guide to where EVM can read/write data
- Gas playground: browser playground for Solidity contracts, uses live state
- EVMole v0.3.5 (function selector extractor): adds Vyper support
- Cyfrin updraft: updated Solidity & Foundry courses
Hackathons, Workshops & Events
- SecureFi, a conference for whitehats and security researchers
- Main EthCC event (Immunefi booth)
- EF Next Billion cohort 4 fellows
- ETHKyiv hackathon projects
Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖
- OpenAI announces TIME partnership amid new lawsuit over copyright violations
- A Deep dive into Solana Stablecoin Volumes
- 3 months after Wormhole Airdrop: What changed?
- Metamask now supports for EIP-6963(Multi Injected Provider Discovery)
- Wormhole: The First Distributed Secure Service on Karak
- ETH Supply Chain Future
- Valantis, a new age DEX
- Execution Auctions as an Alternative to Execution Tickets
- Arbitrum DAO Staking Proposal
- What are SGX Proofs?
- Introducing Brollups
- Layer N Testnet V1.2 is live
- Pricing Gas Fee Derivatives
Articles
- Kinto: A Security-First L2
- Mapping the Blockchains Driving Asset Tokenization
- A Look at L2 MEV
- How to create a React dapp with a single React component or real-world multi-component dapp with a global state (React Context Provider) using EIP-6963.
- A Deep dive into NFT Royalties
- Abstraction to adoption
- Prediction Markets: Bottlenecks and the Next Major Unlocks
Research Papers
- Orbit SSF: solo-staking-friendly validator set management for single slot finality
- Execution Auctions superior to Execution Tickets, simpler to implement but have centralization concerns
- Towards Credential-based Device Registration in DApps for DePINs with ZKPs
- SD-BLS: Privacy Preserving Selective Disclosure and Unlinkable Revocation of Verifiable Credentials
- Assessing the Effectiveness of LLMs in Android Application Vulnerability Analysis
- Blockchain-Based Zero-Knowledge Proof of Location in IoT
Github
- A sneak peek at the source code for an upcoming workshop that features a full-stack dapp that utilizes the MetaMask SDK with Wagmi Hooks.
- ETHGlobal Brussels Hackathon Guide by MetaMask + Linea
Watch 🎥
Web3 Security Watch 🛡️
Articles
- CertiK Accused Of Front-Running Bug Bounties Through Subsidiary
- Former Certik Clients Question Security Firm’s Stronghold On Protocol Audits
- Fake Phantom wallet promoted in iOS AppStore drains users funds
- Attacker sends nearly 24,000 phishing emails derived from compromised CoinGecko third-party email platform
Research Papers
- A Context-Driven Approach for Co-Auditing Smart Contracts with The Support of GPT-4 code interpreter
- Soley: Identification and Automated Detection of Logic Vulnerabilities in Ethereum Smart Contracts Using Large Language Models
- SmartAxe: Detecting Cross-Chain Vulnerabilities in Bridge Smart Contracts via Fine-Grained Static Analysis
- Privacy-Preserving and Trustworthy Localization in an IoT Environment
- Signature phishing is the biggest problem in our industry
- Asynchronous Consensus without Trusted Setup or Public-Key Cryptography
- Update on ALEX hack incident
- A report on Honeypot detection & the state of security
Hacks and Scams 🚨
Sportsbet
Loss ~ $3.5M
- BtcTurk experiences a cyber attack affecting hot wallets of 10 cryptocurrencies.
- Most assets are stored in cold wallets; BtcTurk suspends deposits and withdrawals as a precaution.
- BtcTurk assures users that losses are covered and user assets are safe.
- On-chain detective ZachXBT identifies a similar attack on Sportsbet, resulting in a $3.5 million loss. The same hacker is suspected to be responsible for both attacks.
- The theft involves USDT and Tron’s TRX tokens.
- Odaily Planet Daily News reports the Sportsbet attack, linking it to the BtcTurk hacker.
- Both platforms are investigating the attacks and implementing security measures.
Farcana
Loss — NA
- QuillAudits reported that 23.8 million FAR tokens were taken from a wallet from the Farcana ecosystem on Polygon.
- The majority of these tokens were sold for approximately $164,000 in USDT.
- The exploiter still holds 3.4 million FAR, notionally worth $83,250 but not likely sellable for that amount.
- Farcana blockchain shooting game’s token plummets by around 60% in value.
- The project team announces that one of their project wallets has been compromised.
- Tweet is later deleted, and the team claims that one of their market makers was compromised instead.
- They emphasize that their wallets were not hacked and their smart contracts were not exploited.