Week 74: Vitalik on Faster Tx Confirmations, zkSync’s Elastic Chain, QuillAudit Reports $1.4B Lost in Hacks in the First Half of 2024, $199M in June
6 min readJul 8, 2024
Hashingbits: Your Monthly Dose of Web3 Innovation and Security
Curated by QuillAudits
GM! Buidlers
In this latest issue of HashingBits, we’re diving deep into Ethereum’s Core Developers meetings, covering all the major updates in the Ethereum ecosystem. But that’s not all — we’ll explore the latest happenings in the Sui, Aptos, Solana & zkSync ecosystems, along with recent advancements in the AI & Web3 space. For developers, we’re highlighting new tools designed to assist smart contract developers and auditors. And, of course, we’ll delve into the headlines about the QuillAudit Reports $1.4B Lost in Hacks in the First Half of 2024
EtherScope: Core Developments 👨💻
- Ways to give Ethereum users faster transaction confirmation times: Vitalik’s thoughts
- Summary of All core devs — execution (ACDE) #191.
- Summary of Verkle implementers call #20.
- A look into ePBS breakout #4.
- SEC Targets Ethereum Liquid Staking.
- What does ePBS bring to the table?
- Fork Choice Attacks and Protections in EPBS
- Fetch blobs from execution layer pool proposal, rather than wait for blobs over gossipsub
Layer1 & Layer2
- Scroll L2 launches the Curie upgrade, bringing transaction fees down by 2x!
- Aevo launches Aevo Strategies, automated trading vaults that execute sophisticated strategies on the user’s behalf!
- Aave Launches GHO Stablecoin On Arbitrum
- LayerZero Labs announced its upcoming launch on Gravity, an L1 chain by Galxe.
- Arrakis partners with Valantis to introduce HOT (Hybrid Order Type), an MEV-aware AMM
- Polkadot Community Unhappy With Heavy Treasury Spend
- Chainlink Powers NAV Data For Sygnum’s On-Chain Fidelity Fund
- Mantle Launches Incentives Campaign for its Liquid Staking Protocol
- Circle Becomes Europe’s First Compliant Stablecoin Issuer
- Fidelity, Sygnum partner with Chainlink to bring NAV data onchain
- Obol Releases Charon v1.0.0
- Blobstream Zero: A new-generation zkVM-based Blobstream Bridge
- Avalanche introduces Avalanche Interchain Token Transfer (ICTT)
- Lido DAO proposes authorizing Dolphin CL
- Introducing Restaked Interop, Powered by the Hyperlane AVS
- Shardeum: incentivized testnet Atomium is live
- Worldcoin partnering with Alchemy on building infrastructure including rollup hosting services
- Wormhole introduces Wormhole Governor V2
ERCs
- ERC-7731: Vulnerability and Exposure Identifier Specification and Indexing
- ERC7734: Decentralized identity verification (DID)
EIPs
- EIP-7733: Deactivate EIP-158
- EIP7732: Enshrined proposer-builder separation (ePBS)
- EIP7735: Gas fee sponsorship
- EIP7736: Leaf-level state expiry in verkle trees
EcoExpansions: Beyond Ethereum 🚀
Solana
- ChainGPT has now integrated Solana!
- Jupiter launches Ape, a memecoin trading platform!
- marginfi, a Solana-based lending protocol, plans to launch mrgnswap.
- A Guide to Solana Token2022 (Token Extensions)
- Monthly Solana Ecosystem Call: July 2024 Edition
zkSync
- zkSync introduced Elastic Chain
- Key design objectives of Elastic Chain
- Deep Dive into the architecture of Elastic Chain
- Space and Time becomes the ZK-proven data layer for ZKsync’s Elastic Chain ecosystem.
Sui
- Sui introduced Wave wallet
- How Closed-Loop tokens are providing builders with a higher degree of control & customization
- Sui Bridge Incentive Program Update
- A look into the State of Sui DeFi
Aptos
- Aptos introduces Aptos Connect, a self-custodial wallet that allows users to create an account with a single click using Web2 login options.
- Delegaters on Aptos has increased over 46,000
- Aptos Node v1.15.2 has been released!
- Why do builders choose Aptos over other networks?
- New features coming to Move on Aptos
- Aptos Foundation proposes deploying Aave V3 on Aptos Network
DevToolkit: Essentials & Innovations 🛠️
- EVMole — function selector and argument extractor now with Vyper support.
- snekmate v0.1.0 targeting the latest (breaking) Vyper release 0.4.0
- Geth v1.14.6: adds experimental stateless witness builder & (self) cross validator
- Foundry forge-std v1.9.0: adds cheatcodes for a uint prompt, generate a random address/uint, invariant excludeSelector helper and deprecates console2; v1.9.1: adds missing console logs
- EVMRepl (formerly Gas Playground): adds Solidity compilation errors
- Wevm webauthn-p256 (TypeScript): P256 signature utilities for WebAuthn
- Stealth Address SDK v1 beta (TypeScript): work with EIP5564 & EIP6538 stealth addresses
- Polars data announced Python Polars 1.0
- Alternative VM for zkSync: EraVM
Hackathons, Workshops & Events
Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖
- Tradeoffs of centralized sequencers
- Ethereum going down the same road as Cosmos?
