Week 71 - Vitalik’s Proposal, zkSync's $ZK, Solana's Smart Wallet, Polygon's 1B POL Grants & $23.1M UwU Lend Exploit
Hashingbits: Your Monthly Dose of Web3 Innovation and Security
GM! Buidlers
In this latest HashingBits issue, we're diving deep into Ethereum's All Core Developers Consensus Call #135, covering all the major updates in the Ethereum ecosystem. But that's not all, we will dive into what's happening in zkSync, Polygon, and Solana ecosystems, along with recent advancements in the AI & Web3 space. For developers, we're highlighting new updates in tools designed to assist Smart contract developers and auditors. And of course, we're also digging into the headlines about UwU Lend's whopping $23.1M exploit and Loopring's recent $5M loss due to vulnerabilities in Guardian 2FA.
EtherScope: Core Developments 👨💻
Summary of All core devs - consensus Call(ACDC)#135
Naming F-starname Upgrade: Discussions for Post-Electra upgrade.
Updates on PeerDAS breakout #1
Lido Finance introduces Restaking for $stETH.
MetaMask launches pooled staking for Ethereum, excluding US and UK users.
Devcon tickets & tracks: Ticketing types, timelines & tracks are live!
Uniswap Labs acquired Crypto: The Game (onchain Survivor)
SEC Chair Gensler expects spot ETH ETFs S-1s to be approved over US summer.
Over 27% of the ETH supply is now staked, up from 24% in January.
**Ethereum Transactions Over Radio? How does that work?**
Layer1 & Layer2
Update on the TVL of Layer 2 Ethereum Scaling Solutions.
Huge Liquidation causes 25% drop in CRV
Blobs, Reorgs, and MEV-Boost: Analyzing Ethereum's Latency and Security Dynamics
Vitalik proposes a New Approach to Layer 1 Transactions.
Preconfirmation designs compatibility with proposed ePBS
Proposal to use torrents for distributing pre-merge data (EIP4444 history expiry)
OP Stack Permissionless Fault Proofs live on OP mainnet, now a stage 1 L2 (limited training wheels)!
A look into the RIP 7212 Deployment status on Layer 2 chains
Based preconfs are now live on devnet!
ERCs
**ERC-7720:** Deferred Token Transfer
ERC838 (resurrected): ABI specification for REVERT reason string
ERC7721: Lockable extension for ERC1155
ERC7722: Opaque token
EIPs
Meta EIP7723: Network upgrade inclusion stages
RIPs
RIP7724 (clone of EIP7667 for zk rollups): Raise gas costs of hash functions
EcoExpansions: Beyond Ethereum 🚀
zkSync
zkSync introduced the $ZK token. Check your airdrop eligibility.
ZK Nation was introduced.
zkSync’s mainnet deployment of v24 is now complete!
Deep Dive Analysis: Allocation of ZK Tokens to 13,000 Wallets with 0 tx in zkSync.
A look into ZK Tokenomics
Matter Labs (zkSync) is dropping all trademark applications for the ZK term!
zkSync is now live on Uniswap!
Polygon
Polygon Creates New Grants Program**, 1B POL Unlocked Over 10 Years** for Buidlers!
Agglayer-rs repository is now open-sourced.
Toposware, along with Polygon, is building a type 1 zkEVM prover.
Introducing - Polygon Governance Hub!
Have a look into Polygon’s DeFi Roundup!
Solana
Solana’s first Smart Wallet is here!
**Circle’s Programmable Wallets now supports** @solana!
Solana-Based Startup TipLink Launches Wallet Adapter.
Rise In and WBA Launch Developer Education Program to Train New Solana Developers
IslandDAO presents Koh Solana (Sep 25th - Oct 25th)
DevToolkit: Essentials & Innovations 🛠️
Etherscan now features a Card for Tokens to display security risks!
Remix v0.50.0 is here: Pin plugins and use ZK-ethers in JS/TS scripts!
RustRover is out now!
Quicknode launched a Builder’s guide.
