Lessons From ERC2771 Multicall Vulnerability

The vulnerability, initially disclosed by Thirdweb, affected over a thousand contracts.

Lessons From ERC2771 Multicall Vulnerability

Quick Take

  • OpenZeppelin lessons from ERC2771 vulnerability.
  • Obol Network integrates with EigenLayer.
  • EspressoSys BFT preconfirmation architecture.
  • P2P releases a staking market report.

Listen on: Apple | Castbox | Spotify | YouTube | Lens

This episode is sponsored by Harpie!


Harpie is an onchain security solution that protects your wallet from theft in realtime. Harpie helps you detect and block suspicious transactions before they execute, safeguarding your assets from malicious attacks and scams. Try Harpie for free at harpie.io/ethdaily.

Lessons From ERC2771 Multicall Vulnerability

OpenZeppelin shared insights from a vulnerability linked to the combined use of its ERC2771 library with multicall functionalities. The vulnerability, initially disclosed by Thirdweb, affected over a thousand contracts. In response, OpenZeppelin set up a war room with white hats and other organizations to safeguard the ecosystem. They developed a tool within Defender’s Code Inspector to identify vulnerable contracts. ERC2771, designed for account abstraction and allowing contracts to accept meta-transactions with sponsored gas fees, could be manipulated in combination with multicalls to spoof transaction calldata for siphoning tokens. Key lessons from the incident include the need to thoroughly understand how imported dependencies interact and the importance of using upgradable contracts with circuit breakers to effectively respond to incidents.

Obol Network Integrates With EigenLayer

Obol Network, a distributed validator protocol, has integrated with EigenLayer to enable native restaking for its distributed validators. An initial deployment of two Obol distributed validator clusters, each comprising of four operators, is now live on the Goerli testnet. Native restaking enables validators to earn extra rewards by securing Actively Validated Services on EigenLayer. Native restaking does carry added slashing risks. Distributed validators contribute to enhancing Ethereum's fault tolerance by splitting a single validator key among multiple operators, ensuring that validation continues even if one node in the cluster goes offline. EigenLayer is the largest restaking protocol with over $1 billion in TVL.

EspressoSys BFT Preconfirmations

EspressoSys introduced a Byzantine Fault Tolerant (BFT) preconfirmation design for rollup sequencing, serving as a method for the confirmation and validation of transactions. The design is backed by on the collective economic security provided of a consensus protocol and is suitable for scenarios that require rapid transaction confirmations. EspressoSys compares its design with Proposer-Promised (PP) preconfirmations, which are simpler and rely on individual validators instead of a consensus group. According to EspressoSys, BFT preconfirmations have a better UX for cross-rollup transactions. Both BFT and Proposer-Promised preconfirmation designs are composable, but they offer different levels of security guarantees.

P2P Staking Market Overview

Nnode infrastructure provider P2P.org released a staking market report outlining liquid staking, restaking, ZK tech, modularization, and emerging infrastructure. According to the report, liquid staking protocols account for 44% of the 26.4 million ETH staked on the beacon chain. The report also notes that MEV accounts for approximately 10-15% of total validator rewards on Ethereum. The report also outlines decentralized proving, ZKP hardware, and external ZKP generation protocols.

Other News


🔗 Website | 🎙️ Podcast | 🎥 YouTube | 🐦 X | 🌿 Lens | 🟪 Farcaster