Week 74: Vitalik on Faster Tx Confirmations, zkSync’s Elastic Chain, QuillAudit Reports $1.4B Lost in Hacks in the First Half of 2024, $199M in June
Your Monthly Dose of Web3 Innovation and Security- by QuillAudits
Curated by QuillAudits
GM! Buidlers
In this latest issue of HashingBits, we're diving deep into Ethereum's Core Developers meetings, covering all the major updates in the Ethereum ecosystem. But that's not all—we'll explore the latest happenings in the Sui, Aptos, Solana & zkSync ecosystems, along with recent advancements in the AI & Web3 space. For developers, we're highlighting new tools designed to assist smart contract developers and auditors. And, of course, we'll delve into the headlines about the QuillAudit Reports $1.4B Lost in Hacks in the First Half of 2024
EtherScope: Core Developments 👨💻
Ways to give Ethereum users faster transaction confirmation times: Vitalik’s thoughts
Summary of All core devs – execution (ACDE) #191.
Summary of Verkle implementers call #20.
A look into ePBS breakout #4.
What does ePBS bring to the table?
Fetch blobs from execution layer pool proposal, rather than wait for blobs over gossipsub
Layer1 & Layer2
Scroll L2 launches the Curie upgrade, bringing transaction fees down by 2x!
Aevo launches Aevo Strategies, automated trading vaults that execute sophisticated strategies on the user’s behalf!
LayerZero Labs announced its upcoming launch on Gravity, an L1 chain by Galxe.
Arrakis partners with Valantis to introduce HOT (Hybrid Order Type), an MEV-aware AMM
Chainlink Powers NAV Data For Sygnum's On-Chain Fidelity Fund
Mantle Launches Incentives Campaign for its Liquid Staking Protocol
Fidelity, Sygnum partner with Chainlink to bring NAV data onchain
Blobstream Zero: A new-generation zkVM-based Blobstream Bridge
Avalanche introduces Avalanche Interchain Token Transfer (ICTT)
Lido DAO proposes authorizing Dolphin CL
Introducing Restaked Interop, Powered by the Hyperlane AVS
Shardeum: incentivized testnet Atomium is live
Worldcoin partnering with Alchemy on building infrastructure including rollup hosting services
Wormhole introduces Wormhole Governor V2
ERCs
ERC-7731: Vulnerability and Exposure Identifier Specification and Indexing
ERC7734: Decentralized identity verification (DID)
EIPs
EIP-7733: Deactivate EIP-158
EIP7732: Enshrined proposer-builder separation (ePBS)
EIP7735: Gas fee sponsorship
EIP7736: Leaf-level state expiry in verkle trees
EcoExpansions: Beyond Ethereum 🚀
Solana
ChainGPT has now integrated Solana!
Jupiter launches Ape, a memecoin trading platform!
marginfi, a Solana-based lending protocol, plans to launch mrgnswap.
Monthly Solana Ecosystem Call: July 2024 Edition
zkSync
Key design objectives of Elastic Chain
Deep Dive into the architecture of Elastic Chain
Space and Time becomes the ZK-proven data layer for ZKsync's Elastic Chain ecosystem.
Sui
Sui introduced Wave wallet
How Closed-Loop tokens are providing builders with a higher degree of control & customization
A look into the State of Sui DeFi
Aptos
Aptos introduces Aptos Connect, a self-custodial wallet that allows users to create an account with a single click using Web2 login options.
Delegaters on Aptos has increased over 46,000
Aptos Node v1.15.2 has been released!
Why do builders choose Aptos over other networks?
New features coming to Move on Aptos
Aptos Foundation proposes deploying Aave V3 on Aptos Network
DevToolkit: Essentials & Innovations 🛠️
EVMole - function selector and argument extractor now with Vyper support.
snekmate v0.1.0 targeting the latest (breaking) Vyper release 0.4.0
Geth v1.14.6: adds experimental stateless witness builder & (self) cross validator
Foundry forge-std v1.9.0: adds cheatcodes for a uint prompt, generate a random address/uint, invariant excludeSelector helper and deprecates console2; v1.9.1: adds missing console logs
EVMRepl (formerly Gas Playground): adds Solidity compilation errors
Wevm webauthn-p256 (TypeScript): P256 signature utilities for WebAuthn
Stealth Address SDK v1 beta (TypeScript): work with EIP5564 & EIP6538 stealth addresses
Polars data announced Python Polars 1.0
Alternative VM for zkSync: EraVM
Hackathons, Workshops & Events
Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖
Twitter
Tradeoffs of centralized sequencers
Ethereum going down the same road as Cosmos?