Here are some Tips to rewrite EVM contracts to support Solana.
Lighthouse v5.2.0 is here: adds in-memory tree-states, optimized epoch & block processing and execution client version in graffiti.
Besu got an update: v24.6.0: Java v21 now minimum version and historic trie log data removed by default.
Foundry show-progress flag is here: live progress of fuzz & invariant tests
Take a look at the EF JavaScript team roadmap
Hello World EigenLayer AVS is now also available in Rust!
Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖
Twitter
Vitalik suggests which narratives to focus on
Ripple introduces the XRPL EVM Sidechain & Ripple USD (RLUSD)
Zapper announces Zapper Protocol : Powered by $ZAP
Helius CEO talks about Hivemapper!
A Deep Dive into DePIN
Articles
Quantifying code complexity: CK, Martin & Halstead metrics using Slither printers
Guide to create a simple Solidity linter using Slang (Nomic Foundation’s compiler APIs)
Blob Adoption and Utilization - Insights from the first 85 days
**Forced Transactions vs Based Sequencing:** Whats it all about?
How Crypto is Shaping the Future of Online Shopping!
Open Access Supercomputing Foundation announces the tokenomics of AO, the decentralized supercomputer!
The Restaking Wars: Eigenlayer vs Symbiotic
Research Papers
Watch🎥
Web3 Security Watch 🛡️
Articles
A Deep dive into Security Tips & Devices for Digital Nomads.
Identifying Red Flags in Smart Contracts: A Guide to Spot Security Risks in Solidity Smart Contracts
Nirvana Finance co-founder recounts the ‘worst day’ of his life.
A Guide on how to recover Funds with HackedWalletRecovery Tool
**Awesome On-Chain Investigations HandBook 2.0: A MUST Read!**
Research Papers
Twitter
Root cause analysis of UwU Lend : A Deep Dive
Ronkathon - rust implementation of a collection of cryptographic primitives
Hacks and Scams 🚨
UwU Lend
Loss ~ $23.1M
UwU Lend, launched by Frog Nation's former CFO Sifu, was hacked for $23.1M via Price manipulation.
The first attack on June 10, 2024, resulted in a $19.4M loss; the second attack within two days caused a $3.7M loss.
The attacker used three transactions to convert stolen $WBTC and $DAI into $ETH, funded by Tornado Cash.
UwU Lend paused the protocol for investigation an hour after acknowledging the exploit.
Despite a recent security audit from Peckshield, the hack exposed a price discrepancy in UwU Lend's oracles.
The attacker used a flash loan to manipulate the price feed, exploiting the difference between sUSDe borrowing and liquidation rates.
Curve founder Michael Egorov lost over 23.5M CRV ($9.85M) deposited into UwU Lend.
The attacker deposited tokens into Curve’s Llama Lend and borrowed over 8M crvUSD ($8.11M).
LlamaLend's CRV market lenders hard-liquidated the hacker's position.
UwU Lend offered a $5M bounty to catch the exploiter.
Find more details about the exploit - here
Loopring
Loss ~$5M
Loopring, a ZK-rollup based protocol on Ethereum, revealed a hack compromising its two-factor authentication Guardian wallet recovery service on June 9, 2024
Approximately $5 million was drained from wallets protected by Loopring’s Guardian service.
The Guardian service allows users to name trusted wallets for security tasks, like locking or restoring a compromised wallet.
The hacker bypassed Loopring's Official Guardian service, initiating recoveries on wallets with a single guardian without user consent.
According to Loopring, wallets with multiple guardians or third-party guardians remained secure, as transactions require more than half of the guardians.
Loopring disclosed two wallet addresses involved in the breach, with one wallet draining about $5 million from affected accounts.
The protocol is collaborating with Mist security experts to understand the 2FA service compromise and has suspended Guardian-related operations temporarily.
Loopring stated that after suspending these operations, the breach was contained.
The protocol is working with law enforcement to track the hacker.
Community Spotlight
#NYCTechWeek is an absolute whirlwind of innovation!