Week 65 - Pike Hacks Highlight Audit Needs, Vitalik's Security Tips, Starknet & Polygon Innovations, Solidity and Smart Contract Career Guide
Hashingbits: Your Monthly Dose of Web3 Innovation and Security
GM! Buidlers
In this edition of Hashingbit, we explore key developments within the web3 ecosystem. Learn about Vitalik Buterin's preference for multisig security, which he argues is simpler and more reliable than Shamir's backup. We also cover Ethereum's recent overtaking of Solana in DEX trading volume, signalling a significant shift in decentralized trading dynamics. Updates from Starknet, Solana, Polygon, Polkadot, and Eigen Layer are highlighted, focusing on their latest technological advancements and strategic expansions. This issue also addresses recent security incidents, including a $1.68M compromise at Pike Finance and a $181K exploit at Yield Protocol. Additionally, we recap the QuillAudits event in Dubai. Stay informed with Hashingbits, your comprehensive source for blockchain technology updates and security news.
EtherScope: Core Developments 👨💻
Ethereum All Core Devs Call #186 Summary - Christine Kim
Ethereum Foundation Wants To Use AI to De-Risk ETH Ecosystem
Azuki NFTs on Ethereum doubled in value in a month, with daily sales of over $1.1M, lifting the market cap to $146.78M, driven by recent project efforts.
Ethereum’s Buterin advocates multisig says Shamir backup is ‘way easier to screw up’
Ethereum overtakes Solana by DEX trading volume
ether.fi Joins THENA to Accelerate Ethereum’s Decentralization
Building Ethereum MEV Bots for Profit and Innovation
Ethereum Staking Weekly Report
Franklin Templeton lists Ethereum ETF on DTCC
Ethereum transaction fees overtake Bitcoin as Runes speculation subsides
zkSharding for Ethereum
ERCs
ERC - 6229 - Tokenized Vaults with Lock-in Period
ERC-7700 - Cross-chain Storage Router Protocol
EIPs
EcoExpansions: Beyond Ethereum 🚀
Starknet
Blobstream Starknet Project Enables Celestia DA for Developer-Built Starknet Appchains
The Integrity verifier: A leap toward Starknet hyperscaling
Solana
Jito becomes the largest protocol on Solana with $1.4 billion in TVL
Supporting Validators: Updates to the Solana Foundation Delegation Program
Sanctum, an algorithmic liquid staking protocol on Solana, Launches iceSOL
Polygon
Polygon leads in EVM efficiency as DeFi users favour low transaction costs
Polygon PoS Validator Spotlight: Meria
Polkadot
Polkadot parachain Peaq receives major migrations from decentralized mapping projects
Polkadot Ecosystem’s Daily active addresses hit an all-time high of 514,000
Eigen Layer
Eigen Foundation increased EIGEN airdrop by 100 tokens and clarified investor tokens unlock after September 30th to address community concerns.
The technical whitepaper on universal intersubjective staking is here.
DevToolkit: Essentials & Innovations 🛠️
Integrate Embedded Accounts in your app with these simplified React hooks
How Do I Get Started Becoming a Solidity Dev?
Securing Smart Contracts: A Dev's Guide, Part I
3074 Hosted Devnet
Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖
Twitter
Articles
Voter Behavior in Blockchain Governance: A Comparative Study of Curve Finance and Polkadot
Solidity Memory Types In Depth: Part 1
Slashing Proofoor - On-chain slashed validator proofs
Research Papers
Web3 and the State: Indian state's redescription of blockchain
TRAC: a tool for data-aware coordination (with an application to smart contracts)
Machine Learning for Blockchain Data Analysis: Progress and Opportunities
Decentralized Peer Review in Open Science: A Mechanism Proposal
Watch🎥
Web3 Security Watch 🛡️
Articles
Unveiling a New Scam: Malicious Modification of RPC Node Links to Steal Assets
5 Mistakes that are Compromising Your Crypto Wallet Security
Research
Static Application Security Testing (SAST) Tools for Smart Contracts: How Far Are We?
Solvent: liquidity verification of smart contracts
Improving Smart Contract Security with Contrastive Learning-based Vulnerability Detection
A Blockchain-Based Audit Mechanism for Trust and Integrity in IoT-Fog Environments
Tweets
The pitfalls of EIP-3074, and how to avoid them
ZachXBT: How Lazarus Group laundered $200M from 25+ crypto hacks to fiat from 2020–2023
Tools
RugCheck :- RugCheck is the ultimate tool for ensuring the safety, analysis, and transparency of #Solana tokens. It thoroughly checks the contracts on #Solana to make sure you steer clear of any potential rugs.
Hacks and Scams 🚨
Pike Finance
Loss ~ $1.68M
Here are the key points regarding the Pike Finance hacks in April 2024:
Two Major Hacks: Pike Finance was hit by two significant security breaches, resulting in a total loss of approximately $1.9 million.
First Hack Details:
Date: April 26, 2024
Target: USDC pool of the Pike Protocol Beta
Vulnerability: Mismanagement of the Cross-Chain Transfer Protocol (CCTP), which is used for transferring USDC across blockchains.
Attack Mechanism: An error in the protocol allowed the attacker to manipulate the receiver addresses and the amount of USDC, enabling the theft of about $300,000.
Response to First Hack:
Protocol Update: In an attempt to secure the protocol, Pike updated their smart contracts.
Introduction of New Vulnerabilities: The updates inadvertently introduced new dependencies that altered the contract's storage layout.
Second Hack Details:
Consequence of Updates: The remapping caused by the updates made the “initialized” variable inaccessible.
System Misinterpretation: The protocol mistakenly believed the contracts were not initialized.
Exploitation: Attackers deployed a malicious version of the spoke contracts, gaining administrator access and subsequently stealing $1.6 million.’
Yield Protocol
Loss ~ $0.181M
Hackers exploited a smart contract vulnerability in Yield Protocol, a DeFi lending platform, stealing about $181,000 in crypto assets.
Yield Protocol ceased operations in December 2023 due to decreased demand and regulatory pressures but was still operational for closure procedures.
Despite advisories for investors to withdraw funds, the protocol suffered a breach where the attacker used a discrepancy in pool token balances on the Arbitrum blockchain.
The breach was initially disclosed by blockchain investigation firm PeckShield.
The stolen funds were facilitated through @ChangeNOW_io on the Arbitrum network and remained with the hacker.
Yield Protocol was also affected by a previous attack on the Euler Finance platform in March, which led to the temporary suspension of its operations.
The platform announced its return to full functionality on May 18, allowing resumed borrowing and lending for future series and outlining a timeline for users to claim replacement tokens.
Given the recent security breaches in the DeFi sector, as highlighted above with Pike Finance and Yield Protocol, thorough smart contract audits are crucial for safeguarding assets.
Secure your DeFi projects with thorough audits. Try QuillShield today for comprehensive protection from development to deployment.