Secured #5: Public Vulnerability Disclosures Update
Right now, we’ve got disclosed the second set of vulnerabilities from the Ethereum Basis Bug Bounty Program! 🥳 These vulnerabilities have been beforehand found and reported on to the Ethereum Basis.
When bugs are reported and validated, the Ethereum Basis coordinates disclosures to affected groups and helps cross-check vulnerabilities throughout all shoppers. The Bug Bounty Program at present accepts studies for the next shopper software program:
- Go Ethereum
Along with shopper software program, the Bug Bounty Program additionally covers the Deposit Contract, Execution Layer & Consensus Layer Specs and Solidity. 🙏
Repository & vulnerability listing
For the reason that final vulnerability disclosure has been fairly eventful with occasions such because the Merge 🐼 and the max bounty reward enhance to $250,000. 💰
The best paid reward throughout this era was $50,000. This was awarded to scio for reporting a problem wherein Lighthouse beacon nodes crashed through malicious BlocksByRange messages containing a very massive rely worth. You’ll be able to learn extra about this particular vulnerability right here. 💥
One other notable set of vulnerabilites has been round fork alternative assaults. EF researchers and shopper groups investigated and patched assaults that have been in a position to trigger lengthy reorgs. 👀
Guido Vranken holds the highest spot most constructive studies on this interval. On the similar time, Guido managed to gather probably the most factors for the Bug Bounty Leaderboard! 🏆
We even have two bounty hunters who determined to donate their rewards to charities: nrv and PwningEth! 🔥
The total listing of latest vulnerabilities, together with full particulars, may be discovered within the disclosures repository.
All vulnerabilities added to the disclosures catalogue have been patched previous to the newest hardforks on the Execution Layer and Consensus Layer.
For extra data, and to be taught extra about disclosure insurance policies, timelines, and cataloging, head over to the disclosures repository.
We want to give a large shout out to everybody concerned within the discovery and reporting of vulnerabilities, in addition to to the groups answerable for fixing them. Whereas we’ve got tried to incorporate the names or aliases of all reporters, there are various builders and researchers throughout the shopper groups and within the Ethereum Basis who discovered and corrected vulnerabilities exterior of the bounty program. There are additionally many unsung heroes reminiscent of shopper group builders, group members, and plenty of extra who’ve spent numerous hours triaging, cross-checking, and mitigating vulnerabilities earlier than they might be exploited.
Your immense efforts have been instrumental to making sure Ethereum’s safety. Thanks!
Ethereum’s Path to Enterprise Success: iExec Enabling Secure Data Processing
As a head of the Enterprise Ethereum Alliance Trusted Compute Working Group, iExec has performed a major function in driving the adoption of Ethereum expertise in enterprise purposes since 2018. iExec and Intel are head contributors to the primary Off-Chain Trusted Compute Specification.
EEA’s Offchain Working Group Led by Intel and iExec was initiated within the context of the Enterprise Ethereum Alliance (EEA), iExec and Intel each being members of the Alliance. The 2 corporations have launched a brand new EEA working group specializing in off-chain capabilities. Privateness has been a long-running situation within the growth of the blockchain ecosystem. iExec and Intel’s collaboration is yet one more step in direction of the complete adoption of Ethereum blockchain for companies.
Azure Container Cases (ACI) has formally introduced the final availability of confidential containers, incorporating enhanced safety and privateness measures for information processing on their serverless platform. They've partnered with iExec, to supply safer resolution for processing delicate information.
The confidential containers on ACI provide prospects a hardware-based and attested Trusted Execution Setting (TEE) for deploying Linux purposes. This method ensures that delicate information stays safe as bigger datasets are collected, enabling multiparty information analytics, machine studying inferencing, and environment friendly information processing. Notably, data-in-use is protected by processing it in encrypted reminiscence, including an additional layer of confidentiality. ACI additionally introduces execution insurance policies to confirm workload integrity and forestall the execution of untrusted code.
“At iExec, confidential containers on ACI is a crucial part of our resolution structure that permits us to deploy buyer workloads that require the best ranges of safety and privateness with out the advanced modifications required by different platforms. With confidential containers on ACI we will run our most demanding workloads which embrace traceability, biometric authentication, AI fashions coaching/rental and cybersecurity. We’re happy with how Azure confidential computing helps us create new alternatives for purchasers with its safe environments for information sharing and utilization.” – Francis Otshudi, Chief Gross sales Officer
iExec's experience in constructing Web3 and blockchain initiatives, with a deal with belief, confidentiality, and governance, aligns completely with the necessities of enterprises. Their safe resolution permits for the processing, sharing, and monetization of delicate information whereas retaining possession and confidentiality.
This partnership between Azure and iExec signifies a major step ahead in safe information processing inside the Web3 ecosystem. It showcases iExec's dedication to revolutionizing enterprise Ethereum purposes whereas sustaining the best ranges of safety and privateness.
iExec is proud to be included as a major function within the Ethereum Enterprise Alliance Readiness Report for 2022, which assesses the capabilities and readiness of the Ethereum ecosystem for companies.
submitted by /u/Yderf337788
Crypto Lender Celsius’ $800M Ether Staking Shake-Up Stretches Ethereum Validator Queue to 44 Days
Embattled crypto lender Celsius Community is shaking up its ether (ETH) staking technique, congesting the already month-long queue to activate new validators on the Ethereum community.
Over the course of two days, the agency has been diligently transferring ETH into staking contracts after redeeming some $813 million of staked ETH from liquid staking chief Lido Finance. Since June 1, Celsius has deposited some $745 million of ETH, information by Arkham Intelligence reveals.
