GM! BUIDLers

In this latest issue of HashingBits, we’re diving deep into Ethereum’s Core Developers meetings, covering all the major updates in the Ethereum ecosystem. But that’s not all—we’ll explore the latest happenings in the Aptos, Base. Sonic ecosystems, along with advancements in the AI & Web3 space. For developers, we’re highlighting new tools designed to assist smart contract developers and auditors. Also we are taking a look at the recent $501k+ exploit of Clober DEX due to reentrancy attack.

EtherScope: Core Developments 👨‍💻

• ​Execution layer focused protocol call (ACDE #202)
• ​Mekong testnet live for testing (pectra-devnet-4 spec)
• ​Client testing call #17: tested increasing gas limit to 40M & didn’t hit 10MiB gossip limit
• Check out the consensus layer specs v1.5.0-alpha.10​

L1 & L2 Developments

• ​Levva’s $LVVA Token Generation Event is live through Fjord Foundry.
• ​Wormhole is now live on Berachain’s testnet.
• ​Ethena Labs’ USDe and sUSDe are now live on Swell.
• ​Dinero introduces iETH, a native ETH liquid staking token (LST) for Ink, powered by LayerZero. iETH is now live for staking.
• ​Covalent is now live on Ink mainnet.
• ​Pencils Protocol launches Pencils DEX, a decentralized exchange designed to maximize liquidity.
• ​Hyperlane is now live on Swellchain, enabling asset bridging for protocols like Renzo Protocol’s ezETH and pzETH.
• sBTC is live on Stacks Mainnet, enabling Bitcoin DeFi with 1:1 BTC backing, institutional signer networks, and Bitcoin finality.
• ​Tren Finance’s Liquidity Generation Event (LGE) launches on December 17th to support its Arbitrum mainnet.
• ​Sonic Labs has launched its mainnet explorer, powered by Etherscan, allowing users to explore blocks ahead of the public launch.
• ​Jumper has launched Jumper Wrapped, showcasing your year on-chain, including top swaps, explored chains.
• ​Pendle has launched new Aave pools for aUSDC and aUSDT (expiring June 26, 2025) on Arbitrum and other networks.
• Data Always: role of MEV-Boost relays in reorgs​
• EIP7732 ePBS breakout #14: rebasing to Pectra, targeting interop for end of January
• ​Sophon Mainnet is live, introducing the first Validium on zkSync, powered by Avail Project.
• ​Ink is now live on mainnet, launching ahead of schedule as part of the Optimism Superchain.
• ​Jupiter launches JupiterZ, featuring a unique RFQ model for Solana that enables gasless swaps and 0% slippage with a simple toggle.
• ​Resupply introduces a new decentralized stablecoin protocol, developed by Convex Finance and Yearn Finance.
• ​Scroll integrates Yellow, a decentralized Layer-3 peer-to-peer mesh network, enabling seamless swaps, cross-chain liquidity, and an intuitive trading experience.
• ​Drift launches Drift Vaults on Solana, offering 20+ high-yield trading strategies with one-click access.
• ​Resolv Labs’ USR-USDC pool is now live on AerodromeFi, offering low slippage and strong liquidity for traders on Base.
• ​Pendle and Fluid introduce Fluid USDC and Fluid USDT (June 26, 2025), enabling yield speculation with Pendle’s PT and YT.
• ​Gas limit signaling dashboard, 20% of validators signalling to increase
• ​Coinbase validators signaling for an increase to 36M
• Terence: inclusion list committee selection approaches compared

EIPs

• ​EIP7843: SLOT precompile

ERCs

• ​ERC7842: State channel data types & interfaces
• ​ERC7844: Consolidated dynamic storage
• ​ERC7845: Minimal orchestrator RPC
• ​ERC7846: Wallet connection API
• ​ERC7847: Social media NFTs

EcoExpansions: Beyond Ethereum 🚀

Aptos

• The USDT supply is up from ~$20m to ~$100m since the start of the month.
• ​The Aptos x OKX Ventures Accelerator, led by Ankaa, is starting 2025 strong in NYC 🗽
• ​Weekly highlights at Aptos
• ​Aptos Labs co-founder Mo Shaikh steps down as CEO​

Base

• ​Wallet spend permissions are now live on Base
• ​Core protocol team scaling base with reth
• ​Primex is now live on Base
• ​This week at Base

Sonic

• ​Sonic mainnet is now live
• ​Uniswap governance proposal for Sonic
• You can now track sonic on gecko terminal​
• ​Openocean launches on Sonic

Hackathons, Workshops, CTFs & Events

• Dec 9 – EF internships 2025 application deadline
• Jan 30-31 – EthereumZuri.ch conference
• Feb 23 - Mar 2 – ETHDenver​
• Apr 4-6 – ETHGlobal Taipei hackathon
• May 9-11 – ETHDam (Amsterdam) conference & hackathon
• May 27-29 – ETHPrague conference
• May 30 - Jun 1 – ETHGlobal Prague hackathon

