Week 70 - peerDAS on electra, StarkWare’s ZK Scaling to Bitcoin, AI&ML for Web3, DMM Exchange Lost over $ 300 M
Hashingbits: Your Monthly Dose of Web3 Innovation and Security
GM! Buidlers
This issue of Hashingbit features a detailed writeup on Ethereum All Core Developers Consensus Call #134, highlighting the integration of peerDAS into Electra. It also covers StarkWare's plans to bring ZK scaling to both Bitcoin and Ethereum. The issue includes ecosystem updates on Solana, Aptos, and Polygon, as well as insights on AI & ML for Web3. Additionally, it provides developer tools for smart contract auditing and Solidity developers. Furthermore, it offers insights into how DMM Exchange was exploited for $305M and Velocore's loss of $6.8M due to a smart contract vulnerability.
EtherScope: Core Developments 👨💻
ENSv2: The Next Generation of ENS
Ethereum All Core Developers Consensus Call #134 Writeup - peerDAS is going into electra!
Ethereum futures hit record highs following spot ETF approval
Bolt – Enabling trustless pre-confirmations on Ethereum
Dynamic Ethereum Roadmap
Potential process improvements for AllCoreDevs
The Ethereum Government : How Code Changes Are Made to the World’s Most Sprawling Blockchain
Layer 1 & Layer 2
Iota launched the mainnet of IOTA EVM, an EVM-compatible Layer 2 for the Iota network.
Fhenix: Building a Confidential Future for Ethereum
StarkWare plans to bring ZK scaling to Bitcoin alongside Ethereum
The current state of SNARKs
Layer 2s as cultural extensions of Ethereum - Vitalik
Introducing RISE pevm: EVM execution on steroids!
Rollup.wtf dashboard: L2 real-time performance showing TPS, MGas/s & KB/s
EIPs
EcoExpansions: Beyond Ethereum 🚀
Solana
Solana saw nearly half a million tokens launched last month
Solana To Ditch Token Burning and Divert 100% Of Priority Fees To Validators
Solana Staking Protocol Sanctum Announces $CLOUD Tokenomics
Polygon
Polygon Labs acquires Toposware, pushing total ZK investment to $1B
v2 of the polygon miden alpha testnet
QiDaoProtocol integrates $MAI on Polygon PoS
zapit_io integrates Polygon PoS, letting users on/offramp assets on their P2P exchange
Aptos
IONet and Aptos: Redefining AI Performance and Scale
Discussing Aptos Unity SDK: Simplified Logins & Transactions
Mereo Revolutionizes Fan Engagement with On-Chain Journeys on Aptos
Aptos Integrates Chainlink's CCIP and Data Feeds to Boost Decentralized App Development
DevToolkit: Essentials & Innovations 🛠️
Announcing Lita's Valida zkVM & C Compiler
Monomer SDK – Cosmos Tech on Ethereum Rollups
Compiler Fingerprinting in EVM Bytecode
Runtime Verification Simbolik: Solidity debugger VS Code extension, private beta
Tevm (TypeScript EVM toolkit): in browser devnet & Solidity scripting
Foundry adds Vyper support: deploy, test, debug & write scripts
Hardhat v2.22.5: adds limited support for blob transactions & hardhat-tracer reenabled
Slither v0.10.3: reduces false positives & improves performance
Snekmate (Vyper building blocks): module-friendly contracts, uses Vyper v0.4.0rc6
Prool: simulate local/bundler/indexer node over HTTP for TypeScript test runners, e.g. Vitest
EVMole: improved accuracy in function argument extraction
Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖
Twitter
Thoughts on Polygon Miden
Bringing transparency to DePIN token incentives
Evaluating token economics for DePINs: cost estimation
Can crypto help solve the walled garden challenges around data for AI products?
Proof of Virality - Some thoughts on socialfi, memecoins, and consumer crypto below.
Curious how Coinbase’s new smart wallet works?
Why are there so many L2s coming out? Do we need yet another chain? When will it all end?
Articles
How Would a Blockchain-Based Decentralized AI System Work?
