Week 60 - Layer 2 Triumphs | EigenLayer 2nd in DeFi TVL! | Polkadot's Ink v5 released | CURIO and Munchables Hacked ⚠️
Hashingbits: Your Weekly Dose of Web3 Innovation and Security Curated by QuillAudits
GM! Buidlers
Welcome to the latest edition of HashingBits! This edition is packed with exciting developments in Ethereum, particularly in Layer 2 scalability solutions and other ecosystems like Solana, EigenLayer, Polygon, NEAR, and Tezos. Dive into the latest Developer Updates, including Polkadot's Ink v5 release, Cyfrin Updraft for web3 DevOps and solidity updates. Stay updated on recent blockchain hacks, including $62.5 million lost by Munchables and $16 million by CURIO due to Smart Contract vulnerabilities.
EtherScope: Core Developments 👨💻
Checkout how BlackRock plans to start a new RWA tokenisation fund on Ethereum
Mainnet successfully upgraded to Dencun
Consensus-specs v1.4.0 for Dencun mainnet release
Layer 2
L2 fees drop to cents & below: L2 Fees, Gas Fees & grow the pie
Optimism fault proofs are now live on OP Sepolia testnet
Arbitrum upstages Ethereum as Daily transactions are through the roof amidst L2 Networks’ surge
EIPs:
ERCs (application layer):
ERC7656: Generalized token-linked contracts
EcoExpansions: Beyond Ethereum 🚀
Solana
Solana’s first liquidity bootstrapping platform 1intro launched
Solana developers can natively swap USDC tokens from Ethereum and other ecosystems
The next-gen standard for NFTs, Core is now presented by Metaplex
Polygon
The first rollup improvement proposal with the Napoli Upgrade
Polygon AggLayer to facilitate Astar’s zkEVM Mainnet launch with Ethereum interoperability
NEAR
Chain signatures to facilitate cross-blockchain transactions from your NEAR account, now secured by Eigenlayer and NEAR stakers
Tezos
Oxford 2 now activated by Tezos to enhance flexibility and security for Blockchain
Created by artists Agoria, the collection comprises five unique NFTs minted on the Tezos blockchain.
Eigen Layer
EigenLayer has reached $11.2B in total value locked (TVL). The Ethereum restaking protocol jumped Aave to become the 2nd largest protocol by TVL.
Introducing Edgeless Network: A Fee-Free Ecosystem on Arbitrum Nitro Chain with EigenLayer's DA Solution
DevToolkit: Essentials & Innovations 🛠️
web3py middleware (v7 beta): class-based middleware replaces functional programming paradigm
Buidl on Aptos and Sui with the move book
Here is how to make your own ERC-404 Token!
Polkadot’s strengthened security with upgradeable contracts, implementing fallible methods.
Solidity v0.8.25: Cancun default EVM version, MCOPY used in code generator and TSTORE usage warnings reduced to once per compilation
Ethernaut-cli (toolbox): built on Hardhat tasks, AI requires OpenAI API key; beta
Cyfrin Updraft adds web3 DevOps & Assembly & Formal Verification courses
Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖
Articles
Tweets
Research Papers
Watch🎥
Web3 Security Watch 🛡️
Articles
GitHub Repos
OpenZeppelin Ethernaut CTF 2024 challenges & solutions
Research
Tools
deExplorer - A tool designed to monitor cryptocurrency movement across multiple blockchains, providing insights into investor behavior. It allows observation of the blockchains where investors deposit and withdraw funds, offering valuable data on cross-chain transaction patterns.
Aderyn - Aderyn is a Rust-based static analyzer specifically designed for Web3 smart contract security and development. It takes a bird's eye view over your smart contracts, traversing the Abstract Syntax Trees (AST) to pinpoint suspected vulnerabilities. Developed by Cyfrin.
Hacks and Scams 🚨
1. Munchables
Loss ~ $62.5M
Blockchain data shows that Munchables, a Web3 project on the Blast blockchain, was drained of an estimated $62.5 million worth of ether early Wednesday after a contract was maliciously manipulated.
Munchables said on X that the developer had shared all private keys to recover the funds.
The attacker apparently transferred the stored users’ funds to themselves before upgrading the platform’s smart contracts. Blockchain sleuth ZachXBT said the attacker was likely North Korean, based on their GitHub commit activity. They are listed on GitHub as “Werewolves0493” and allegedly worked for the Munchables team.
2. CURIO
Loss ~ $16M
Real-world asset (RWA) liquidity firm Curio suffered a smart contract exploit involving a critical vulnerability related to voting power privileges, allowing the attacker to steal $16 million in digital assets.
On 25th March 2024, Curio reported an exploit due to a flaw in their system's access control, allowing the unauthorized minting of 1 billion Curio Governance Tokens (CGT). They aim to compensate affected parties through the introduction of CGT 2.0.
The company informed its community about the breach, attributing it to a vulnerability in a MakerDAO-based smart contract's permission logic, which enabled the attacker to mint 1 billion CGT.
Community Spotlight
Decentralized Derby, started by QuillAudits, is a hub for showcasing new Web3 ideas and connecting entrepreneurs with top investors and the wider community. It's designed for creators ready to pitch, investors looking for the next big thing, and anyone keen on the latest in blockchain.
If you've got an idea or project that could shape the future of technology, we'd love to hear from you. Sign up to pitch your project here.
Check Out Our Past Derby Pitchers' Insights!