GM! Buidlers

In this edition of Hashingbit, we explore key developments within the web3 ecosystem. Learn about Vitalik Buterin's preference for multisig security, which he argues is simpler and more reliable than Shamir's backup. We also cover Ethereum's recent overtaking of Solana in DEX trading volume, signalling a significant shift in decentralized trading dynamics. Updates from Starknet, Solana, Polygon, Polkadot, and Eigen Layer are highlighted, focusing on their latest technological advancements and strategic expansions. This issue also addresses recent security incidents, including a $1.68M compromise at Pike Finance and a $181K exploit at Yield Protocol. Additionally, we recap the QuillAudits event in Dubai. Stay informed with Hashingbits, your comprehensive source for blockchain technology updates and security news.

EtherScope: Core Developments 👨‍💻

  • Ethereum All Core Devs Call #186 Summary - Christine Kim

  • Ethereum Foundation Wants To Use AI to De-Risk ETH Ecosystem

  • Azuki NFTs on Ethereum doubled in value in a month, with daily sales of over $1.1M, lifting the market cap to $146.78M, driven by recent project efforts.

  • Ethereum’s Buterin advocates multisig says Shamir backup is ‘way easier to screw up’

  • Ethereum overtakes Solana by DEX trading volume

  • ether.fi Joins THENA to Accelerate Ethereum’s Decentralization

  • Building Ethereum MEV Bots for Profit and Innovation

  • Ethereum Staking Weekly Report

  • Franklin Templeton lists Ethereum ETF on DTCC

  • Ethereum transaction fees overtake Bitcoin as Runes speculation subsides

  • zkSharding for Ethereum

  • ERCs

    • ERC - 6229 - Tokenized Vaults with Lock-in Period

    • ERC-7700 - Cross-chain Storage Router Protocol

  • EIPs

    • EIP-7699 - Soul Resonance Token

    • EIP-7569 - Hardfork Meta - Dencun

EcoExpansions: Beyond Ethereum 🚀

  • Starknet

    • Blobstream Starknet Project Enables Celestia DA for Developer-Built Starknet Appchains

    • The Integrity verifier: A leap toward Starknet hyperscaling

  • Solana

    • Jito becomes the largest protocol on Solana with $1.4 billion in TVL

    • Supporting Validators: Updates to the Solana Foundation Delegation Program

    • Sanctum, an algorithmic liquid staking protocol on Solana, Launches iceSOL

  • Polygon

    • Polygon leads in EVM efficiency as DeFi users favour low transaction costs

    • Polygon PoS Validator Spotlight: Meria

  • Polkadot

    • Polkadot parachain Peaq receives major migrations from decentralized mapping projects

    • Polkadot Ecosystem’s Daily active addresses hit an all-time high of 514,000

  • Eigen Layer

    • Eigen Foundation increased EIGEN airdrop by 100 tokens and clarified investor tokens unlock after September 30th to address community concerns.

  • The technical whitepaper on universal intersubjective staking is here.

DevToolkit: Essentials & Innovations 🛠️

  • How to Send User Operations using AA-SDK

  • Integrate Embedded Accounts in your app with these simplified React hooks

  • How Do I Get Started Becoming a Solidity Dev?

  • Securing Smart Contracts: A Dev's Guide, Part I

  • 3074 Hosted Devnet

  • Block Builder Bids Poller

  • Unconventional Functional Solidity

Explore the Depths of Knowledge: Research Papers, Blogs and Tweets🔖

  • Twitter

    • Analysis of 18 Past Airdrops

    • EIGEN Universal Intersubjective Work token explained

    • Binius: highly efficient proofs over binary fields - Vitalik

  • Articles

    • Voter Behavior in Blockchain Governance: A Comparative Study of Curve Finance and Polkadot

    • Solidity Memory Types In Depth: Part 1

    • Slashing Proofoor - On-chain slashed validator proofs

  • Research Papers

    • Web3 and the State: Indian state's redescription of blockchain

    • TRAC: a tool for data-aware coordination (with an application to smart contracts)

