This Week in Custody #41
Regular programming with a feature on The Merge.
This Week in Custody is a newsletter covering technical and narrative developments in digital asset custody written for wallet engineers, digital asset operators, and security engineers.
Last Week’s Most Clicked
Rainbow Wallet adds support for NFTs.
BNP Paribas is working on custody.
Fuzzing BDK’s coin selection source code.
CopperConnect adds Solana.
Safeheron announces a raise to build MPC tools.
Private keys are increasingly being revealed in US courts as part of discovery or pre-trial motions. Worth reading!
Pikachu: Checkpointing PoS chains into Bitcoin’s chain using Taproot. Does this make Bitcoin a data availability (DA) layer for Ethereum?
An interactive demo to experiment with blind Schnorr signatures.
The Summer of Bitcoin is a program that helps students contribute to open-source Bitcoin projects. They have a blog:
Channel jamming is a big area of research in LN. Lab31 publishes technical content on the topic.
Ethereum and The Merge
The long awaited “Merge” network event is right around the corner, so it is worthwhile to dedicate some time to cover it and provide resources on what to expect.
The Ethereum Foundation (EF) has released a few blog posts covering the announcement. The official announcement by EF provides an FAQ.
The Merge is a two-step process. First, the consensus layer (fka Beacon Chain) will experience a fork to include rules that incorporate transaction execution. This fork is called Bellatrix. Second, the actual merge on the execution layer (e.g. Geth) will hotswap PoW with PoS. This fork is called Paris.
Following the Merge, the definition of a full node has changed in the Ethereum protocol. It is now a requirement to run both the consensus client and execution client if you want to operate under the same trust model as before. There is a documented interface secured by JWT that connects both nodes.
Choosing the consensus client that you will run is not a trivial choice unfortunately. If you choose to stake, the client that you run will have financial consequences. A disincentive exists that significantly punishes node operators when they choose to run a popular implementation of Ethereum. The disincentive will slash your staked ETH at higher rates if you run a popular client that experiences a bug that causes downtime or satisfies one of the slashing conditions.
Below is a list of important dates from the EF:
The following is the high level of dates and events expected to unfold:
[2022/08/18]– TTD reassessed and finalized on All Core Devs call
[2022/08/18 to 2022/8/22]– EL and CL teams cut Mainnet software releases
[2022/08/23]– Client resources, EF blog, and other community and infrastructure announcements of final parameters and releases
[2022/09/06 11:34:47am UTC]– Bellatrix Mainnet upgrade
All stakers must upgrade to EL+CL Merge-ready nodes before this time
All infrastructure providers, users, and community members should upgrade PoW nodes to EL+CL Merge-ready nodes before this time
[Estimated: 2022/9/15]– Paris Mainnet Merge transition
All infrastructure providers, users, and community members must upgrade to EL+CL Merge-ready nodes before this time. Plan on configuring systems at least one week in advance and ideally before Bellatrix
dydx has a vulnerability with gasless deposits. The issue was resolved through their reasonable disclosure process.
OpenZepplin contracts have an ECDSA signature malleability issue.
Curve Finance gets DNS spoof’d.
Certik has a write-up.
BitMEX writes about OFAC enforcement in the context of PoS Ethereum.
Flashbots Relay is open sourced.
Jump Crypto is writing its own Solana client with C++.
Jump Crypto is building Silo, a threshold signature scheme that uses BFT consensus as part of its system.
Coinbase investigates the Nomad Bridge incident.
An example of a StarkNet transaction signed using iPhone’s enclave.
SlowMist provides additional analysis on the Slope Wallet incident.
Zcon3 was earlier this month! There was a talk covering the latest research in FROST.
Auditing Crypto Wallets is an excellent primer that covers a lot of security details when it comes to developing non-custodial wallets. Highly recommend reading it!
An executive at Binance was allegedly impersonated using deepfake videos in order to facilitate an asset listing scam.
If I were COO of your crypto team... is a fun read for anyone working on wallet operations.
[Avalanche Go] v1.7.18 - Chapelco
[Cosmos SDK] v0.46.1
[Polkadot] Polkadot v0.9.28
[Go Ethereum] Sentry Omega (v1.10.23)
Thanks for reading!
Thanks for reading This Week in Custody! Subscribe for free to receive new posts and support my work.