GM! BUIDLers

In this latest issue of HashingBits, we’re diving deep into Ethereum’s Core Developers meetings, covering all the major updates in the Ethereum ecosystem. But that’s not all—we’ll explore the latest happenings in the Aptos, Base. Arbitrum ecosystems, along with advancements in the AI & Web3 space. For developers, we’re highlighting new tools designed to assist smart contract developers and auditors. Also we are taking a look at the recent $501k+ exploit of Clober DEX due to reentrancy attack.

EtherScope: Core Developments 👨‍💻

• ​Consensus layer focused protocol call (ACDC #147)
• ​Mekong testnet: stable, gas limit increased to 36M
• ​EOF implementers call #63: Solidity working on EOF as experimental feature and discussed metadata section
• ​Client testing call #16: Mekong testnet 98% participation, minor changes in pectra-devnet-5 spec and consensus layer client teams discussed gossip limit

L1 & L2 Developments

• ​Moonwell launches the Moonwell Card, enabling users to spend crypto globally at 44+ million merchants with support for Apple Pay and Google Pay
• ​Nexus has launched its testnet, inviting users to contribute computing power to its distributed supercomputer network, aiming to build a verifiable internet.
• ​Kernel DAO has launched its Mainnet on BNB Chain, offering restaking options for BNB, LSTs, and BTC derivatives, along with Kernel Points (KP) for additional rewards.
• ​Astorl has launched its Mainnet, introducing capital efficiency on the Eclipse platform. Users can now earn, lend, borrow, and optimize their returns.
• ​Balancer v3 launches including improved Developer Experience (10x Custom Pool DX), 100% Boosted Pools for optimized yields, and Hooks enabling customizable AMM strategies.
• ​Pendle launches PendleSwap, enabling multi-coin swaps with the best rates and no extra fees, enhancing DeFi accessibility.
• ​Kamino launches open access to Swap.Kamino.Finance, offering zero slippage, zero fees, and zero MEV for seamless DeFi trading on Solana.
• ​Hyperlane introduces Eco Routes, enabling seamless stablecoin liquidity across any chain with easy integration for enhanced cross-chain connectivity.
• ​Caldera launches Conwai, an Ethereum AI focused rollup live on mainnet, designed to support data processing, model training, and autonomous agents.
• ​Odos DAO officially launches alongside its Tokenized Loyalty Program, starting December 20, 2024.
• ​PancakeSwap launches PancakeSwapX on Ethereum and Arbitrum, offering zero trading and gas fees at launch for seamless swapping.
• ​Clearpool launches Ozean’s Poseidon Testnet, advancing toward on-chain native yield through its RWA-focused blockchain.
• ​Celestia launches Ginger (v3) on Mainnet Beta, featuring 2x data throughput, 6-second single-slot finality, and 1.33MB/s data capacity.
• ​Prysm cannot set gas limit through validator client currently
• ​FOCIL breakout #1: consensus layer spec relatively stable, aim for devnet at end of January
• ​L1 R&D workshops: notes from pre-Devcon workshops

EIPs

• ​EIP7839: Unified network configuration (EL to fetch config from CL at startup)
• ​EIP7840: Add blob schedule to EL config files

ERCs

• ​ERC7837: Diffusive tokens
• ​ERC7838: Instruction specific address
• ​ERC7841: Cross-chain message format and mailbox

EcoExpansions: Beyond Ethereum 🚀

Aptos

• Binance now supports native USDT on Aptos​
• Take a look at OurNetwork’s Aptos mega issue​
• ​Developer report of Aptos 2024

Base

• UniversalX is now on Base​
• Metalend now live on Base​
• ​A total of 1M ETH bridged to Base
• ​First native BTC <> Base bridge is here
• ​Safe Native swaps are now live on Base
• ​Cow swap launching on Base​

Arbitrum

• ​Royco mainnet beta is live on Arbitrum
• Ostium launched Referral Scores​
• ​Corn maizenet is live on arbitrum
• Eternal AI collaborated with Arbitrum to bring decentralized AI agents to Arbitrum chain​

Hackathons, Workshops, CTFs & Events

• Dec 9 – EF internships 2025 application deadline
• Jan 30-31 – EthereumZuri.ch conference
• Feb 23 - Mar 2 – ETHDenver​
• Apr 4-6 – ETHGlobal Taipei hackathon
• May 9-11 – ETHDam (Amsterdam) conference & hackathon
• May 27-29 – ETHPrague conference
• May 30 - Jun 1 – ETHGlobal Prague hackathon

Updates on Development Kits & Tools

• ​Safe multisig transaction hashes (Bash script): adds support for offchain message hashes
• Ape v0.8.22 (Python contract framework): 2x faster checksumming, updated isolation and adds support for web3.py v7 & python v3.13
• Heimdall-rs v0.8.5: adds LLM postprocessing to decompiler
• Besu v24.12.0: breaking changes including metric name updates
• Erigon v3.0.0-alpha6: default mode changed from archive to full node, adds minimal prune mode for low disk space users and performance improvements
• Nethermind v1.30.0: default gas limit increased to 36M and adds Taiko & Linea L2 support; v1.30.1: startup fix
• Reth v1.1.3: breaking API changes, adds NodePrimitives (primitive trait abstraction) to several components; v1.1.4: op-reth fix
• Nimbus v24.12.0: adds reading bootstrap nodes yaml
• Teku v24.12.0: block publishing performance improved

Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖

Twitter

• ​Primer on ETH gas limit raise​
• ​Proposal to deposit Polygon POS stables to Morpho​
• ​AI Agent takeaways​
• ​2025 to be the year of DePin chain wars​
• ​Shared Private State: The HTTPS Moment for Blockchain Technology (Part 1)​

Articles

• ​6th Annual Crypto Developer Report​
• ​The Cypherpunk Endgame & Real World Ethereum​
• ​Hyperbolic: Cultivating the Open and Accessible AI Ecosystem​
• ​Cosmos is expanding: Skip joins the Interchain Foundation​
• ​20 Common Solidity Beginner Mistakes​
• Are Telegram Mini Apps Really Secure?​
• Navigating the Unique Risks & Solutions for Rollups & Sidechains​
• What Is A Blockchain Unconfirmed Transaction?​

Research Papers

• ​BA-ORABE: Blockchain-Based Auditable Registered Attribute-Based Encryption With Reliable Outsourced Decryption
• ​Reward-based Blockchain Infrastructure for 3D IC Supply Chain Provenance
• ​Execution Tickets evaluated using agent-based simulation: validator decentralization & MEV capture is promising but questions remain for builder centralization, off-chain agreements & multi-block MEV
• ​EF academic grants round: summary of 39 completed & in progress results from 2022 grants

Watch🎥

​

​

​

Web3 Security

Articles

• Breaking Down CloberDEX’s Costly $501K Exploit​
• Decoding Vestra DAO’s $500K Exploit​
• Breaking Down the Thala DeFi Hack & Move’s Decompilation Risks​
• 1inch resolver contract exploit via private key compromise
• Radiant Capital October $50M exploit update, developer shared zipped PDF containing macOS malware received from impersonator of former contractor

Research Papers

• ​Pioplat: A Scalable, Low-Cost Framework for Latency Reduction in Ethereum Blockchain
• ​BrokerChain: A Blockchain Sharding Protocol by Exploiting Broker Accounts
• ​Incentivized Symbiosis: A Paradigm for Human-Agent Coevolution

Twitter

• ​Security & Privacy threats in interoperability
• CloberDEX’s 501K exploit: Detailed analysis​

Clober DEX

On 10th Dec, Clober DEX Liquidity Vault on the Base network was exploited. The attacker used a reentrancy vulnerability in the _burn function of the Rebalancer contract, stealing 133.7 ETH (~$501K).

The exploit targeted the _burn() function's failure to follow the checks-effects-interactions (CEI) pattern—a key security principle in smart contract design.

Exploit Details:

Vulnerable Contact: basescan.org/address/0x6a0b…​

Attacker’s Address:

​basescan.org/address/0x012f…​

Attack Transaction:https://basescan.org/tx/0x8fcdfcded45100437ff94801090355f2f689941dca75de9a702e01670f361c04​

To know about this exploit in detail, read the post mortem.

Community Spotlight

Pivot @0xPivot_ 🥂 6th Dec - Pivot Clubhouse 🥂 🎉 We booked the most happening location in Bengaluru - @HardRock Cafe - for the most rocking party on the weekend. 🚀 With over 150 guests comprising Founders, VCs & KOLs - it was an evening to remember. More on this soon. 🎉 🔥 A big shoutout… https://x.com/i/web/status/1867236797903696116 Pivot @0xPivot_ ⚡️The Extra Mile ⚡️ 😰 Hackathons lead to sleepless nights, and that can get stressful & uncomfortable for the teams participating. 💪 We hence went the extra mile to take care of the well-being of the hackers. ✳️ Our Initiatives 🩺 We posted a nurse team on site from the… https://x.com/i/web/status/1867236792270733656 9:25 PM • Dec 12, 2024 2 Retweets 8 Likes Read 1 replies

​

QuillAudits | Web3 Security 🛡️ @quillaudits_ai IBW was straight 🔥 So was the Founders x VCs Lounge. Along with @SharpEconomy & @Kreatorverse_, we brought together Web3’s sharpest minds for a night of real convos & big ideas. Kudos to them & our partners @routerprotocol & @pivot for putting this together. Dropping a… https://x.com/i/web/status/1866717015387361299 10:59 AM • Dec 11, 2024 5 Retweets 15 Likes

​

​

QuillAI Network is Pushing Boundaries

The QuillAI Network is the AI layer for web3 security. In their mission to create a safer web3, QuillAI features an OML-aligned framework incentivising developers and users to build self-sovereign AI agents for dedicated tasks through the fine-tuning of its D-LLM. With agents for solidity (QuillShield) and due diligence (QuillCheck) helping safeguard contracts, transactions, and wallets, QuillAI is empowering web3 users and builders to charge of their security needs.

Stay ahead of security risks and safeguard your assets with comprehensive, real-time risk assessments now across five major blockchains.

Copyright (C) 2024 QuillAudits. All rights reserved.​
You are receiving our newsletter because you opted-in for it at one of our websites.
​
Our mailing address is:
QuillAudits Office 104/105 Level 1, Emaar Square, Building 4 Sheikh Mohammed Bin Rashid Boulevard Downtown Dubai, United Arab Emirates

​Unsubscribe · Preferences​