Telegram-Based Wallet Bot Introduces Stricter KYC Rules
Electric Capital: 2024 Crypto Insights
EigenLayer: Intersubjective Faults, Token forking, bEIGEN & more
Real World Assets - All assets will move on-chain
Research Papers
Federated TrustChain: Blockchain-Enhanced LLM Training and Unlearning
FACOS: Enabling Privacy Protection Through Fine-Grained Access Control with On-chain and Off-chain System
Fantastyc: Blockchain-based Federated Learning Made Secure and Practical
Decentralized Physical Infrastructure Network (DePIN): Challenges and Opportunities
Blockchain-aided wireless federated learning: Resource allocation and client scheduling
Model-based Analysis of Mining Fairness in a Blockchain
Watch🎥
Web3 Security Watch 🛡️
Articles
Decoding the Role of Artificial Intelligence in Metaverse and Web3
Simplifying & Understanding Real-World Assets
Ebury Botnet Expanding: Malware Continues to Steal Cryptocurrency
The Web3 Security Tool That CHANGES THE GAME — Glider Tutorial.
Research Papers
Fast and Secure Decentralized Optimistic Rollups Using Setchain
It Takes Two: A Peer-Prediction Solution for Blockchain Verifier's Dilemma
Stealing Trust: Unraveling Blind Message Attacks in Web3 Authentication
All Your Tokens are Belong to Us: Demystifying Address Verification Vulnerabilities in Solidity Smart Contracts
Twitter
Have you ever wondered how auditors manage to keep track of all the records and notes?
Just a bunch of freshly released web3 security tools!
The Emergence of AI Agents
Github
Hacks and Scams 🚨
DMM Exchange
Loss ~ $305 M
The exploit occurred on May 31, 2024, resulting in a loss of 4,502.9 BTC, valued at approximately $304,529,100.
The breach occurred around 1:26 p.m. and involved unauthorized access to the exchange's wallet.
The root cause of the exploit is currently unknown.
The exploit may have involved a private key compromise or an exploitation of DMM’s signature services.
An address spoofing attack is another possible explanation, where the attacker mimicked a legitimate DMM address to deceive wallet operators.
The stolen funds were distributed to ten different bitcoin addresses in batches of 500 BTC.
DMM Bitcoin implemented measures to prevent further unauthorized access, including suspending new account openings, crypto asset withdrawals, and new buying orders for spot trading.
Withdrawals in Japanese yen may take longer than usual due to the incident.
Japan's Financial Services Agency has ordered DMM Bitcoin to investigate the breach and implement protective measures for customers.
The police have started their own investigation into the matter.
DMM Bitcoin assured customers that their Bitcoin deposits are fully guaranteed and will be covered by the exchange.
Velocore
Loss ~ $6.8M
Velocore experienced a security breach on June 2nd, 2024, resulting in financial losses of approximately $6.8 million in ETH.
The breach was due to vulnerabilities in the Balancer-style CPMM pool contract.
Niv from Hexagate reported the issue and facilitated communication with Velocore Mods. Gal of Hypernative and Ironblock assisted in setting up a war room for investigation.
All volatile CPMM pools in Linea and zkSyncEra Velocore were affected, but no stable pools were impacted.
Telos Velocore shared the same vulnerabilities but mitigated the issue before exploitation.
Blade, a fork of Velocore using a simple XYK pool, was not affected by this vulnerability.
The primary cause of the incident was faulty logic in the ‘velocore__execute()’ function of the ConstantProductPool.
The ‘feeMultiplier’ variable's miscalculation allowed the ‘effectiveFee1e9’ to exceed 100%, causing logic malfunctions.
There was potential for underflow during single-token withdrawals, leading to erroneous large deposits.
The ‘velocore__execute()’ function did not verify whether the caller was the Vault, simplifying the exploit.
The attacker used Tornado for funds, exploited the vulnerability, bridged funds with Across Bridge, and redeposited them into Tornado.
The attacker used flash loans to manipulate LP tokens and pool sizes, leading to an abnormal minting of LP tokens.