Lessons From ERC2771 Multicall Vulnerability
The vulnerability, initially disclosed by Thirdweb, affected over a thousand contracts.
OpenZeppelin lessons from ERC2771 vulnerability.
Obol Network integrates with EigenLayer.
EspressoSys BFT preconfirmation architecture.
P2P releases a staking market report.
Listen on: Apple | Spotify | Castbox | YouTube
OpenZeppelin shared insights from a vulnerability linked to the combined use of its ERC2771 library with multicall functionalities. The vulnerability, initially disclosed by Thirdweb, affected over a thousand contracts. In response, OpenZeppelin set up a war room with white hats and other organizations to safeguard the ecosystem. They developed a tool within Defender’s Code Inspector to identify vulnerable contracts. ERC2771, designed for account abstraction and allowing contracts to accept meta-transactions with sponsored gas fees, could be manipulated in combination with multicalls to spoof transaction calldata for siphoning tokens. Key lessons from the incident include the need to thoroughly understand how imported dependencies interact and the importance of using upgradable contracts with circuit breakers to effectively respond to incidents.
Obol Network, a distributed validator protocol, has integrated with EigenLayer to enable native restaking for its distributed validators. An initial deployment of two Obol distributed validator clusters, each comprising of four operators, is now live on the Goerli testnet. Native restaking enables validators to earn extra rewards by securing Actively Validated Services on EigenLayer. Native restaking does carry added slashing risks. Distributed validators contribute to enhancing Ethereum's fault tolerance by splitting a single validator key among multiple operators, ensuring that validation continues even if one node in the cluster goes offline. EigenLayer is the largest restaking protocol with over $1 billion in TVL.
EspressoSys introduced a Byzantine Fault Tolerant (BFT) preconfirmation design for rollup sequencing, serving as a method for the confirmation and validation of transactions. The design is backed by on the collective economic security provided of a consensus protocol and is suitable for scenarios that require rapid transaction confirmations. EspressoSys compares its design with Proposer-Promised (PP) preconfirmations, which are simpler and rely on individual validators instead of a consensus group. According to EspressoSys, BFT preconfirmations have a better UX for cross-rollup transactions. Both BFT and Proposer-Promised preconfirmation designs are composable, but they offer different levels of security guarantees.
Nnode infrastructure provider P2P.org released a staking market report outlining liquid staking, restaking, ZK tech, modularization, and emerging infrastructure. According to the report, liquid staking protocols account for 44% of the 26.4 million ETH staked on the beacon chain. The report also notes that MEV accounts for approximately 10-15% of total validator rewards on Ethereum. The report also outlines decentralized proving, ZKP hardware, and external ZKP generation protocols.
Uniswap V3 to go live on Scroll
Launching the PBS foundation
Chainlink RWA tokenization explained
Ethereum's Endgame by Viktor Bunin
Horizen Labs ApeChain proposal
Base Builder Grant recipients
Celestia DA cost simulator
Starknet Confirms STRK Airdrop Portal
Starknet Foundation confirmed that the STRK token will be distributed to select users and contributors for their past activity.
Starknet confirms leaked airdrop portal.
Obol Network launches to mainnet beta.
Kyber prepares a compensation plan.
Polygon ZK-EVM adopts bridged USDC standard.
Listen on: Apple | Spotify | Castbox | YouTube
The Starknet Foundation, which manages the development of StarkWare's permissionless ZK Rollup, has verified the authenticity of leaked screenshots showing an airdrop portal on its website. The foundation acknowledged that its front end is in development, a part of which was deployed for testing. The Foundation confirmed that the STRK token will be distributed to select users and contributors for their past activity. It also disclosed that the snapshot date for determining eligibility has already occurred, and new actions will not influence eligibility for the airdrop. The exact timeline for the token claim remains unknown.
The leaked images showed details about the potential criteria for the STRK token allocation. Those who might be eligible for the airdrop include Starknet and Starkex users, Starknet developers, Github contributors, early Ethereum adopters, and Ethereum stakers. A governance portal was also launched on the starknet.io website.
Obol Network launched its mainnet open beta. Individuals interested in operating DV nodes can now use Obol’s launchpad and run its DV client called Charon. During the beta phase, each DV cluster is limited to a single validator. The launch coincides with the third anniversary of the Beacon Chain, which went live on December 1st, 2020. Distributed validators play a crucial role in enhancing Ethereum’s fault tolerance. They distribute a validator's key among several nodes, ensuring continued validation even if a node within the set goes offline. The Obol Techne Credential Program is set to begin on December 6th for users interested in running DV nodes on testnet.
Kyber Network proposed to offer grants from the Kyber Swap Treasury to users affected by its recent exploit. The attack, which occurred last week, led to the loss of over $48 million from Kyber's Elastic liquidity pools. Efforts to negotiate with the attacker have been unsuccessful. In an onchain message, the attacker demanded full control over the DEX and a position as its Director. This morning, the attacker transferred a portion of the stolen assets from Arbitrum to the Ethereum Mainnet. Kyber Network says it is supporting law enforcement and is in the process of drafting a plan. The plan aims to reimburse affected users with an amount matching the USD value of their assets at the time of the attack.
Polygon ZK-EVM has adopted Circle's Bridged USDC Standard, enabling a smooth upgrade to native USDC in the future. The integration minimizes liquidity fragmentation by eliminating the need for users to migrate to native USDC when it becomes available on the network. Users can currently migrate their USDC from the legacy version to the new standard-compatible bridged version.
ETHDenver opens speaker applications
Velodrome compromised front end
Lodestar to issue v1.12 hotfix
ACDC #123 summary
U.S. Treasury goes after Tether
ZKP2P releases soulbound NFT
Zerion browser extension released
Yup integrates XMTP