Solvers vs. Paymasters - The AA/Intent Transition will be tough
Balancer opens its V3 codebase for community feedback and contributions
ERC-5564 and ERC-6538 pave the way for stealth address payments
Are Prediction Markets & Community Notes the Future of Democratic Truth-Seeking?
The Sum-Check Protocol over Fields of Small Characteristic
Zoom Out - Arthur Hayes
Articles
DePIN is ripe to disrupt a range of traditional infrastructure networks.
Data Contradicts Narrative: Ethereum Continues to Dominate Layer 1 Sector
Accelerating Bitcoin Programmability With The Solana Virtual Machine
Ethena: Building the Crypto-Native Synthetic Dollar
TON: NOT right now
Techbullion lists down Top 10 Blockchain Auditing Companies in 2024
Onchain AI Agents: Architecture, Examples, and Projects to Follow
Orbit SSF: solo-staking-friendly validator set management for SSF
The Dark Side of Crypto: zkSync Recovery Operation by armutbey.
Research Papers
Zero-X: A Blockchain-Enabled Open-Set Federated Learning Framework for Zero-Day Attack Detection in IoV
Balancing Patient Privacy and Health Data Security: The Role of Compliance in Protected Health Information (PHI) Sharing
RollupTheCrowd: Leveraging ZkRollups for a Scalable and Privacy-Preserving Reputation-based Crowdsourcing Platform
Balancing Patient Privacy and Health Data Security: The Role of Compliance in Protected Health Information (PHI) Sharing
Watch🎥
Web3 Security Watch 🛡️
Articles
QuillAudit reveals a staggering ~$1.4B lost to scams in just six months.
Bittensor halts network after reported security attack on wallets: ZachXBT
Consensys acquires Wallet Guard to help protect MetaMask users against hacks and scams
2024 Q2 MistTrack Stolen Funds Analysis
Ethereum Foundation Warns of Compromised Mailing List Leading to Phishing Emails.
TON ecosystem flooded with phishing attacks, SlowMist warns.
A CertiK-linked platform posts bug reports publicly. Researchers say it’s ‘insanely irresponsible’
Here's how Sui's object-centric data model is pushing the boundaries of what Move can do
Immunefi Safe Harbor: implementation of Security Alliance (SEAL) whitehat safe harbor framework
Research Papers
Self-Evaluation as a Defense Against Adversarial Attacks on LLMs
Revisiting the Performance of Deep Learning-Based Vulnerability Detection on Realistic Datasets
Zero-X: A Blockchain-Enabled Open-Set Federated Learning Framework for Zero-Day Attack Detection in IoV
Dual-view Aware Smart Contract Vulnerability Detection for Ethereum
Twitter
QuillAudit’s monthly report reveals over $199M lost in hacks & scams
Another CertiK shitshow - leaking findings on-chain
Censorship-resistance mechanisms
Hacks and Scams 🚨
TRUMP (MAGA)
Loss ~ $957k
The Fake TRUMP (MAGA) token on BNB Chain is suspected of a rug pull, causing the token price to drop by 100%.
A significant transaction indicates the rugpull
The attacker swapped a massive amount of MAGA tokens for BNB using PancakeSwap's universal router contract.
2,000,000,099,088,365.150 MAGA tokens from the address to PancakeSwap V2: BSC-USD-MAGA 5 were swapped.
Subsequently, those tokens were converted into 958,541.987972610935114764 BNB, valued at approximately $959,500.53
The rugpull resulted in the transfer of nearly $959,500.53 worth of BNB to the attacker's wallet.
MintRisesPrices
Loss - $59k
MintRisesPrices on BNBChain recently fell victim to a reentrancy attack, leading to a significant financial loss of approximately $59,000.
This attack is a common vulnerability in smart contracts, where the attacker exploits the contract's inability to manage multiple simultaneous interactions correctly.
The attacker repeatedly called the vulnerable contract, managing to drain funds before the contract could update its balance.
This exploit allowed the attacker to withdraw more funds than they initially deposited.
The MintRisesPrices team is likely investigating the attack and working on measures to prevent similar incidents in the future.