Week 88: Vitalik‘s Surgical EVM Scaling, Uniswap’s UniChain, SUI’s Native USDC, QuillCheck Now On Solana & $35M Phishing Exploit On Blast

--

GM! Buidlers

In this latest issue of HashingBits, we’re diving deep into Ethereum’s Core Developers meetings, covering all the major updates in the Ethereum ecosystem. But that’s not all — we’ll explore the latest happenings in the Polygon, Solana & Base ecosystems, along with advancements in the AI & Web3 space. For developers, we’re highlighting new tools designed to assist smart contract developers and auditors. And, of course, we’ll delve into the headlines about the $35M Exploit on Blast and Eigenlayer investor’s $5.7M loss in email thread compromise.

EtherScope: Core Developments 👨‍💻

Layer1 & Layer2

  • Flashbots ​Rollup-Boost​: block building using TEEs, starting with 250ms Flashblocks (partial blocks) and priority ordering
  • ​L2 standards meeting​ (RollCall #8): RIP7755 cross-L2 calls presentation, Pectra upgrade expected Q1 2025 (optimistically February) & upcoming breakout on ​future of EVM on L2​
  • Stripe ​Pay with Crypto​: US businesses can accept USDC on mainnet, settled in USD
  • ​ZKP2P Tickets​: lower fee secondary market for Ticketmaster, zk proof of transfer
  • ​Uniswap​ has unveiled its own Layer 2 solution, Unichain, aimed at advancing Ethereum’s scaling efforts and catering specifically to DeFi users and protocols.
  • ​ArtRun​, a new platform powered by Zora on Base, has launched.
  • ​1inch​ introduced Fusion Plus, enabling users to execute gasless transactions by signing off-chain orders without incurring gas fees in native tokens.
  • ​PancakeSwap​ launched the Zap feature for BNB Chain v3 pairs and over 20 selected pairs on Ethereum and Arbitrum.
  • ​Swell Network​ updated its Voyage Loyalty Bonus criteria based on community feedback to better acknowledge the contributions of long-term stakers.
  • ​Aave Labs​ proposed two ARFCs to expand the GHO stablecoin to Base and Avalanche, following its current availability on Ethereum and Arbitrum.
  • ​NOTAI​ launched an AI-powered stablecoin farming feature
  • ​Morpho Labs​ invited individuals interested in becoming delegates for the Morpho DAO to apply.
  • ​Sui Network​ has launched its native $USDC, becoming the first Move-based Layer-1 blockchain to partner with Circle.
  • ​Linea​ has proposed steps to transition its zkEVM to a permissionless system, highlighting decentralization through a proof-of-stake (PoS) model for block validation.
  • ​EigenExplorer​ has launched a new dashboard intended to improve the restaking experience.
  • ​Thesis​ has introduced the BitcoinFi Stack
  • ​Layer3​ has launched on Solana
  • ​Babylon Labs​ has announced that Cap-2 for Babylon Bitcoin Staking Phase-1 is now live.
  • ​LayerZero​ has officially launched on peaq, a Layer 1 blockchain centered on Decentralized Physical Infrastructure Networks (DePIN).
  • ​Midas​ has launched its core product suite, offering globally accessible yield through two tokens, $mTBILL and $mBASIS
  • ​Zest Protocol​ has launched early access for $BTCz, a liquid-staked Bitcoin that allows users to earn yield on their Layer 1 Bitcoin.
  • ​World Liberty Financial​ (WLFI) has submitted a governance proposal to Aave’s forum to deploy an Aave V3 instance on Ethereum Mainnet.
  • ​Sky​ has introduced new rewards for USDS suppliers on Aave
  • ​Lista​ is partnering with Binance to enhance BNB’s utility.
  • ​Pendle​ has added Sky’s USDS to its PT/YT market
  • ​Aevo​ and ​Hyperliquid​ have both listed Scroll’s SCR on their pre-launch markets.
  • ​Musubi​, the chainless swap venue by Kinto, is live now.
  • ​Aave DAO​ has launched the v3.2 upgrade, which introduces “Liquid eModes” and fully deprecates stable borrowing.

