This Week in Custody #42

This Week in Custody is a newsletter covering technical and narrative developments in digital asset custody written for wallet engineers, digital asset operators, and security engineers.

---

Last Week’s Most Clicked

• Private keys are increasingly being revealed in US courts as part of discovery or pre-trial motions.

• Auditing Crypto Wallets is an excellent primer that covers a lot of security details when it comes to developing non-custodial wallets.

• Coinbase covers LN growth metrics.

News

• Coinbase covers the Web3 developer stack.

• Clockwork raises to improve to build “decentralized” lambdas.

• Omni raises money to build its noncustodial wallet.

Bitcoin

• Block’s hardware wallet team talks about wallet recovery.

• Transaction validation in Bitcoin using Cairo.

• Building Channel addresses.

• Liquidity guide for LN.

• Rapid Gossip Sync protocol for LN,

• Ledger asks developers to try out the upcoming Miniscript support.

• Tweet thread collects latest research papers on LN.

• Broadcasting Messages in Space with Lightning

• NBER working paper on the usage of the Chivo wallet (El Salvador’s state-sponsored Bitcoin wallet).

  despite the government’s “big push” and a large fraction of people downloading Chivo Wallet, usage of bitcoin for everyday transactions is low and is concentrated among the banked, educated, young, and male population.

• Tapscript: New Opcodes, Reduced Limits and Covenants

Ethereum

• Paradigm writes about data availability.

• Coin Center explains how Tornado Cash works.

• DeFi Securiy Summit videos for days 1 & 2.

• Ideas to compress bytes used in an ERC-20 transfer.

• Ethereum Tags Database.

• Trail of Bits has a guide on building secure smart contracts.

• Goldfish is a proposed alternative to Ethereum’s GHOST protocol. Paradigm has an introductory blog post.

• Matic’s Plonky2 is open source.

• Flashbots discusses how searchers might be affected from the Merge.

• Just-in-time Liquidity on the Uniswap Protocol

• Arbitrum Nitro whitepaper is released.

Other Chains

• Nomad creates a repository containing data related to its bridge hack exploit.

• Great coverage of the new Group and Governance modules in the Cosmos SDK.

• Acala’s aUSD hacked.

• IBC channel upgradability.

• Compound’s cETH market freezes following a bug.

• Solana team OptiFi locks funds in a Solana program by calling the wrong method.

• Skynet Labs is shutting down.

• Binary Ninja: reverse engineering Solana.

• An introduction to Move from an auditor’s perspective.

• Vulnerability disclosure of an Avalanche DoS vector.

• Coinbase has an analysis of the Celer Bridge incident.

Crypto

• Mysten Labs releases fastcrypto: a common cryptography library used by the project. Written in Rust.

• Ledger Labs shares how linkable ring signatures can be used to improve privacy for users.

• a16z has an excellent write-up on trusted setup ceremonies for zero knowledge protocols. In the post, the authors cover some history of famous setups like the original Zcash trusted ceremony as well as discuss a perpetual “powers-of-tau” setup ceremony. The team also open sources an on-chain KZG for EVM networks.

• Cryptographic Oracle-Based Conditional Payments

• PESCA: A Privacy-Enhancing Smart-Contract Architecture

• Constant-time not guaranteed by Intel and ARM CPUs?

• ZK Whiteboard Sessions by ZK Hack are video tutorials on zero knowledge protocols.

Security

• General Bytes, a popular crypto ATM provider, suffers a vulnerability that allows remote privilege escalation.

• ETHERLED: Sending Covert Morse Signals from Air-Gapped Devices via Network Card (NIC) LEDs

• Google’s blog announcement on Project Paranoid.

• Open questions related to improving responsible disclosure in cryptocurrency.

• Vulnerability Management for Go

Releases

• [Algorand] Algorand 3.9.4

• [Filecoin] Release v1.17.1

Thanks for reading. Have a great week!