Updates on Development Kits & Tools

• Besu v24.12.2: hotfix for users of account state overrides in eth_call
• Erigon v3.0.0-alpha7: faster eth_getTransactionReceipt and return PrunedError when reading unavailable historical data
• Lighthouse v6.0.1: patch for minor issues in v6
• Lodestar v1.24.0: adds engine_getBlobsV1 support to get blobs from execution layer and adds experimental keymanager endpoint
• Prysm v5.2.0: QUIC enabled by default, adds engine_getBlobsV1 support and fix for using MEV-Boost with a gas limit increase
• Teku v24.12.1: bug fixes
• Forge-std v1.9.5: adds get broadcast cheat codes, mock call overloads and count for expect emit/revert

Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖

Twitter

• ​Open-source, ownable text-to-video model launching on Base: Kumo​
• ​Privy introduces server wallets​
• ​Stealth DCA is live​
• ​A TLDR Of The Ethereum L1 Scaling Roadmap​
• ​Top 8 Most Interesting Agents & Agent Developments This Week​
• ​Onchain lending on Base continues to grow​

Articles

• ​Don’t be afraid of quantum computers​
• ​AI-Powered Base Whitepaper​
• ​Stablecoins will see explosive growth in 2025 as world embraces asset class​
• ​Build your own crypto AI agent - the ultimate beginner-friendly guide​
• ​Coinbase 2025 Crypto Market Outlook​

​

Research Papers

• ​Upgrade tasks for quantum resistance: bip32, transaction signing, sender address recovery, precompiles & node discovery
• ​Upgrading to a post-quantum signature scheme such as Falcon via account abstraction, network upgrade or a hybrid
• ​Attester-includer separation: includers (inclusion list creators) rewarded with inclusion fees and have minimal hardware/capital requirements

​

​

Web3 Security

Articles

• ​Crypto-stealing malware posing as a meeting app targets Web3 pros.
• ​Morocco Cracks Down on Crypto Crime: 5 Arrested in Phishing Scam​
• GemPad (launch pad) ~$2M exploit on mainnet, Base & BSC via reentrancy
• Security Alliance (SEAL): LastPass users who stored private keys or seed phrases prior to 2023, funds might be at risk
• How Self-Transfers Turned Into a Labubu Token Exploit ?

Research Papers

• ​6GENABLERS-DLT: DLT-based Marketplace for Decentralized Trading of 6G Telco resources
• ​Enhancing Ethereum Fraud Detection via Generative and Contrastive Self-supervision
• ​AIArena: A Blockchain-Based Decentralized AI Training Platform

Twitter

• ​LABUBU token exploit: Detailed analysis

Hacks and Scams 🚨

LABUBU Token

• The LABUBU token on Binance Smart Chain got exploited of $18k due to flawed transfer logic.
• An attacker used a flash loan to exploit a loophole allowing self-transfers, increased their balance for free, and laundered the stolen funds via token swaps.
• The root cause: Missing a critical check in the transfer function.
• Attacker’s address: 0x27441c62dbe261FDF5e1feec7eD19cF6820D583b​
• Attacker’s contract addresses: 0x2Ff0Cc, 0x5CB78b​
• Vulnerable contract: 0x2fF960F1D9AF1A6368c2866f79080C1E0B253997​
• Attack transaction: 0xb06df37​

To know more about the exploit in details, check the post-mortem report.

Community Spotlight

QuillAudits | Web3 Security 🛡️ @quillaudits_ai The shield is up for @PlutoLeverage 🛡️ Another secure landing for a DeFi protocol that's pushing Solana's yield optimization boundaries. 😉 Our team just wrapped up a comprehensive security audit of their smart contracts. 14 potential issues were identified & resolved. 0… https://x.com/i/web/status/1868959327605670340 3:30 PM • Dec 17, 2024 3 Retweets 13 Likes Read 1 replies

​

QuillAudits | Web3 Security 🛡️ @quillaudits_ai Before you ape into $PENGU, make sure you pick the original one! 🐧 Don't get rugged. DYOR 🥷 6:52 PM • Dec 18, 2024 3 Retweets 15 Likes Read 1 replies

​

QuillAI Network is Pushing Boundaries

The QuillAI Network is the AI layer for web3 security. In their mission to create a safer web3, QuillAI features an OML-aligned framework incentivising developers and users to build self-sovereign AI agents for dedicated tasks through the fine-tuning of its D-LLM. With agents for solidity (QuillShield) and due diligence (QuillCheck) helping safeguard contracts, transactions, and wallets, QuillAI is empowering web3 users and builders to charge of their security needs.

Stay ahead of security risks and safeguard your assets with comprehensive, real-time risk assessments now across five major blockchains.

Copyright (C) 2024 QuillAudits. All rights reserved.​
You are receiving our newsletter because you opted-in for it at one of our websites.
​
Our mailing address is:
QuillAudits Office 104/105 Level 1, Emaar Square, Building 4 Sheikh Mohammed Bin Rashid Boulevard Downtown Dubai, United Arab Emirates

​Unsubscribe · Preferences​