GM! Buidlers

In this latest HashingBits issue, we're diving deep into Ethereum's All Core Developers Consensus Call #135, covering all the major updates in the Ethereum ecosystem. But that's not all, we will dive into what's happening in zkSync, Polygon, and Solana ecosystems, along with recent advancements in the AI & Web3 space. For developers, we're highlighting new updates in tools designed to assist Smart contract developers and auditors. And of course, we're also digging into the headlines about UwU Lend's whopping $23.1M exploit and Loopring's recent $5M loss due to vulnerabilities in Guardian 2FA.

EtherScope: Core Developments 👨‍💻

  • Summary of All core devs - consensus Call(ACDC)#135

  • Naming F-starname Upgrade: Discussions for Post-Electra upgrade.

  • Updates on PeerDAS breakout #1

  • Lido Finance introduces Restaking for $stETH.

  • MetaMask launches pooled staking for Ethereum, excluding US and UK users.

  • Twiga for the coming Electra upgrade is here!

  • Devcon tickets & tracks: Ticketing types, timelines & tracks are live!

  • Uniswap Labs acquired Crypto: The Game (onchain Survivor)

  • SEC Chair Gensler expects spot ETH ETFs S-1s to be approved over US summer.

  • Over 27% of the ETH supply is now staked, up from 24% in January.

  • **Ethereum Transactions Over Radio? How does that work?**

  • Layer1 & Layer2

    • Stable Coin $wcgUSD is now live on Linea!

    • Update on the TVL of Layer 2 Ethereum Scaling Solutions.

    • Huge Liquidation causes 25% drop in CRV

    • Blobs, Reorgs, and MEV-Boost: Analyzing Ethereum's Latency and Security Dynamics

    • Vitalik proposes a New Approach to Layer 1 Transactions.

    • Preconfirmation designs compatibility with proposed ePBS

    • Proposal to use torrents for distributing pre-merge data (EIP4444 history expiry)

    • OP Stack Permissionless Fault Proofs live on OP mainnet, now a stage 1 L2 (limited training wheels)!

    • A look into the RIP 7212 Deployment status on Layer 2 chains

    • Based preconfs are now live on devnet!

  • ERCs

    • **ERC-7720:** Deferred Token Transfer

    • ERC838 (resurrected): ABI specification for REVERT reason string

    • ERC7721: Lockable extension for ERC1155

    • ERC7722: Opaque token

  • EIPs

    • Meta EIP7723: Network upgrade inclusion stages

  • RIPs

    • RIP7724 (clone of EIP7667 for zk rollups): Raise gas costs of hash functions

EcoExpansions: Beyond Ethereum 🚀

  • zkSync

    • zkSync introduced the $ZK token. Check your airdrop eligibility.

    • ZK Nation was introduced.

    • zkSync’s mainnet deployment of v24 is now complete!

    • Deep Dive Analysis: Allocation of ZK Tokens to 13,000 Wallets with 0 tx in zkSync.

    • A look into ZK Tokenomics

    • Matter Labs (zkSync) is dropping all trademark applications for the ZK term!

    • zkSync is now live on Uniswap!

  • Polygon

    • Polygon Creates New Grants Program**, 1B POL Unlocked Over 10 Years** for Buidlers!

    • Agglayer-rs repository is now open-sourced.

    • Toposware, along with Polygon, is building a type 1 zkEVM prover.

    • Introducing - Polygon Governance Hub!

    • Have a look into Polygon’s DeFi Roundup!

  • Solana

    • Solana’s first Smart Wallet is here!

    • **Circle’s Programmable Wallets now supports** @solana!

    • Solana-Based Startup TipLink Launches Wallet Adapter.

    • **Phantom acquires Bitski to accelerate crypto adoption.**

    • Solana Pay is now on Shopify!

    • SolanaFM’s Explorer 2.0.0 is here.

    • Solana got an update: v1.18 is here!

    • Rise In and WBA Launch Developer Education Program to Train New Solana Developers

    • IslandDAO presents Koh Solana (Sep 25th - Oct 25th)

DevToolkit: Essentials & Innovations 🛠️

  • Etherscan now features a Card for Tokens to display security risks!

  • Remix v0.50.0 is here: Pin plugins and use ZK-ethers in JS/TS scripts!

  • RustRover is out now!

  • Quicknode launched a Builder’s guide.

  • Here are some Tips to rewrite EVM contracts to support Solana.

  • Lighthouse v5.2.0 is here: adds in-memory tree-states, optimized epoch & block processing and execution client version in graffiti.

  • Besu got an update: v24.6.0: Java v21 now minimum version and historic trie log data removed by default.

  • Foundry show-progress flag is here: live progress of fuzz & invariant tests

  • Take a look at the EF JavaScript team roadmap

  • PBS Snapshot is here : Create MEV data snapshots

  • Hello World EigenLayer AVS is now also available in Rust!

Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖

  • Twitter

    • Vitalik suggests which narratives to focus on

    • Ripple introduces the XRPL EVM Sidechain & Ripple USD (RLUSD)

    • Zapper announces Zapper Protocol : Powered by $ZAP

    • How has EIP-4844 impacted L2 costs?

    • Helius CEO talks about Hivemapper!

    • The ULTIMATE Solana Reading List!

    • A Deep Dive into DePIN

  • Articles

    • Quantifying code complexity: CK, Martin & Halstead metrics using Slither printers

    • Guide to create a simple Solidity linter using Slang (Nomic Foundation’s compiler APIs)

    • Crypto and AI: A $20 Trillion Megatrend?

    • ERC-7201 Storage Namespaces Explained

    • Ethena: Delving into the Mechanics and Risks of USDe

    • Blob Adoption and Utilization - Insights from the first 85 days

    • **Forced Transactions vs Based Sequencing:** Whats it all about?

    • How does Everclear : The First Clearing Layer work?

    • How Crypto is Shaping the Future of Online Shopping!

    • Open Access Supercomputing Foundation announces the tokenomics of AO, the decentralized supercomputer!

    • The Restaking Wars: Eigenlayer vs Symbiotic

  • Research Papers

    • **Should my Blockchain Learn to Drive? A Study of Hyperledger Fabric.**

    • Demystifying the Characteristics for Smart Contract Upgrades

    • Blockchain Integrated Federated Learning in Edge-Fog-Cloud Systems for IoT based Healthcare Applications: A Survey

    • **Optimizing Exit Queues for Proof-of-Stake Blockchains:** A Mechanism Design Approach

    • SAMM: Sharded Automated Market Makers

  • Watch🎥

Web3 Security Watch 🛡️

  • Articles

    • A Deep dive into Security Tips & Devices for Digital Nomads.

    • Identifying Red Flags in Smart Contracts: A Guide to Spot Security Risks in Solidity Smart Contracts

    • Nirvana Finance co-founder recounts the ‘worst day’ of his life.

    • A Guide on how to recover Funds with HackedWalletRecovery Tool

    • **Awesome On-Chain Investigations HandBook 2.0: A MUST Read!**

  • Research Papers

    • Benchmarking of Jailbreak Attacks on LLMs

    • Security of AI Agents

    • Scalable UTXO Smart Contracts via Fine-Grained Distributed State

  • Twitter

    • Root cause analysis of UwU Lend : A Deep Dive

    • Yolo Games exploited for $1.5M

    • Ronkathon - rust implementation of a collection of cryptographic primitives

Hacks and Scams 🚨

UwU Lend

Loss ~ $23.1M

  • UwU Lend, launched by Frog Nation's former CFO Sifu, was hacked for $23.1M via Price manipulation.

  • The first attack on June 10, 2024, resulted in a $19.4M loss; the second attack within two days caused a $3.7M loss.

  • The attacker used three transactions to convert stolen $WBTC and $DAI into $ETH, funded by Tornado Cash.

  • UwU Lend paused the protocol for investigation an hour after acknowledging the exploit.

  • Despite a recent security audit from Peckshield, the hack exposed a price discrepancy in UwU Lend's oracles.

  • The attacker used a flash loan to manipulate the price feed, exploiting the difference between sUSDe borrowing and liquidation rates.

  • Curve founder Michael Egorov lost over 23.5M CRV ($9.85M) deposited into UwU Lend.

  • The attacker deposited tokens into Curve’s Llama Lend and borrowed over 8M crvUSD ($8.11M).

  • LlamaLend's CRV market lenders hard-liquidated the hacker's position.

  • UwU Lend offered a $5M bounty to catch the exploiter.

Find more details about the exploit - here

Loopring

Loss ~$5M

  • Loopring, a ZK-rollup based protocol on Ethereum, revealed a hack compromising its two-factor authentication Guardian wallet recovery service on June 9, 2024

  • Approximately $5 million was drained from wallets protected by Loopring’s Guardian service.

  • The Guardian service allows users to name trusted wallets for security tasks, like locking or restoring a compromised wallet.

  • The hacker bypassed Loopring's Official Guardian service, initiating recoveries on wallets with a single guardian without user consent.

  • According to Loopring, wallets with multiple guardians or third-party guardians remained secure, as transactions require more than half of the guardians.

  • Loopring disclosed two wallet addresses involved in the breach, with one wallet draining about $5 million from affected accounts.

  • The protocol is collaborating with Mist security experts to understand the 2FA service compromise and has suspended Guardian-related operations temporarily.

  • Loopring stated that after suspending these operations, the breach was contained.

  • The protocol is working with law enforcement to track the hacker.

Community Spotlight

#NYCTechWeek is an absolute whirlwind of innovation!

#Solana #Ethereum #Polygon