Autor Cointelegraph By Zhiyuan Sun

Secret Network resolves network vulnerability following white hat disclosure

On Nov. 30, Guy Zyskind, CEO of privacy smart contract blockchain Secret Network, said that developers had patched a privacy-related vulnerability and users’ funds remain secure. In a document dated Nov. 29, Secret Network wrote that users or developers required no action and that all active nodes were upgraded to correct the exploit on Nov. 2. 2/ You can read the post for the main details, but the important part is that the vulnerability was mitigated and unlikely to have been exploited. Most importantly, funds were never at risk, because Secret intentionally does not rely on SGX for correctness – only privacy.— Guy Zyskind (@GuyZys) November 29, 2022The sequence of events, unveiled late yesterday by the Secret Network developers, began when a group of white-hat computer science researchers contacted the Secret team on Oct. 3 regarding a recently disclosed xAPIC (Advanced Programmable Interrupt Controller) architectural bug. The exploit allowed uninitialized memory reads in certain Software Guard Extension-enabled (SGX) Intel CPUs. Secret Network leverages SGX technology to provide confidential execution of smart contracts. As stated in their paper, researchers first registered a server as a validator node on the Secret Network, even when they did not have sufficient funds to be trusted to actively validate transactions. The registration process then stored a copy of Secret’s global consensus seed inside its SGX enclave. Next, through the aforementioned CPU glitch, researchers extracted the consensus seed of its Secret Node and its private Intel Enhanced Privacy ID key. Finally, with these items, they were able to break Secret’s privacy-preserving features and decrypt the internal state of all smart contracts on the network, as well as the digital assets embedded in them. Secret developers verified the exploit on Oct. 4 and devised a plan to patch the vulnerability together with researchers and Intel staff. First, nodes were forcefully ejected from the network, and their secret keys deleted. After that, nodes could only rejoin the network if they patched all known vulnerabilities, which was completed on Nov. 2. “With this upgrade, it is now infeasible to mount xAPIC attacks against the Secret Network mainnet,” wrote the Secret Network team.In addition, new nodes joining the network will be limited to server-class hardware only, as to limit the attack surface that user-class hardware presents. Founded in 2015, Secret Network currently has a market cap of $131 million through its native token SCRT. The firm partnered with director Quentin Tarantino to launch Secret NFTs last November.

Čítaj viac

Uniswap launches NFT marketplace aggregator

According to a new post on November 30, decentralized exchange (DEX) Uniswap announced that users can now trade nonfungible tokens, or NFTs, on its native protocol. As told by Uniswap, the function will initially feature NFT collections for sale on platforms including OpenSea, X2Y2, LooksRare, Sudoswap, Larva Labs, X2Y2, Foundation, NFT20, and NFTX.”To bring users the first-rate experience they’ve come to expect with Uniswap, we built the aggregator to deliver better prices, faster indexing, more unassailable smart contracts, and efficient execution.”Uniswap developers claim that users can save up to 15% on gas costs compared to other NFT aggregators when using Uniswap NFT. unifies ERC20 and NFT swapping into a single swap router. Integrated with Permit2, users can swap multiple tokens and NFTs in one swap while saving on gas fees.The NFT aggregator is powered by the Universal Router smart contract and optimized by UX smart contract Permit2, both Uniswap inventions. According to the DEX, it “unifies ERC-20 and NFT swapping into a single swap router. Integrated with Permit2, users can swap multiple tokens and NFTs in one swap while saving on gas fees.””We originally conceived Permit2 and Universal Router to improve our own products, optimizing gas costs, simplifying user transaction flows, and strengthening security. As we ideated, we realized that other applications could greatly benefit from integrating these contracts.”As part of launch efforts, Uniswap says it is airdropping approximately 5 million USDC to certain historical users of NFT aggregator Genie, based on a wallet snapshot on April 15, 2022, and offering gas rebates to the first 22,000 NFT users. However, the gas rebate will only run for two weeks and is capped at 0.01 Ether (ETH).

Čítaj viac

EIB settles €100 million digital bond on private blockchain

According to a new press release on Nov. 29, the European Investment Bank, or EIB, issued a first-ever euro-denominated €100 million digital bond on a private blockchain-underpinned platform with tokenization help from Goldman Sachs.The latter, along with Société Générale Luxembourg, also act as the on-chain custodians for the financial instrument. The bond bears interest at a coupon rate of 2.57% per year with a maturity date of Nov. 29, 2024, and is governed by Luxembourger laws. Banque de France and the Banque Centrale du Luxembourg participated in the project to provide a digital representation of euro central bank money. The EIB says that “the transaction paves the way for future on-chain derivative solutions, by using the first interest rate swap hedge represented through the industry-developed common domain model.”In addition, the bond represents the “first cross-chain Delivery vs. Payment (DVP) settlement using an experimental CBDC [Central Bank Digital Currency] token.”Last April, the EIB successfully issued the first digital euro bond on a public blockchain. Goldman Sachs, Banco Santander, and Société Générale led the sale of the two-year €100 million digital bond. Regarding today’s novel digital bond issuance on a private blockchain, Ricardo Mourinho Félix, EIB’s Vice President, commented: “Blockchain has the potential to disrupt a wide range of sectors. It plays a central role in the success of Europe’s green and digital transitions, and strengthens our technological sovereignty. Innovation is part of the EIB’s identity and issuing this fully digital bond is another important step in helping to develop a fully digital ecosystem.”

