October has historically been themed as a bullish month for crypto, returning six out of seven higher monthly closes for Bitcoin and three consecutive green closes for Ethereum. Thus far, the crypto market has shown positive signs of sticking to this trend, but volatile action in the remaining days could change this narrative. Outside the markets, this month has stuck out in the severity and frequency of DeFi exploits. Blockchain analytics firm Chainalysis reported earlier this month that October had already seen more than $718 million lost to hacking incidents by Oct. 13, making it the leading month in this observation.
Team Finance and Ethereum smart contract alarm clock exploits highlight the dire case
On Thursday, blockchain security firm PeckShield reported that the decentralized finance (DeFi) lockup protocol Team Finance had suffered a smart contract bug exploit. The crypto launchpad confirmed that the exploit saw it drained assets to the tune of $14.5 million. In a Twitter thread explaining the incident, the web3 infrastructure platform revealed that the malicious actor targeted a flawed Uniswap V2 to V3 migration function that had actually been previously audited.
PeckShield estimated the looted sum to be 880 ETH, 6.4 million DAI, and other tokens including CAW, TSUKA and KNDA. The initial attack vector cost the attacker 1.76 Ether, according to the analytics firm. The crypto liquidity provider suspended activity to complete mitigation and shared an update of regular functionality resuming yesterday. Team Finance’s case follows Mango Finance’s exploit in which the attacker made away with more than $113 million before negotiating a return of a portion of the funds. Binance’s BNB smart chain was also afflicted earlier this month by a similar incident on Oct. 6, losing $100 million.
Last week, the Ethereum Alarm Clock smart contract code got exploited by exploiters that siphoned $260K in stolen gas fees. According to web3 security firm Supremacy, the attacker swiped around 204 ETH in gas fees from the protocol. The Ethereum Alarm Clock helps schedule transactions on the chain and requires users to settle the transaction charge in terms of gas fee upfront. The exploiters pulled the incident off using a bug in its code by calling the cancel functions on the Ethereum Alarm Clock contracts with inflated transaction fees. They then redirected the difference in the returned gas fees to themselves.
In other news
Ethereum Push Notification Service rebrands following integration on Polygon
Polygon has continued advancing its push into the Web3 ecosystem space further with the recent integration of Push Protocol, which previously had the name Ethereum Push Notification Service (EPNS). It is expected that the product will significantly enhance the user experience on the Polygon blockchain by its functionality of enabling users to get updates when on-chain or off-chain conditions are met.
The launch on Polygon is seen as a move to offload some of the reliance of Web3 ecosystems on notification services that are native to Web2. It also satisfies the decision by the service to transition into a multi-chain environment, meaning it intends to extend its “opt-in, native, censorship-resistant option” to other layer one and layer two networks. Its expansion plan includes other forms of communication like chats, video streams and messaging.
The more than 37,000 decentralized applications on Polygon can now create unique communication models to benefit developers, users, and investors in the cryptocurrency community. Just as on other applications, developers may easily add a notification service and allow app-to-wallet communication to their Polygon-based applications. Notably, in recent days, Polygon has been the go-to solution for web2-based firms like Reddit, Meta, Adobe, Stripe, and Starbucks, seeking an early entry into Web3.
Push Protocol’s flexible communication features, which let them control communications while effectively eradicating spam, can benefit the applications created by these firms. Customers expect that Web3 apps will provide a user interface equivalent to that which they are now accustomed to in Web2. Thanks to the collaboration with Push Protocol, smart contracts on the Polygon network that are powered by the communication service can include notifications that can reach any wallet, application, or plugin.
To learn more, check out our Investing in Polygon or Investing in Ethereum Push Notification Service guide.
Ripple launches a new EVM-compatible sidechain
Even with the weight of regulatory unclarity hanging over its head, the core development team behind Ripple, Ripplex, recently started rolling out support for EVM use cases. This comes after blockchain technology development firm Peersyst Technologies announced the testnet launch for a new EVM-compatible network, the XRP Ledger sidechain.
The motivation is to leverage the rich Ethereum ecosystem by allowing Ripple users to access decentralized applications such as Uniswap. The development also seeks to woo developers building on the network to port over to Ripple and leverage the low costs, speeds, and sustainability synonymous with it. Using a sidechain to bring EVM compatibility was preferred over making the Ledger itself EVM-compatible.
With the sidechain now live, Ripple has begun the first in a three-step process to bring Solidity smart contracts functionality onto the platform and inspire a new era of blockchain-powered applications. In this first phase, developers can use a cross-chain bridge linking the sidechain to the XRPL Devnet, where testing takes place. They can test the new EVM network by linking XRPL Devnet and a XUMM wallet, establishing a connection between Metamask and the EVM sidechain, and sending XRP between the XRPL Devnet and the EVM sidechain.
The Tendermint Protocol-based testnet allows them to analyze the available technologies and expose their applications to the XRPL Devnet userbase. The next phase of this EVM project is expected to begin early next year, which intends to bring improvements, such as making the network permissionless and scalable to achieve block times equivalent to those posted by XRPL. The sidechain is expected to be ready for full deployment in Q2 2023, with a decentralized bridge and production-ready use components.
To learn more about Ripple, check out our Investing in Ripple guide.
Avalanche subnets support validator staking using the subnet’s token following Banff hard fork
Avalanche has continued backing its subnets technology to be its next big thing and recently released an upgrade to advance its subnetworks. The Banff upgrade, which went live on the mainnet last week, brought several capabilities, most notably allowing subnet validators to earn rewards in the subnet’s native coin accessible in the upgraded subnets.
Ava Labs Head of Engineering Patrick O’Grady explained that validators would still be required to stake AVAX to unlock the native cross-subnet communications feature. The hard fork also grants creators more control over their ecosystem, including a provision to remove a validator from a subnet before the expiry of their staking time. This feature, however, won’t be available directly as the creators first have to make their subnets elastic in a transformation. The change is one-time and creators lose the ability to modify the subnets.
“Teams that still want to manage the curation of a Subnet’s validator set do not need to enable Elastic Validation. This flexibility is very important for regulated financial institutions looking to launch their own blockchain (which often need validators to comply with various KYC/AML requirements),” O’Grady said.
To learn more about Avalanche, check out our Investing in Avalanche guide.
Ethereum post-merge vision
The Ethereum merge in mid-September saw the mainnet adopt Beacon Chains’ Proof-of-Stake consensus, which, among other benefits, made the ecosystem more energy-efficient. The upgrade, however, didn’t feature the ability to withdraw staked Ether – a provision expected under proposal EIP-4895in the next major upgrade, Shanghai.
Last week, Ethereum launched the testnet for Shanghai, Shandong, allowing developers to start experimenting with the upcoming phases of Ethereum development for the next dozen months. In addition to staked ETH withdrawals, the Shanghai upgrade will bring a change to the Ethereum Virtual Machine (EVM), the runtime environment for smart contracts, in the form of the EIP-3540 update. Some of the other proposals under consideration currently are EIP 4844 (proto-danksharding), EIP-3670 (EOF- Code Validation), and EIP-3860 (Limit and meter initcode).
These potential proposal inclusions remain just that, as the final draft of EIPs that will be included in Shanghai is far from being compiled. In an interview featured on the Bankless Show on Oct. 25, Ethereum co-creator Vitalik Buterin confirmed the next area of focus for the project as solving scalability and implementing a censorship resistance strategy.
To learn more about Ethereum, check out our Investing in Ethereum guide.