GM! Buidlers

Welcome to the latest edition of HashingBits! This edition is packed with exciting developments in Ethereum, particularly in Layer 2 scalability solutions and other ecosystems like Solana, EigenLayer, Polygon, NEAR, and Tezos. Dive into the latest Developer Updates, including Polkadot's Ink v5 release, Cyfrin Updraft for web3 DevOps and solidity updates. Stay updated on recent blockchain hacks, including $62.5 million lost by Munchables and $16 million by CURIO due to Smart Contract vulnerabilities.

EtherScope: Core Developments 👨‍💻

  • Checkout how BlackRock plans to start a new RWA tokenisation fund on Ethereum

  • Mainnet successfully upgraded to Dencun

    • Consensus-specs v1.4.0 for Dencun mainnet release

  • Layer 2

  • L2 fees drop to cents & below: L2 Fees, Gas Fees & grow the pie

    • Optimism fault proofs are now live on OP Sepolia testnet

    • Arbitrum upstages Ethereum as Daily transactions are through the roof amidst L2 Networks’ surge

  • EIPs:

    • EIP7657: Sync committee slashings

    • EIP7658: Light client data backfill

    • EIP7659: Stepwise blob throughput increase

  • ERCs (application layer):

    • ERC7656: Generalized token-linked contracts

EcoExpansions: Beyond Ethereum 🚀

  • Solana

    • Solana’s first liquidity bootstrapping platform 1intro launched

    • Solana developers can natively swap USDC tokens from Ethereum and other ecosystems

    • The next-gen standard for NFTs, Core is now presented by Metaplex

  • Polygon

    • The first rollup improvement proposal with the Napoli Upgrade

    • Polygon AggLayer to facilitate Astar’s zkEVM Mainnet launch with Ethereum interoperability

  • NEAR

    • Chain signatures to facilitate cross-blockchain transactions from your NEAR account, now secured by Eigenlayer and NEAR stakers

  • Tezos

    • Oxford 2 now activated by Tezos to enhance flexibility and security for Blockchain

    • Created by artists Agoria, the collection comprises five unique NFTs minted on the Tezos blockchain.

  • Eigen Layer

    • EigenLayer has reached $11.2B in total value locked (TVL). The Ethereum restaking protocol jumped Aave to become the 2nd largest protocol by TVL.

    • Introducing Edgeless Network: A Fee-Free Ecosystem on Arbitrum Nitro Chain with EigenLayer's DA Solution

DevToolkit: Essentials & Innovations 🛠️

  • web3py middleware (v7 beta): class-based middleware replaces functional programming paradigm

  • Buidl on Aptos and Sui with the move book

  • Here is how to make your own ERC-404 Token!

  • Polkadot’s strengthened security with upgradeable contracts, implementing fallible methods.

  • Solidity v0.8.25: Cancun default EVM version, MCOPY used in code generator and TSTORE usage warnings reduced to once per compilation

  • Ethernaut-cli (toolbox): built on Hardhat tasks, AI requires OpenAI API key; beta

  • Cyfrin Updraft adds web3 DevOps & Assembly & Formal Verification courses

Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖

  • Articles

    • How EigenLayer’s Restaking Enhances Security and Rewards in DeFi

    • EIP-4844 Explained: The Key to Ethereum’s Scalability with Protodanksharding

    • Tokenomics: A Method for Assessing Tokens

    • BitVM 2: Permissionless Verification on Bitcoin

  • Tweets

    • Master ECDSA: Elliptic Curve Digital Signature Algorithm.

    • EigenLayer: On Liquid Restaking: Risks & Considerations

    • Proof of concept for verifying a plonky3 proof in plonky2

    • EIP-3074 Explained

  • Research Papers

    • Privacy-Preserving Energy Trading Using Blockchain and Zero Knowledge Proof

    • An Account Selection Model for Identifying Valuable zkSync Users

  • Watch🎥

Web3 Security Watch 🛡️

  • Articles

    • These PyPI Python Packages Can Drain Your Crypto Wallets.

    • A Practical Guide On Honeypot Attacks in Smart Contracts

    • Attackers abuse cloud accounts to spawn thousands of crypto CDN nodes.

    • Sepolia Incident

  • GitHub Repos

    • Smart Contract Auditing Roadmap

    • OpenZeppelin Ethernaut CTF 2024 challenges & solutions

  • Research

    • How to securely transfer unclaimed tokens from a compromised wallet by Phoebe.

    • Cryptocurrency Privacy Technologies: Bulletproof Range Proofs by patrickd.

    • Censorship, Latency, and Preconfirmations in the Blob Market by Primev.

  • Tools

    • deExplorer - A tool designed to monitor cryptocurrency movement across multiple blockchains, providing insights into investor behavior. It allows observation of the blockchains where investors deposit and withdraw funds, offering valuable data on cross-chain transaction patterns.

    • Aderyn - Aderyn is a Rust-based static analyzer specifically designed for Web3 smart contract security and development. It takes a bird's eye view over your smart contracts, traversing the Abstract Syntax Trees (AST) to pinpoint suspected vulnerabilities. Developed by Cyfrin.

Hacks and Scams 🚨

Visit Quill Monitor

1. Munchables

Loss ~ $62.5M

  • Blockchain data shows that Munchables, a Web3 project on the Blast blockchain, was drained of an estimated $62.5 million worth of ether early Wednesday after a contract was maliciously manipulated.

  • Munchables said on X that the developer had shared all private keys to recover the funds.

  • The attacker apparently transferred the stored users’ funds to themselves before upgrading the platform’s smart contracts. Blockchain sleuth ZachXBT said the attacker was likely North Korean, based on their GitHub commit activity. They are listed on GitHub as “Werewolves0493” and allegedly worked for the Munchables team.

2. CURIO

Loss ~ $16M

  • Real-world asset (RWA) liquidity firm Curio suffered a smart contract exploit involving a critical vulnerability related to voting power privileges, allowing the attacker to steal $16 million in digital assets.

  • On 25th March 2024, Curio reported an exploit due to a flaw in their system's access control, allowing the unauthorized minting of 1 billion Curio Governance Tokens (CGT). They aim to compensate affected parties through the introduction of CGT 2.0.

  • The company informed its community about the breach, attributing it to a vulnerability in a MakerDAO-based smart contract's permission logic, which enabled the attacker to mint 1 billion CGT.

Community Spotlight

  • Decentralized Derby, started by QuillAudits, is a hub for showcasing new Web3 ideas and connecting entrepreneurs with top investors and the wider community. It's designed for creators ready to pitch, investors looking for the next big thing, and anyone keen on the latest in blockchain.

If you've got an idea or project that could shape the future of technology, we'd love to hear from you. Sign up to pitch your project here.

Check Out Our Past Derby Pitchers' Insights!