#not looking forward to next week’s audit though. why do the auditors always come during my morning shifts smh am i cursed or sth | Explore Tumblr posts and blogs

evanvanness · 5 years ago

Text

Annotated edition, Week in Ethereum News, April 19 issue

Here’s the most clicked for the week:

As I always say, the most clicked is determined by what people hadn’t already seen during the week.

My thought is that the annotated edition tries to give people a more high-level overview. If I were only reading a few things this week, I would read

Quarterly update from each EF team

Prysmatic launches the Topaz testnet, ready for multi-client testnet

Compound’s decentralized governance launches

Why so many South Americans are into DeFi: “when you believe and know in your heart that nothing is riskier than your government or a bank, any alternative becomes much more enticing”

7 reasons Eth2 will change the blockchain game

The quarterly update from each EF team is pretty down in the weeds, but some of those teams don’t do much communicating. They don’t have the same need to communicate as EF pays salaries, plus some of teams are low-level stuff where the audience is already quite small. It’s at least worth skimming to get a general idea of what the EF teams are doing though.

Prysmatic launched their new testnet, which isn’t the multi-client testnet™ but is very close. We should see that in the next few weeks. The “7 reasons Eth2 changes the game” is certainly an Eth bullish post, but I suspect that the “eth2 skepticism trade” is going to start unwinding and it could have a big impact on the price of ETH. In fact, I think the price of ETH would likely be higher right now if Eth2 didn’t exist, because crypto fund managers have all turned eth2 into “just a meme” and sold on skepticism. Meanwhile literally zero Eth wannabes have yet to deliver anything scalable without trading off decentralization - and if you trade off decentralization, then you may as well just use SQL.

I suspect Compound’s governance will prove to be something that many projects copy. Of course they didn’t come up with it all on their own, they certainly incorporated many elements from others (eg, Maker) but it’s a solid model for web3 apps to follow.

Finally Mariano Conti’s essay on why DeFi. Contrary to Bitcoin’s “tHe DoLlAr iS aBoUt tO coLaPsE,” DeFi provides an alternative financial system to the folks whose fiat is actually on the verge of collapsing and who don’t want to hold volatile assets like ETH (or an unsustainable memecoin like BTC). Of course it’s not perfect, and it’s risky but any Argentine has a pretty good sense that DeFi is less risky than their banking system or Argentina’s Peronist Peso Printer.

That thing goes brrrrrrrrrrrrrr like no other.

Eth1

Geth v1.9.13, with dynamic state snapshots if you use the flag

Nethermind v.1.8.1 – receipts, bodies and state can be synced in parallel. WebSockets and HTTP run on same port

Latest core devs call. Beiko’s notes. Progress and discussion on EIPs for Berlin.

Quilt doc on account abstraction implementation plan

Most of this speaks for itself. The clients continue to improve while things are being worked on for the next hard fork. Meanwhile the longer-term stateless Ethereum continues to be worked on.

Eth2

Prysmatic launches the Topaz testnet, ready for multi-client testnet

Chainsafe’s Lodestar client in TypeScript releases initial audit report from Least Authority

Latest what’s new in Eth2

Latest eth2 call, lots of talk of API standardizations. Ben’s notes

Proto’s eth2fastspec, an optimization for transition speed to the spec

An update to add atomicity to cross-shard transfers at EE level

The Lodestar tooling has already proven to be really useful to devs and the code quality is quite high by all accounts.

Ben’s what’s new in eth2 is also a good high-level read, I just assume you already know that.

Layer2

When DeFi meets rollup, how rollup chains will work together

Arguably this could be in the “things you should read this week” above, as it’s a relatively high-level look at how rollups will work together, using Eth as the settlement layer.

Stuff for developers

Writing your first zk proof with circom and snarkjs from Iden3

Brownie v1.7 – (python-based dev/testing framework). easy CLI github/EthPM package install. And a quick walkthrough of using OpenZeppelin contracts with Brownie

Remix online and desktop IDE v0.10 – more e2e tests, dev node in browser, plugin improvements, publish to IPFS, async/await for script execution

OpenZeppelin test environment v0.1.4

dshackle – Eth API load balancer

Flash mintable asset backed tokens

Upload to IPFS directly from ENS manager with Temporal

How MeTokens personalizes with 3Box Profiles

Loopring launches an API for their dex rollup

Patterns for access control in Solidity

money-legos: tool to build DeFi apps

I’ve been trying to provide more context in the links of the devs section, which means I have less to say here.

That money-legos quickstarter for DeFi apps seems like it’s built for hackthons.

Security and ERC777 attacks

Sebastian Bürgel finds a bug cancelling the transaction in the Multis UI

Certora on a Synthetix reentrancy bug they found

Slither v0.6.11 – support for Solidity v0.6, auto-generate properties for unit tests and fuzzer

Curve found a vulnerability in the Curve sUSD code. Funds are safe.

Two ERC777 re-entrancy attacks this weekend. ERC777 is widely known to be vulnerable to reentrancy attacks, something ConsenSys Diligence highlighted in the Uniswap audit and on which OpenZepplin published an exploit on last summer

Thus a Uniswap market for imBTC (ERC777) got drained for ~1300 ETH with reentrancy and then lendFme also got drained for $25m USD by the attacker tricking the code into believing more had been deposited than actually had. Peckshield has a solid writeup. The losers are the liquidity providers, and dForce which had the entirety of its liquidity drained.

The dforce/lendfme attacker ended up giving back the money, apparently because he (i’ll use masculine probabalistically) used some front ends without covering his tracks, so he decided it was better to quit while still ahead.