The transfers have stretched the already lengthy queue to ascertain new validators on the Ethereum community to 44 days, with Celsius doubtlessly accountable for nearly per week of additional time, Tom Wan, analyst at crypto funding product supervisor 21Shares noted.
The transactions are the newest growth within the lender’s maneuver to reshuffle its staked ETH stash since Ethereum’s Shanghai improve enabled withdrawals from staking contracts in April. At the moment, Celsius held some 460,000 of ETH – now value $870 million – staked with liquid staking platform Lido Finance and a few 160,000 tokens – about $300 million at present costs – deployed in its personal staking pool.
The transfers have occurred because the agency restructures after submitting for chapter safety in July, when it succumbed to liquidity points resulting from plummeting cryptocurrency costs and a wave of person withdrawals. Final week, the U.S. chapter court docket auctioned the lender to profitable bidder Fahrenheit, an funding group backed by Arrington Capital that may assume the agency’s belongings, together with its institutional mortgage portfolio, staked cryptocurrencies and crypto mining models.
Celsius’ staking maneuvers
The lender’s maneuver to shake up its staking allocations began with staking some $75 million of its obtainable ETH stash with non-custodial, institutional staking service Figment, CoinDesk reported.
Celsius additionally requested to redeem its 460,000 staked ETH from Lido as quickly because the platform allowed withdrawals. It has already reclaimed 428,000 tokens, value $813 million. Celsius cut up the belongings into two separate crypto addresses that the agency beforehand used to stake with Figment and to deposit in its personal staking pool, blockchain information shows. The lender remains to be ready to obtain 32,000 ETH from Lido.
On Thursday, the agency moved a complete of 291,000 ETH, value $553 million, into staking contracts, in accordance with a Dune Analytics chart by 21Shares. A complete of 192,000 tokens have been deposited into the Celsius staking pool, whereas 99,000 tokens have been staked with Figment, Wan reported.
On Friday, the corporate resumed transferring tokens into staking contracts, placing it on monitor to stake all of the 428,000 ETH stash. On the time of publication, the agency had staked some $199 million of ETH through Figment and deposited some $12 million to the Celsius staking pool, Arkham information reveals.
After the transfers, Celsius wallets nonetheless held some $109 million in ETH, in accordance with Arkham.
Staking permits the beleaguered lender to earn rewards on digital asset holdings whereas the withdrawal freeze on person deposits is in impact.
Nevertheless, it additionally considerably stresses an already crowded queue so as to add new validators on the Ethereum community. Validators are entities in a proof-of-stake blockchain, who stake tokens to protect the community and oversee transactions in trade for a reward.
Demand for staking has elevated dramatically because the Shanghai improve activated on April 12. Deposits surpassed withdrawals by nearly $5.5 billion, leaving new entrants with a month-long wait time to arrange validators, information by blockchain intelligence agency Nansen reveals.
Celsius’ newest staking deposits additional stretched the queue. The estimated time to clear the queue now stands at 44 days and one hour, in accordance with Ethereum monitoring web site Wenmerge.
If Celsius commits all of the 428,000 tokens to staking, it’s going to add six days and 15 hours to the ready time, growing to 45 days, Wan predicted on Thursday.
“Staking activation queue up solely,” pseudonymous blockchain sleuth Alto, who was first to report Celsius’ switch to staking wallets, tweeted.
Edited by James Rubin.
OscarSwap com | $OSCAR | DEX Live on Arbitrum | L2 Bridge | Farming Live | Staking | Mobile App | Binance Live | KYC | Doxed | CertiK Audit | 62.5 ETH raised on pinksale | Launching 19:30 UTC on June 1st Sushiswap
It's time change the entire paradigm of investing and holding currencies with oscar swap. Oscar swap is the best product of 2023 in crytpo market based mostly on Arbitrum blockchain.
With Arbitrum block chain transaction will likely be finished rapidly and at much less value. not solely it has given Dex a totally totally different form for the longevity of venture.
Full elimination of arbitrage for equality in costs
Right here you stake oscar token the subsequent second auto compounding mechanism will begin working and you’ll one hundred pc reward in your pocket isn't it fascinating??
Oscar will likely be offering it's enthusiastic customers with nice liquidity by distributing buying and selling charges and rewarding oscar tokens
It's time to promote the underlying pool assest in open marketplace for excessive returns
Swap tokens with much less slippage at beneficial costs
Three cash providing farming rewards will escort you in your osacarswap journey .oscarswap native token $OSCAR, the second is WETH, and lastly, a secure coin.
Do you wish to make your one greenback price hundered of greenback simply after one yr?? If sure? Then go and make investments it at 500% APR with Oscarswap Farms.
Wanna be premier or adjustable staker?? Take a sensible choice
Oscar has turn into probably the most accessible Dex of 2023 by joing fingers with a good bridge now no extra boundaries
Oscar cell app is only a clock so don't wait earlier than it's too late
Actively take part in choice making course of and in case your issues go unheard time lock function will begin working so don't you are worried
Complete Provide : 7,500,000 OSCAR
Staff Funds: 13.3%
Insurance coverage Funds (For Emergency): 50%
Treasury Funds (Advertising, Strategic ,Partnerships) : 6.9%
Pre-sale Platform: Pinksale
Launching platform: : Sushiswap
For extra data such because the roadmap and pockets distribution, go to the web site listed beneath.
Telegram Group: Oscar_swap
Official Web site: https://oscarswap.com/
submitted by /u/noganbo