EIPs (Ethereum improvement proposals)

ERCs

EcoExpansions: Beyond Ethereum 🚀

Base

Polygon

Solana

Hackathons, Workshops, CTFs & Events

Updates on Development Kits & Tools

  • Teku ​v24.10.0​: adds engine_getBlobsV1 & IDONTWANT support and disabled flood publishing; ​v24.10.1​: hotfix for validators proposer config that prevented startup in v24.10.0
  • Solidity ​v0.8.28​: adds transient storage state variables for value types, generates JSON for Yul ASTs on demand to reduce memory usage and adds ability to request bytecode/IR for subset of contracts
  • RareSkills: ​storage slots for dynamic types​ in Solidity (mappings, arrays, strings & bytes)
  • Circom ​v2.2.0​: adds buses (groups related signals under one name)
  • ​Circuitscan​: submit/browse verified Circom circuits
  • Nethermind ​v1.29.0​: adds heuristics-based censorship detection for high-paying transactions & addresses
  • Reth ​v1.1.0​: Engine 2.0 enabled by default (except op-reth), new metrics & RPC improvements

Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖

Twitter

Articles

Research Papers

Watch🎥

Web3 Security

Articles

Research Papers

Twitter

  • ​Symbiotic​ reported that their X account was compromised by hackers at 6 PM EDT on Friday.
  • ​EigenLayer​ reported that they have been drained 1.674M EIGEN (worth ~$5.87M). The attacker swapped the stolen EIGEN for USDC. Most of the stolen funds have been transferred to HitBTC, while ~5K USDC was sent to Kraken.
  • ​Penpie​ has resumed operations after comprehensive security audits, allowing users to withdraw liquidity from affected pools, continue using unaffected pools, and participate in new pools with enhanced rewards.

Hacks and Scams 🚨

DeFi User

Loss ~ $35M

  • Few hours ago, our security team uncovered a $35M loss on Blast chain due to a malicious “permit” signature request. 🚨
  • The attacker quickly sold the stolen fwdETH, causing a sharp price drop in dETH.
  • This sell-off hit DeFi protocols like Pac Finance & Orbit Finance, both of which rely on dETH for stability.

EigenLayer

Loss ~ $5.7M

  • An email thread involving one investor’s transfer of tokens into custody was compromised by a malicious attacker.
  • As a result, 1,673,645 EIGEN tokens were erroneously transferred to the attacker’s address.
  • The attacker sold these stolen EIGEN tokens via a decentralized swap platform and transferred stablecoins to centralized exchanges.
  • We are in contact with these platforms and law enforcement. A portion of the funds have already been frozen.
  • The compromise has not impacted the broader ecosystem. There is no known vulnerability in the protocol or token contracts and this compromise was not related to any onchain functionality.

Community Spotlight

QuillAI Network is Pushing Boundaries

The ​QuillAI Network​ is the AI layer for web3 security. In their mission to create a safer web3, QuillAI features an OML-aligned framework incentivising developers and users to build self-sovereign AI agents for dedicated tasks through the fine-tuning of its D-LLM. With agents for solidity (​QuillShield​) and due diligence (​QuillCheck)​ helping safeguard contracts, transactions, and wallets, QuillAI is empowering web3 users and builders to charge of their security needs.

--

--

QuillAudits - Web3 Security 🛡️
QuillAudits - Web3 Security 🛡️

Written by QuillAudits - Web3 Security 🛡️

6+ Years Securing #Web3: 1M+ Lines Audited. Trusted by 1K+ Clients including StarkWare, Taiko, ZetaChain & Metis. Next-gen audits, KYC & on-chain monitoring.

No responses yet