ERC20 has some problems as a token standard, but auditors are generally quite skeptical of ERC777. Could we see a better standard someday? We certainly could, but it seems unlikely to be 777.

Ecosystem

Quarterly update from each EF team

What is still lacking to replace WeChat with web3?

Transaction fees > uncle rewards for miners in March 2020. Obviously Black Thursday’s transaction fee spike contributed to this

Replacing all the different components to make a web3 WeChat is hard. Even stuff like pictures is quite complicated.

Enterprise

EY releases OpsChain, v4, new SaaS model for public/private chains

Study of key management systems for enterprise

How the Baseline Protocol synchronizes between different systems of record

Using Baseline Protocol for medical tests

John Wolpert’s “mainnet as middleware” for a way of synchronizing different databases. It’s not quite “global settlement layer” but it basically is settlement but without the finance aspect.

Governance, DAOs, and standards

Compound’s decentralized governance launches

EIP2585: Minimal Native Meta Transaction Forwarder

Austin Williams mentions this 2002 Microsoft Research paper on Sybil resistance

Sybil resistance is quite hard, as we’ve found out with some Gitocin grants issues. I don’t think anyone is surprised by the issues, it’s obviously not a 100% onchain trustless system yet.

Application layer

A guide to the shutdown of Maker’s SAI

Play short-deck hold’em with Phil Ivey is the new VirtuePoker promo

Ox opens the waitlist for Matcha, a “better way to swap tokens”

First RocketDAO loan using an ENS name as collateral

DeFi Saver’s vault protection product Automation v2 with flash loans and Maker’s next price

How MetaCoin is thinking about Nikolai’s Reflex Bonds idea for a stablecoin without pegs

dYdX crosses 1billion USD in originated loans

AtStake, an Eth-based competitor to OpenBazaar. Also: help test OpenBazaar with Eth

A writeup of PieDAO’s managed Balancer pools

AtomicLoans lets you lock up BTC for a Dai/USDC loan. (Get ~9% by lending your Dai/USDC)

Gnosis launches a dex protocol with ring trades in batch auctions every 5 mins. First app on the protocol is dxDAO’s Mesa, available through mesa.eth

Do dexes count as DeFi? I’ll count them as a yes for my weekly metric, which - now that I’ve counted - is at 9/11.

I didn’t count VirtuePoker as DeFi but I’ve seen some persuasive arguments that gambling has often historically served as a (rather inefficient) method of capital formation.

It’s also interesting to see dexes evolve. Exchange is so fundamental to web3 that I think it’s quite possible that we see a segmented market in the long-term, despite the fact that liquidity is a great barrier to entry. There are simply niches that can be best served by certain tradeoffs, and Gnosis’s batched auction ring trades is an interesting look.

Tokens/Business/Regulation

Another flippening: value transfer on Ethereum exceeds Bitcoin

7 reasons Eth2 will change the blockchain game

Swiss Financial Stability Board recommends heavy stablecoin regulation in response to G20 call for stablecoin comments

Coindesk reports that China’s Blockchain Service Network will incorporate Ethereum

Canada’s regulatory guidance for crypto exchanges

Bullionix: mint gold coin NFTs using DGX

HashCash v2 – personal token spam protection with auto-decreasing bond

me tokens, synthetic labor personal tokens on a bonding curve integrated with Moloch/Aragon from Chris Robison. Unfortunately I can’t read the blog post because Medium censored it.

DeFi Market Cap, neat way to compare what pools are popular inside of DeFi

Virtual gold coins is a pretty interesting bundle.

Also cool to see some folks experimenting with personal tokens. Until 2017 got out of control, the hope was to see more experiments (and no scams, ahem!) at small scale, rather than “here’s $100m in ETH, now it’s 1 billion in ETH....now you’re panic selling the bottom.” Capital allocation in decentralized ecosystems has not been great.

General

MyCrypto and PhishFort get 49 malicious Chrome extensions removed

Etherscan’s ETHProtect, taint inference analysis

Shapeshift buys Portis, and will rebrand it as Shapeshift

Binance is planning a centralized (DPoS) EVM chain

SheFi, a DeFi education program aimed at women

Why so many South Americans are into DeFi: “when you believe and know in your heart that nothing is riskier than your government or a bank, any alternative becomes much more enticing”

The Eth logo made of Venezuelan bolivars

The Eth logo was made up of 3.71 million bolivars, so 0.16 ETH, or under $30 USD. A sad commentary for a country that briefly had the same standard of living as the United States just a couple decades before I was born.

Ultimately it is hard to retain the fruits of your labor if poor public policy choices are made by voters, and none was worse than electing an authoritarian dictator.

Finally, you might notice that below I added the sponsor and calendar section to the annotated edition for the first time.

This newsletter is made possible by ConsenSys

I own 100% Week In Ethereum News. Editorial control has always been me.

If you’re wondering “why didn’t my post make it into Week in Ethereum News,” then here’s a hint: don’t email me. Do put it on Reddit.

Dates of Note

Upcoming dates of note (new/changes in bold):

Apr 21-23 – EY Global Blockchain Virtual Summit

Apr 24 – EthGlobal’s HackMoney virtual hackathon starts

Apr 24-26 – EthTurin

Apr 29-30 – SoliditySummit (Berlin)

May 8-9 – Ethereal Summit (NYC)

May 22-31 – Ethereum Madrid public health virtual hackathon

June 17 – EthBarcelona R&D workshop

Did you get forwarded this newsletter? Sign up to receive it weekly

0 notes