Čítaj viac

Compound Finance to impose lending caps in light of failed Aave exploit

On Nov. 28, users of decentralized finance, or DeFi, lending platform Compound Finance passed a proposal to impose restrictions on the maximum borrowing of 10 tokens on the protocol. The proposal was put forth by financial modeling firm Gauntlet and passed with a majority “Yes,” although total turnout amounted to less than 7% of the COMP tokens in circulation. Most notably, tokens such as Uniswap (UNI) and COMP had their borrow limits slashed from 11,250,000 and 150,000 to 550,000 and 18,000, respectively. Other less liquid altcoins on Compound, such as year.finance (YFI), had its borrow cap reduced from 1,500 to just 20. Coins such as wrapped Bitcoin (WBTC), which previously had no borrow limit on Compound, have been slapped with a ceiling of 1,250 on maximum borrow.Proposal 135 has passed with quorum. ✅Proposal 135 sets borrow caps for ten Compound v2 markets.The proposal will be applied in two days. https://t.co/JvlEPJZrgp— Compound Governance (@compgovernance) November 28, 2022According to Gauntlet, the proposal would prevent “insolvency risk from liquidation cascades,” “price manipulation Mango squeeze exploits,” “risk of high utilization,” and “risk from shorting assets from a short position on Compound of significant size relative to the circulating supply of the asset.” Although the related incident was not directly referenced, Gauntlet also conducted modeling and risk assessment for DeFi lending protocol Aave. On Nov. 22, it was uncovered that Mango Markets hacker Avraham Eisenberg attempted to exploit the protocol by shorting high amounts of Curve (CRV), which was an illiquid token on Aave at the time, and forcing the protocol to liquidate the position at a loss due to significant slippage. However, it turned out that the slippage was far less than expected, resulting in an estimated $10 million loss after a CRV short squeeze.Gauntlet then proposed to freeze a series of tokens on Aave V2 that may be at risk of an exploit due to lack of liquidity. Currently, the Compound Finance protocol has $654.7 million in total borrowings collateralized by $2.146 billion worth of assets. 

Čítaj viac

Controlling shareholders' stakes in GBTC are 'highly illiquid': Report

According to a new Twitter post by Ryan Selkis, CEO of blockchain research firm Messari, Grayscale Bitcoin Trust’s (GBTC) controlling shareholders Genesis Global and Digital Currency Group cannot simply “dump” their holdings to raise more capital. Selkis explained that the restrictions are due to Rule 144A of the U.S. Securities Act of 1933, which forces issuers of over-the-counter, or OTC, traded entities to give advance notice of proposed sales, as well as a quarterly cap on sale of either 1% of outstanding shares or weekly traded volume. 2/ DCG bought nearly $800mm worth of GBTC shares since the premium flipped to a discount in early 2021.DCG’s board authorized up to $1.2bn of share purchases across Grayscale Trusts.In light of the current liquidity issues, the remainder is likely on hold indefinitely.— Ryan Selkis (@twobitidiot) November 28, 2022Based on calculations provided by Selkis, this works to a maximum of $62 million in liquidations per quarter based on the outstanding shares test and $23 million in liquidations per quarter based on the trading volume test. “It’s *much* more likely DCG-Genesis refinance using GBTC as collateral,” he wrote.Grayscale Bitcoin Trust, the largest Bitcoin investment trust in the world, is currently trading at a discount to net asset value (NAV) of 40% due to liquidity issues surrounding its operator Genesis Global and rumors of insolvency surrounding its owner Digital Currency Group. It is said that Digital Currency Group bought nearly $800 million worth of GBTC shares since it began trading at a discount to NAV. The firm and its affiliates now own roughly 10% of the trust’s outstanding shares.After Genesis Global began halting withdrawals on Nov. 16, rumors began circulating that its parent company Digital Currency Group, was also in a state of insolvency and would need to liquidate GBTC to pay back its creditors. Grayscale has since clarified that “the laws, regulations, and documents that define Grayscale’s digital asset products prohibit the digital assets underlying the products from being lent, borrowed, or otherwise encumbered” and that “the $BTC underlying Grayscale Bitcoin Trust are owned by $GBTC and $GBTC alone.”Grayscale also published a letter signed by Coinbase’s CFO, Alesia Haas, and CEO of Coinbase Custody, Aaron Schnarch, showing that it currently holds 635,235 Bitcoins (BTC) under custody in Grayscale’s name. 

Čítaj viac

Získaj BONUS 8 € v Bitcoinoch

nakup bitcoin z karty

Registrácia Binance

Burza Binance

Aktuálne kurzy