This Week in Custody #43
This Week in Custody is a newsletter covering technical and narrative developments in digital asset custody written for wallet engineers, digital asset operators, and security engineers.
Last Week’s Most Clicked
Omni raises money to build its noncustodial wallet.
Block’s hardware wallet team talks about wallet recovery.
a16z has an excellent write-up on trusted setup ceremonies for zero knowledge protocols.
News
Nasdaq is working on custody for institutional clients.
OFAC publishes a FAQ on its Tornado Cash sanctions.
White House releases a framework for digital assets.
OpenWallet Foundation, part of the Linux Foundation, is aiming to increase interoperability for wallets.
Anchorage offers Japanese Yen stablecoin.
SEC provides accounting guidance for crypto.
Networks
Ethereum’s long anticipated fork to Proof of Stake is successful.
BitGo adds custodial Lightning Network support.
Helium had a proposal (HIP 70) that signaled moving the ecosystem to Solana. The proposal passed. The authors highlight that the current blockchain cannot continue to be supported, meanwhile there are benefits to building on Solana’s ecosystem including better tooling and network effects.
When ETHPoW changed its chain ID, concerns for replay attacks were reduced. However, the were some edge cases related to hardcoded chain IDs that caused some replay attacks.
Urbit Virtual Machine (UVM) is building an EVM client written in Hoon, Urbit’s native language.
Zcash wallets are experiencing longer sync times.
Profanity, a vanity address generator, has a vulnerability exploited in the wild. The vulnerability was publicly posted earlier in the year, and 1inch raised awareness about the risk last week. Several have noted that there are large funds at risk. The largest known exploit was against addresses controlled by Wintermute which lead to a $160 million theft.
Compound Treasury launches borrowing for institutions.
Avalanche deprecates native asset calls on the C-Chain due to a vulnerability.
Guides
a16z publishes a “Zero Knowledge Canon”
Paradigm covers the recent hardware trends in the zkp space.
Trail of Bits shows how static analysis can be used to find faults in zero knowledge programs. The tool is called circomspect and it targets the Circom language.
Silicon Salon hosts its second event covering secure boot, suppl chain security, and firmware upgrades. Presentations are available.
Excellent guide from Unit 410 on how to manage a chain halt.
Introductory post on how unassuming signatures can steal funds steal ERC20 tokens with the transferFrom method.
Tools & Software
Cairo graduates to its 1.0 release.
Spiral is a Bitcoin block explorer that uses fully homomorphic encryption (FHE) to guarantee privacy. It is will known that law enforcement agencies and other parties have taken advantage of block explorers to link blockchain addresses with identifiable users. A paper showcases how FHE is applied.
bitcoin_slices is a zero allocations parse library for Bitcoin data structures written in Rust.
Curdleproofs is Rust implementation of a zero knowledge shuffling scheme for secret leader selection.
Ethereum’s KZG ceremony sequencer.
Cryptography
On Go 1.20’s cryptography library changes as well as the removal of math/bigint from the crypto packages.
On Security Assumptions Underpinning Recent Schnorr Threshold Schemes
Security
Rust Foundation creates a dedicated security team.
Releases
[Near] 1.29.0
[Bitcoin] v24.0rc1: Bitcoin Core 24.0 release candidate 1
[Go Ethereum] Nemata (v1.10.25)
Thanks for reading. Have a great week!
Pine Street Labs helps businesses manage their wallets on any blockchain.