Week in Ethereum News, August 28, 2021 - thanks to Streamr for making this issue possible!

Eth News and Links

Mainnet execution layer

  • Consensus bug (CVE-2021-39137) exploited causing a small chain split for those who did not update their Geth nodes as instructed:

    • Most miners had already updated and the incorrect minority chain was short-lived

    • Update now to Geth v1.10.8 and Erigon v2021.08.04 (or later)

    • Exploit explainer: pointer to contract's memory was overwritten (pointers are confusing)

    • Impacts Geth based EVM networks (sidechains and Layer2)

  • Geth removing deprecated RPC flags, update command line flags to use http instead

  • 100,000 ETH burnt with EIP1559 since London upgrade

  • Execution layer client teams granted $1.5 million from application layer projects (Compound Grants, Lido, Synthetix, The Graph and Uniswap Grants) and Kraken, in addition to Ethereum Foundation funding

EIPs/Standards

Proof of stake consensus layer

  • Stakers: you must update to the latest Geth or Erigon if you run them. Also be prepared for the Altair upgrade coming at the end of September

  • Beacon chain minor incident:

    • Orphaned blocks caused small number of dropped attestations, resulting in a 1-2% drop in participation

    • Caused by Lido overreliance on one node serving the queries of 4000 validators

    • Data driven investigation

  • Danny Ryan’s Finalized PoS update: Altair upgrade of Prater testnet on September 2, Beacon chain upgrade targeting end of September

  • Latest What’s New in Eth2

  • PoS implementers call. Notes from Alex Stokes and Ben Edgington

  • Teku v21.8.2: Altair upgrade of Prater and reduced CPU and memory usage

  • Lighthouse v1.5.1: Altair upgrade of Prater, v1.5.0 improved networking stack and doppelganger protection, downgrade requires resync 

  • Nimbus privacy focus impacts crawlers as cycles libp2p peerid on restart and doesn’t accept socket connection when peer table is full

  • Proposal for committee-driven MEV smoothing to equally share a block’s MEV among the committee members and the proposer

  • Predicted exit/entry queue clog once withdrawals enabled due to validators wanting to compound their stake and rotate keys, these use cases should be handled without an exit/entry to avoid clogging

  • Stereum launcher: beacon chain client installer, supports 4 clients

Layer2

  • Optimism adds custom ERC20 token deposit and withdrawals

  • Nova: trustless relaying of contract calls between L2 and L1, deployed on Optimism and mainnet, restricted to approved projects for now

  • Hop enables fast exits from Optimism to mainnet for USDC and USDT, avoids 7 day optimistic rollup withdrawal time

  • Loopring zkRollup NFTs: mint, trade and transfer on L2, deposit to L2, withdraw to L1, supports ERC721 and ERC1155

  • L2Beat adds risk view: security, data availability, what can be changed and what to do on censorship or system goes offline


This newsletter is made possible thanks to Streamr!

The Streamr Network is being built to provide a decentralized real-time messaging protocol for web3. The network is a decentralized, topic-based publish-subscribe system. Each stream or pub-sub topic has its own P2P overlay network that is built and maintained by a set of BitTorrent-like trackers.

Testnets for the current Brubeck milestone of the network are now running. Contribute your idle bandwidth and run a node in the Streamr Network to earn rewards, with 2M DATA tokens up for grabs! DATA is an ERC-20 token, currently trading on most major exchanges, that will power the tokenomics mechanism on the Streamr Network. Learn how to run a Streamr node here.

For more information about the project, you can talk to the team on the Streamr Discord server!


Stuff for developers

Security

  • OpenZeppelin Contracts TimelockController had security vulnerability, actor with executor role could escalate privileges, projects should migrate to TimelockController in v4.3.1

  • SushiSwap paid $1 million bounty to samczsun for Miso vulnerability disclosure where $350 million was at risk and assistance with mitigation

Ecosystem

Enterprise

Application layer

Regulation/business/tokens

General


Job Listings

Want to reach people experienced with Ethereum? List your job here. $345 per line (~75 character limit including spaces), payable in ETH (or 345 DAI or 345 USDC) to abcoathup.eth. Questions? abcoathup at-gmail


Follow @WeekinEthNews to find out what the most clicked links are. Follow @evan_van_ness and @abcoathup to get most of the week’s news in real time.

Permalink for this week’s issue: https://weekinethereumnews.com/week-in-ethereum-news-august-28-2021/


Dates of Note

Upcoming dates of note (new/changes in bold):

Did you get forwarded this newsletter? Sign up to receive it weekly