    • Machine Learning for Blockchain Data Analysis: Progress and Opportunities

    • Decentralized Peer Review in Open Science: A Mechanism Proposal

    • Decentralization of Ethereum's Builder Market

    Watch🎥

Web3 Security Watch 🛡️

  • Articles

    • Unveiling a New Scam: Malicious Modification of RPC Node Links to Steal Assets

    • Decoding Pike Finance Exploit

    • 5 Mistakes that are Compromising Your Crypto Wallet Security

    • NGFS Token Hack Analysis

  • Research

    • Static Application Security Testing (SAST) Tools for Smart Contracts: How Far Are We?

    • Solvent: liquidity verification of smart contracts

    • Improving Smart Contract Security with Contrastive Learning-based Vulnerability Detection

    • A Blockchain-Based Audit Mechanism for Trust and Integrity in IoT-Fog Environments

  • Tweets

    • Finding a Viper in the curved lawn

    • The pitfalls of EIP-3074, and how to avoid them

    • ZachXBT: How Lazarus Group laundered $200M from 25+ crypto hacks to fiat from 2020–2023

  • Tools

    • RugCheck :- RugCheck is the ultimate tool for ensuring the safety, analysis, and transparency of #Solana tokens. It thoroughly checks the contracts on #Solana to make sure you steer clear of any potential rugs.

Hacks and Scams 🚨

  1. Pike Finance

Loss ~ $1.68M

Here are the key points regarding the Pike Finance hacks in April 2024:

  • Two Major Hacks: Pike Finance was hit by two significant security breaches, resulting in a total loss of approximately $1.9 million.

  • First Hack Details:

    • Date: April 26, 2024

    • Target: USDC pool of the Pike Protocol Beta

    • Vulnerability: Mismanagement of the Cross-Chain Transfer Protocol (CCTP), which is used for transferring USDC across blockchains.

    • Attack Mechanism: An error in the protocol allowed the attacker to manipulate the receiver addresses and the amount of USDC, enabling the theft of about $300,000.

  • Response to First Hack:

    • Protocol Update: In an attempt to secure the protocol, Pike updated their smart contracts.

    • Introduction of New Vulnerabilities: The updates inadvertently introduced new dependencies that altered the contract's storage layout.

  • Second Hack Details:

    • Consequence of Updates: The remapping caused by the updates made the “initialized” variable inaccessible.

    • System Misinterpretation: The protocol mistakenly believed the contracts were not initialized.

    • Exploitation: Attackers deployed a malicious version of the spoke contracts, gaining administrator access and subsequently stealing $1.6 million.’

  1. Yield Protocol

Loss ~ $0.181M

  • Hackers exploited a smart contract vulnerability in Yield Protocol, a DeFi lending platform, stealing about $181,000 in crypto assets.

  • Yield Protocol ceased operations in December 2023 due to decreased demand and regulatory pressures but was still operational for closure procedures.

  • Despite advisories for investors to withdraw funds, the protocol suffered a breach where the attacker used a discrepancy in pool token balances on the Arbitrum blockchain.

  • The breach was initially disclosed by blockchain investigation firm PeckShield.

  • The stolen funds were facilitated through @ChangeNOW_io on the Arbitrum network and remained with the hacker.

  • Yield Protocol was also affected by a previous attack on the Euler Finance platform in March, which led to the temporary suspension of its operations.

  • The platform announced its return to full functionality on May 18, allowing resumed borrowing and lending for future series and outlining a timeline for users to claim replacement tokens.

Given the recent security breaches in the DeFi sector, as highlighted above with Pike Finance and Yield Protocol, thorough smart contract audits are crucial for safeguarding assets.

Secure your DeFi projects with thorough audits. Try QuillShield today for comprehensive protection from development to deployment.

Visit QuillShield

Community Spotlight

#PolygonÂ