Week 68 - Ethereum ETFs Approved ! DePIN on Polygon, Tokenize Real World Assets, Gala Games $219M Exploit, Chance to Win $QUILL Airdrop !!
Hashingbits: Your Monthly Dose of Web3 Innovation and Security
GM! Buidlers
This edition of Hashingbit brings you some important updates about web3. The SEC has given the green light to 8 Ethereum ETFs, including ones from big players like BlackRock and Fidelity. This shows that big institutions are starting to get more involved in cryptocurrencies. There's also news about an upgrade called Pectra (a mix of Prague and Electra) coming later in 2024, which will bring some improvements to the network. WitnessChain is doing some cool stuff by building a DePIN Coordination Layer with Polygon CDK. This will make it easier for people to join DePIN and for developers to create new apps. There are also updates on zksync, Polygon, Berachain, and Fantom, showing progress in these platforms. If you're interested in tokenizing real-world assets, there's a new tutorial available. A recent hack on Gala Games resulted in a whopping $219 million loss, showing that we still need to be careful. Also we are announcing Season 1 of the QuillAudits Points Program! Get a chance to win a share of 50 million QuillAudits Points for $QUILL token airdrop.
EtherScope: Core Developments 👨💻
Vitalik Addresses MEV and Decentralization Concerns
Pectra (Prague + Electra) upgrade, small fork targeting late 2024
Notes on collaborative zkSNARKS
Announcing the Ethereum Protocol Fellowship Cohort 5
SEC approves 8 Ethereum ETFs including BlackRock and Fidelity
EIPs
ERCs
RIPs
RIP-7712:- Multi-dimensional 256-bit nonce for RIP-7560 Account Abstraction transactions
EcoExpansions: Beyond Ethereum 🚀
zkSync
Liquid restaking LRTs have arrived on zksync . Stack yield with wrsETH.
Successful upgrade of the Cronos zkEVM Testnet to Tethys.
Deutsche Bank Collaborates with Memento on MAS’s Project Guardian for Asset Tokenization on ZK Chain
zkSync Protocol Upgrade v24: New precompiles, more blobs, Validiums, and more.
Polygon
Learn Aggregation Layer A list of resources to learn about the Aggregation Layer
L3s v. Aggregated L2s: An Analysis for Developers
WitnessChain Constructs DePIN Coordination Layer with Polygon CDK, Facilitating Seamless DePIN Onboarding and dApp Innovation
Blockworks Launches Research Portal Offering In-Depth Analytics for Polygon PoS, zkEVM, and Beyond
Fantom
Fantom developers introduce foundation for Sonic, close $10 million strategic round
Sonic Preps for Launch: Unveiling Details on Sonic Chain, $S Token, and New Strategic Funding Round
EtherMail Joins Fantom Ecosystem, Extending Cutting-Edge Services with Special Offer for Projects
Berachain
Berasig - The first gamified wallet serving as a mobile portal of Berachain at your PAWTIPS!
Berachain and Union Build Interoperability Partnership for IBC Assets and Staked Derivatives
DevToolkit: Essentials & Innovations 🛠️
Hardhat v2.22.4: adds BigInt task argument type
Raycast extension: ethereum-eips
ERC-5189: Zero-Cost Account Abstraction
Foundry roadmap of planned 2024 features
Heimdall-rs v0.8.0: decompilation & decode improvements and more modular code base
Wagmi adds Vue support
Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖
Twitter
Major EIPs of Ethereum Pectra upgrade
The Value of Statelessness/Verkle Trees
PureDai: Returning to the ideological roots of Dai
Low Float & High FDV: How Did We Get Here?
Why L2 Scaling is a Losing Strategy
Liquid Restaking Token (LRT) Market Risk Framework
Verifiable Compute: Scaling Trust with Cryptography
Execution and Consensus in Staking Services
Articles
New launches (part 1) - private capture, phantom pricing
The near and mid-term future of improving the Ethereum network's permissionlessness and decentralization
Monthly Outlook: Expectations on Ethereum
Affine Restaking Risk Engine: Simulating the Distribution of Eigenlayer Restaking Yields
Github Repos
Betherscan (browser extension): adds data fields to Etherscan, including block header RLP, contract storage root, EOA nonce and transaction signature (v, r, s)
Research Papers
A Sound Type System for Secure Currency Flow
IT Strategic alignment in the decentralized finance (DeFi): CBDC and digital currencies
AI-Protected Blockchain-based IoT environments: Harnessing the Future of Network Security and Privacy
Blockchain-based AI Methods for Managing Industrial IoT: Recent Developments, Integration Challenges and Opportunities
Sustainable business decision modelling with blockchain and digital twins: A survey
Securing Health Data on the Blockchain: A Differential Privacy and Federated Learning Framework
Tools
**Writing Cross-Chain PoC Using Pigeon** by Sujith Somraaj.
Foundry adds console input for more interactive testing.
Ponder adds **call trace indexing** for smart contracts.
**The go-ethereum live tracer** by Marius Van Der Wijden.
Introducing Drillx: a new proof-of-work algorithm for smart-contract based cryptocurrency mining
Watch🎥
Web3 Security Watch 🛡️
Articles
Pink Drainer ‘steps back from the grind’ after stealing $75M from victims
Beginner’s Guide to Web3 Security: Guide to Avoiding Fake Wallets and Private Key/Mnemonic Phrase Compromises
BlockTower Capital's main hedge fund 'partially drained' in attack
Research Papers
Large Language Models for Blockchain Security: A Systematic Literature Review
A Privacy-Preserving DAO Model Using NFT Authentication for the Punishment not Reward Blockchain Architecture
Strategic Deployment of Honeypots in Blockchain-based IoT Systems
Towards an Optimal Staking Design: Balancing Security, User Growth, and Token Appreciation
Securing Blockchain-based IoT Systems with Physical Unclonable Functions and Zero-Knowledge Proofs
Twitter
Bitcoin L2 protocol bridge Alex suffers $4.3M in losses after suspicious upgrades
Tools
Betterscan is a security tool designed to parse, analyze, and display data from any EVM-based smart contracts. Developed by shortdoom.
Reth Execution Extensions. Post-execution hooks.
**SOLP: A Stand-alone Solidity Analysis Library** by Zellic. The library is pretty powerful capable of creating stable ASTs great for code analysis.
Etherscan converter tools.
Hacks and Scams 🚨
Gala Games
Loss ~ $219M
On May 21, 2024, Gala Games was exploited on the Ethereum Mainnet.
The exploit resulted in the minting of 5 billion GALA tokens, valued at approximately $219 million.
Possible causes include private key compromise, private key misuse by an insider, or team involvement.
The attack involved minting a large number of tokens due to a private key compromise of the deployer or administrator wallet.
The attacker used 0xProject to dump the tokens in chunks of 50 and 100 ETH.
The attacker swapped 599 million GALA tokens for approximately 5,913.20 ETH, valued at $21.8 million.
The exploiter's wallet currently holds approximately $206,737,478 worth of assets.
The affected Gala contract has a
notBlocklisted
modifier, allowing the deployer to restrict addresses.Two hours and 16 minutes after the exploit, the deployer added the exploiter's address to the blocklist.
This action limited the damage to $21.8 million.
The team will burn the excess 4,401,236,462 GALA tokens.
Community Spotlight
We at QuillAudits are excited to launch Season 1 of the QuillAudits Points Program. We’re giving away 50 million QuillAudits Points! These points will be used to decide who gets the $QUILL token airdrop, and users can earn points in various ways, and we’re kicking this off with our Zealy campaign. Join our community and climb the leaderboard to secure your share of the airdrop allocation.