- Solvers vs. Paymasters — The AA/Intent Transition will be tough
- Product and Infra Things to be Excited About for ‘24–25
- Balancer opens its V3 codebase for community feedback and contributions
- 2077 Collective: Ethereum’s Unofficial Marketing Department
- There is no ETH scaling, only “L2 Scaling”
- Direction of Ethereum L2s
- ERC-5564 and ERC-6538 pave the way for stealth address payments
- Decline of Vanilla L2s
- Are Prediction Markets & Community Notes the Future of Democratic Truth-Seeking?
- Leaderless and Leader-Based Preconfirmations
- The Sum-Check Protocol over Fields of Small Characteristic
- Zoom Out — Arthur Hayes
Articles
- DePIN is ripe to disrupt a range of traditional infrastructure networks.
- Data Contradicts Narrative: Ethereum Continues to Dominate Layer 1 Sector
- Accelerating Bitcoin Programmability With The Solana Virtual Machine
- Ethena: Building the Crypto-Native Synthetic Dollar
- TON: NOT right now
- A deep dive into the Lighting network
- Techbullion lists down Top 10 Blockchain Auditing Companies in 2024
- Onchain AI Agents: Architecture, Examples, and Projects to Follow
- Is this a Lending Protocol Renaissance?
- Orbit SSF: solo-staking-friendly validator set management for SSF
- Guide to tokenomics
- Vitalik crypto regulatory solution
- The Dark Side of Crypto: zkSync Recovery Operation by armutbey.
Research Papers
- Zero-X: A Blockchain-Enabled Open-Set Federated Learning Framework for Zero-Day Attack Detection in IoV
- Balancing Patient Privacy and Health Data Security: The Role of Compliance in Protected Health Information (PHI) Sharing
- RollupTheCrowd: Leveraging ZkRollups for a Scalable and Privacy-Preserving Reputation-based Crowdsourcing Platform
- Balancing Patient Privacy and Health Data Security: The Role of Compliance in Protected Health Information (PHI) Sharing
- Watch🎥
https://www.youtube.com/watch?v=xofcyYA0-Tk
Web3 Security Watch 🛡️
Articles
- QuillAudit reveals a staggering ~$1.4B lost to scams in just six months.
- Bittensor halts network after reported security attack on wallets: ZachXBT
- Consensys acquires Wallet Guard to help protect MetaMask users against hacks and scams
- 2024 Q2 MistTrack Stolen Funds Analysis
- Ethereum Foundation Warns of Compromised Mailing List Leading to Phishing Emails.
- TON ecosystem flooded with phishing attacks, SlowMist warns.
- A CertiK-linked platform posts bug reports publicly. Researchers say it’s ‘insanely irresponsible’
- Here’s how Sui’s object-centric data model is pushing the boundaries of what Move can do
- Immunefi Safe Harbor: implementation of Security Alliance (SEAL) whitehat safe harbor framework
Research Papers
- SCIF: A Language for Compositional Smart Contract Security
- Self-Evaluation as a Defense Against Adversarial Attacks on LLMs
- Revisiting the Performance of Deep Learning-Based Vulnerability Detection on Realistic Datasets
- Zero-X: A Blockchain-Enabled Open-Set Federated Learning Framework for Zero-Day Attack Detection in IoV
- Dual-view Aware Smart Contract Vulnerability Detection for Ethereum
- QuillAudit’s monthly report reveals over $199M lost in hacks & scams
- Another CertiK shitshow — leaking findings on-chain
- $WELL token launch disaster
- Censorship-resistance mechanisms
Hacks and Scams 🚨
TRUMP (MAGA)
Loss ~ $957k
- The Fake TRUMP (MAGA) token on BNB Chain is suspected of a rug pull, causing the token price to drop by 100%.
- A significant transaction indicates the rugpull
- The attacker swapped a massive amount of MAGA tokens for BNB using PancakeSwap’s universal router contract.
- 2,000,000,099,088,365.150 MAGA tokens from the address to PancakeSwap V2: BSC-USD-MAGA 5 were swapped.
- Subsequently, those tokens were converted into 958,541.987972610935114764 BNB, valued at approximately $959,500.53
- The rugpull resulted in the transfer of nearly $959,500.53 worth of BNB to the attacker’s wallet.
MintRisesPrices
Loss — $59k
- MintRisesPrices on BNBChain recently fell victim to a reentrancy attack, leading to a significant financial loss of approximately $59,000.
- This attack is a common vulnerability in smart contracts, where the attacker exploits the contract’s inability to manage multiple simultaneous interactions correctly.
- The attacker repeatedly called the vulnerable contract, managing to drain funds before the contract could update its balance.
- This exploit allowed the attacker to withdraw more funds than they initially deposited.
- The MintRisesPrices team is likely investigating the attack and working on measures to prevent similar incidents in the future.
