Fireblocks Discloses UniPass Vulnerability

Attackers could have exploited the vulnerability by modifying the trusted EntryPoint in hundreds of UniPass wallets.

Fireblocks Discloses UniPass Vulnerability

Quick Take

  • Fireblocks discloses a UniPass wallet vulnerability.
  • Arbitrum Orbit is mainnet ready.
  • Polygon activates the Inca Berry upgrade.
  • MetaMask expands supported networks on its bridge app.

Listen on: Apple | Castbox | Spotify | YouTube

Fireblocks Discloses UniPass Vulnerability

The Fireblocks security team disclosed an ERC-4337 Account Abstraction-related vulnerability in UniPass's smart contract wallet. Attackers could have exploited the vulnerability by modifying the trusted EntryPoint in hundreds of UniPass wallets, which would allow them to control and drain funds from the wallets. Together with Fireblocks, UniPass executed a whitehat operation to patch the vulnerability, setting the EntryPoint of impacted wallets to a new rescue contract and adding missing permissions. Fireblocks highlighted the challenges of securing modular smart contracts and the need for standardized security measures such as ERC-6900.

Arbitrum Orbit Is Mainnet Ready

Arbitrum Orbit, a tech stack for deploying L3 appchains on Arbitrum AnyTrust chains, is now mainnet ready. Orbit chains can post data availability to Arbitrum One or Arbitrum Nova, enabling ultra-low-cost transactions. Gaming and derivatives platforms have emerged as top application use cases for Orbit chains. Service providers Caldera, Conduit, and AltLayer will facilitate the deployment of Orbit chains. Arbitrum Orbit is compatible with Stylus, a tech stack that supports smart contracts written in any WASM-compatible language. Orbit chains can also integrate Arbitrum Nitro updates without having to obtain governance approval.

Polygon zkEVM Inca Berry Upgrade

zaPolygon has initiated the Inca Berry Upgrade for its zkEVM Mainnet Beta, which introduces cryptographic enhancements, bug fixes, and updates to the prover and node. A 10-day timelock, set to conclude on November 5th, is in place for users to withdraw funds and for developers to test the update. Developers will need to adopt the latest versions of the node and prover once the upgrade is live on the Ethereum Mainnet,

MetaMask Bridge Portal Expands Networks

MetaMask added support for bridging between Base, zkSync Era, and Linea, bringing the total number of supported networks to nine within its bridge portal. Powered by bridge aggregators Socket and LI.FI, the portal includes bridge providers like Hop, Celer cBridge, and Polygon Bridge. A 0.875% fee is applied to all bridging transactions on MetaMask's portfolio dapp.

Other News


🔗 Website | 🎙️ Podcast | 🎥 Video | 🌿 Lens | 🐦 Twitter | 🟪 Farcaster