HashingBits

Straight from the QuillAudits war room, HashingBits brings you weekly Web3 security alpha—hacks, insights & updates for the sharpest minds in the game!

Dec 02 • 7 min read

HashingBits - Week 95: Pendle On Base, Native Aptos USDT now Live, Token Mill Now On Avalanche & XT Exchange’s $1M Exploit


GM! BUIDLers

In this latest issue of HashingBits, we’re diving deep into Ethereum’s Core Developers meetings, covering all the major updates in the Ethereum ecosystem. But that’s not all—we’ll explore the latest happenings in the Aptos, Sui & Base ecosystems, along with advancements in the AI & Web3 space. For developers, we’re highlighting new tools designed to assist smart contract developers and auditors.

EtherScope: Core Developments 👨‍💻

L1 & L2 Developments

  • Phantom integrates OKX DEX into its swapper alongside Jupiter Exchange, providing access to deeper liquidity, more tokens, and optimized trading routes by comparing rates across both platforms.
  • Ungate launches Alpha AVS on EigenLayer mainnet, enabling decentralized AI agent networks for global coordination.
  • 1inch enables seamless cross-chain token swaps with no bridges or extra steps.
  • Ondo Finance announces $USDY custody support on Sui via the Bybit Web3 wallet.
  • Starknet launches STRK staking phase 1 on Mainnet. Validators can stake 20,000+ STRK by running a full node, while delegators can stake via professional validators like Luganodes, Voyager, and more.
  • Ondo Finance unveils an institutional-grade bridge for tokenized real-world assets (RWAs) using LayerZero’s security model.
  • Morpho Labs’s Association proposes to raise $MORPHO reward limits on Base by 100%.
  • Pendle Finance has announced that Ethena’s Principal Tokens (PT) are now available on Aave.
  • Sky launches USDS rewards on Raydium for early Solana users, with incentives available for USDS-USDC and USDS-jitoSOL pools and Kamino vaults.
  • MetaMask users in the U.S. can now purchase cryptocurrencies using Venmo through MoonPay’s integration.
  • Avail integrates with Wormhole’s NTT framework, bringing AVAIL and stAVAIL to Base while preserving native functionality and preventing liquidity fragmentation.
  • Token Mill launches on Avalanche, introducing a bonding curve AMM for token creation without traditional liquidity pools.
  • Liquity has launched its V2 Testnet on the Sepolia network, inviting users to explore the new features and functionalities.
  • Mitosis launches Game of MITO, rewarding $MITO (70%) and testnet assets (30%) for XP-based performance.
  • Sonic Labs partners with Rabby, becoming the first integration in its Ecosystem tab.
  • Covalent’s CXT staking is now live on OKX, with the exchange operating as a Block Specimen Producer to support Ethereum’s data preservation.

EIPs

  • EIP7825: Transaction gas limit cap

ERCs

  • ERC7826: Quantum supremacy bounty
  • ERC7827: JSON contract with value version control
  • ERC7828: Chain-specific addresses using ENS
  • ERC7829: Data asset NFT

EcoExpansions: Beyond Ethereum 🚀

Aptos

Base

Sui

Hackathons, Workshops, CTFs & Events

Updates on Development Kits & Tools

  • Echidna trace parser: convert Echidna call traces into Foundry tests
  • Uniswap Compact (Solidity): ownerless ERC6909 contract, facilitates formation/dissolution of reusable resource locks
  • MicroStable: simple stablecoin design in Solidity & Vyper
  • Cyfrin Upgrade beginner & intermediate Python & Vyper courses
  • Drift: write cached contract calls for web3 libraries (viem, web3.js & ethers)
  • Lodestar v1.23.1: fixes for issues in recent devnets
  • In-protocol transaction ordering, extension to Fork-Choice enforced Inclusion Lists (FOCIL)
  • QUIC support: ~42% of nodes, majority running Lighthouse & mostly over IPv4
  • BuilderNet: block building network running on TEEs, shares MEV with users, early version live operated by Flashbots, Beaverbuild & Nethermind
  • Terence: same slot vs next slot for inclusion list design, spec & prototype will use same slot

Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖

Twitter

Articles

Research Papers

Watch🎥

video preview

video preview

Web3 Security

Articles

Research Papers

Twitter

JRNY

Loss: $4M

  • On-chain investigator ZachXBT stated on his personal Telegram channel that the wallet associated with crypto KOL JRNY appears to have been compromised, with approximately $4 million worth of crypto assets transferred and sold.
  • This suggests that the wallet’s private key may have been leaked.
  • Stolen addresses:

0xc467150582cfc8eec4132a483c76101d3636f598

0x6fd6c8fd64c7efdb8eec902161d3bbc035430456

0xa2dd5e2ab84240cbecc7beaca9946afef97ae74a

XT Exchange

Loss: $1M

  • @XTexchange exploited with a abnormal transfers of worth 1 Million USDT across 12 different currencies.
  • Unauthorised access was gained, which leads to transfer of funds to external wallets across ETH, OP & BNB chains
  • A significant portion of stolen assets already swapped and bridged to the ETH chain. 0xdb3ded7731c781224ec292e2163d9554c094fd7c
  • XT Exchange acknowledged the exploit https://x.com/XTexchange/status/1862072439154569282

For more details, read the detailed hack analysis.

Community Spotlight

twitter profile avatar
QuillAudits | Web3 Security 🛡️
Twitter Logo
@quillaudits_ai
2:22 PM • Nov 28, 2024
5
Retweets
14
Likes

QuillAI Network is Pushing Boundaries

The QuillAI Network is the AI layer for web3 security. In their mission to create a safer web3, QuillAI features an OML-aligned framework incentivising developers and users to build self-sovereign AI agents for dedicated tasks through the fine-tuning of its D-LLM. With agents for solidity (QuillShield) and due diligence (QuillCheck) helping safeguard contracts, transactions, and wallets, QuillAI is empowering web3 users and builders to charge of their security needs.

Stay ahead of security risks and safeguard your assets with comprehensive, real-time risk assessments now across five major blockchains.

Copyright (C) 2024 QuillAudits. All rights reserved.
You are receiving our newsletter because you opted-in for it at one of our websites.

Our mailing address is:
QuillAudits Office 104/105 Level 1, Emaar Square, Building 4 Sheikh Mohammed Bin Rashid Boulevard Downtown Dubai, United Arab Emirates

Unsubscribe · Preferences


Straight from the QuillAudits war room, HashingBits brings you weekly Web3 security alpha—hacks, insights & updates for the sharpest minds in the game!


Read next ...