This Week in Custody #39
This Week in Custody is a newsletter covering technical and narrative developments in digital asset custody written for wallet engineers, digital asset operators, and security engineers.
Last Week’s Most Clicked
Coinbase writes an informative post on scaling node operation.
How can smart contracts hold private keys? This blog post provides background on using MPC and ZKPs to allow for more programmatic contracts.
News
GameStop launches an NFT marketplace. It appears to be doing well.
Swiss Post is developing an internal custody team.
Gnosis Safe rebrands to Safe and plans to build a multi-wallet ecosystem.
Near partners with BitGo.
BNP Paribas is working on custody.
Bitcoin
Lightning Dev Kit (LDK) has a new blog. They published two posts:
An overview of LDK and the mission
An introduction to phantom node payments
Using a hardware device for LN remote signing.
Validating Lightning Signer (VLS) project
There is a new proposal for half aggregation of BIP-340 schnorr signatures.
mailing list announcement
draft BIP
BitMex Research writes about OP_Return. Worth a read!
Federal Reserve publishes a working paper on Lightning Network.
Ethereum
zkEVM announcements:
Semaphore V2 gets released.
Videos from Devconnect now available.
Gas Gauge: A Security Analysis Tool for Smart Contract Out-of-Gas Vulnerabilities
An explanation on how EIP-2535 (Diamonds style architecture) was used by an NFT project to steal funds.
The Saudis, a popular NFT project, started a freemint campaign on July 10, 2022 where whitelisted users can mint their NFTs for free. A user identified as RIGHTBLOCK dumped a substantial quantity of NFT into the market shortly after the mint event concluded.
After doing some research, we found that the NFT project’s contract uses the EIP-2535 protocol, which is also called the “diamond protocol.” This protocol is used by the project team to modify the contract’s functionalities in order to implement these NFT transfers.
Flashbots encourages early users of mev-boost.
Figment announces its plans to use MEV-Boost.
Paradigm has a new CTF starting later next month.
StarkNet has a token announcement.
Other Chains
Paradigm publishes a new blog post on blockchain latency and throughput.
Vulnerability in Flow’s smart contracting language Cadence.
Osmosis gets an ERC-20 token representation of Evmos.
Juno’s latest upgrade supports interchain account functionality - a first for Cosmos chains.
Trail of Bits releases a smart contract fuzzer for StarkNet.
Mysten Labs announces Sui Wallet: a Chrome extension client-side wallet.
More on Sui Move.
A new project called Keystone in Cosmos designed to make key management easier by offering a gRPC infront of a keyring.
Uniswap launches on Celo to add liquidity to carbon credit market.
Polkadot’s Gov2 framework.
The group module gets added to Cosmos SDK.
x/group provides functionality to define on-chain groups of people that can execute arbitrary messages based on agreed upon rules. A simple use-case of x/group is to create on-chain multisigs (with updateable members and thresholds), but x/group can also be used to create more complex DAOs.
Crypto
Ferveo: Threshold Decryption for Mempool Privacy in BFT networks
SATAn: Air-Gap Exfiltration Attack via Radio Signals From SATA Cables
Adam Gibson speaks about Sigma Protocols at Advancing Bitcoin (video).
Security
FBI posts a PSA warning about the use of deepfakes and stolen PII used in remote employment applications.
How secure is open-source? DARPA wants to find out.
Malicious code injection used to trick users into signing setApprovalForAll messages.
Using Guix to build a secure supply chain.
Releases
[Zcash] v5.1.0
[Cosmos SDK] v0.46.0
[Filecoin] v1.16.1
[Go Ethereum] Nausicaa (v1.10.21)
[Teku] 22.7.0
[Lodestar] Release v0.41.0
Thanks for reading! Have a great week.