795 Dooters - Last Updated Jan 26, 2023
Livestream Recording | POAP Checkout
Special guest James Wigginton joins us to discuss DAO/COOP configurations and the benefits over an LLC structure.
Phiz, if you can see this, youâre in yesterdayâs daily. WAKE UP!
Settlement layer,
Immune to any slayer,
Best blockchain player.
On this dayâŚ
In 2022:
In 2021:
In 2020:
In 2019:
In 2018:
In 2017:
In 2016:
[^(compiled with love)](https://eth-archive.xyz/blog/on-this-day-in-ethereum-workflow/)
Hey friends! As you might have noticed from the many comment threads these past 2-3 days, the Ethereum Foundation has been running (since the beginning of this week and for approximately two more months) something called the KZG Ceremony.
MY noob-friendly eli5 is that this super-easy-to-participate and open-to-everyone ceremony will contribute (via super-fancy-behind-the-scene math) the necessary randomness for the trust assumptions of the upcoming EIP4844, aka ProtoDanksharding.
(The official explanation is: "This ceremony, sometimes called a âTrusted Setupâ, will generate a structured reference string (SRS) which is needed for the commitments to work. An SRS is secure as long as at least one participant in the ceremony successfully conceals their secret.")
The website of the Ceremony has plenty of information on all things ceremony, however, I wanted to share with you all an đ§đĽ excellent podcast episode đĽđ§ with a conversation between Carl Beekhuizen & Trenton Van Epps from the Ethereum Foundation and the host of Epicenter.tv, Friederike Ernst.
The topics the three of them touch on, are:
I certainly do not understand 99% of the math, but this conversation really helped me understand the basic ideas behind the whole process! Enjoy!
Public accountability update on my staking journey w/ u/benido2030
After an appreciated pep-talk last week, I took a few hours this week to continue to familiarize myself with Linux. Namely the terminal - found a random YouTube video to just follow along with and type through some basic commands. I think this has been helpful so far because my first attempt at all this I just jumped into a staking guide with literal zero understanding what was going on with the terminal. It was an unnecessary stressor knowing one deviation from a guide and Iâm screwed.
I am hoping to get a little more familiar with Linux in general before I go further. So if anyone has ideas / videos of things that helped them when they were starting Iâd love to see them. I noticed the CoinCashew Guide has a lot of security best practice type things I need to familiar myself with, so may start focusing on that stuff.
If anyone cares (and to in general share back links myself) someone here gave me this link (sorry, it was awhile ago) â https://linuxcommand.org/tlcl.php â which was a nice starter read and this was the video I followed along with â https://www.youtube.com/watch?v=s3ii48qYBxA â which had a lot of similiar stuff but was easy to follow in video. Both super basic, but I canât stress enough how much of a newbie I am with Linux⌠so it was a comfy start.
Iâd also like to keep this quasi-weekly thing going, so if anyone else is trying going down their staking journey feel free to jump in.
I think the form of NFTs ripe for the next bull cycle will be different. Just as web2 innovated on web1 by adding interactivity, I think weâll see the same occur for the next wave of NFTâs. Gone will be the hype for profile pictures and weâll transition towards NFTs with steady demand and which produce revenue streams.
I donât think the infrastructure will be there next bull market for real world asset NFTs like car or house deeds. Governments already have systems for those and even if it would reduce their costs that isnât a metric they are optimizing for. So, Iâm looking at informatic use cases of the blockchain that can remain in the digital realm to the point of delivery.
Chief among these are live events or NFT ticketing. Live events occur on a regular basis and the total addressable market cap here makes the art market blush. I particularly like this use case because it serves everyone better except the existing parasitic middlemen.
Just from a technical feature perspective, NFTs provide a provenance trail. If you gate NFT transfers to KYCâd customers then the venues which switch to this system can actually know who attended their events. This is obviously useful information which is lost now and it enables entirely new pathways to engagement between performers and attendees. For example there could be exclusive ticket sale rounds to whitelisted addresses based on previous event attendance.
Additionally there are trust and corruption issues with current ticketing approaches such as corrupt release mechanisms and opaque service charge fees. At the very least having the sale logic on the blockchain can add transparency and equal access to the process. Protocols like POAP and Funfair have already demonstrated provably fair lottery mechanisms when demand outstrips supply. Alternatively more market-like initial auction systems have been demonstrated by newer tokens like Gearbox which used 0xCider. Blockchains are demonstrably excellent at executing a provably fair, transparent process.
As to fees, a lot of the service fee charged by Ticketmaster actually goes to middlemen or the venue. Itâs how they were able to grow to their current size: they stopped treating the attendee as the customer. There is a market opportunity here to reduce Ticketmasterâs cut of the fees though. That is still substantial. Ticketmasterâs revenue was $12.3B in 2022. Itâs a rather perfect opportunity for some Defi mullet and weâre already seeing it start to happen even from Ticketmaster themselves[1][2][3]. This is where things like Raribleâs multi-chain protocol would really shine as it is fully indexed and is made to allow numerous frontends, dial their own parameters, and for people to pick whatever chain they want.
Finally, unlike a normal ticket stub or plain digital record an NFT ticket can be associated with extra metadata (even after the event). A system like Ticketmaster could add some type of history system so you can view a collection of your previous events and event highlight reels for each but they havenât in 20 years. By contrast, this is much more normal for NFTs already. Integrate this into a digital picture frame and you can have a place on superfanâs wall that cycles through highlights of the favorite games theyâve attended or that lets them build a digital gallery in something like Decentraland and compete with other fans.
So, thereâs an opportunity here to improve the status quo for venues, performers, and attendees and the only one who stands to lose is a generally reviled middleman. I donât think weâll get as much push-back from the consumers here as weâll see from Gamefi. However, stuff will need to be built.
The UX for buying tickets needs to be tailored to buying tickets. Customers need to see the layout of the venue for the seats being sold, be shown the context of the event, and be offered pathways to deeper engagement with that eventâs community. All of these are UI centric changes that donât require much contract code and are ripe for innovation. Adjacent to the chain, the NFT metadata stored on IPFS could be standardized for easier integration into navigation and viewing software.
Nortonâs âLifelockâ password manager accounts hacked in credential stuffing attack.
Credential stuffing is where an attacker uses usernames and passwords obtained in a previous hack to access other accounts. Phase 4 of my guide addresses this btw.
Stay safe out there!
https://reddit.com/r/ethfinance/comments/10j5dkj/daily_general_discussion_january_23_2023/j5mes6h/
macOS/iOS bros! Stop watching SuperPhiz reruns and update now! Moooaar security updates! Moooaar kernel vulnerabilities patched! macOS 12, macos 13, iOS 15, 16 and ⌠iOS 12!? Yeah⌠12. Weird. So if youâre still using an iPhone 3GS, update it too.
https://support.apple.com/en-us/HT201222
Edit: Oh and macOS 13 got Yubikey support. About fâing time Apple!
Mainnet shadow fork 1 finalising, according to Marius from the Geth team. đĽł
Assuming devnets run for another month, and then the two public testnets are spaced 3 weeks apart, that would put end March Shanghai. If devnets are run for two weeks and then the two public testnets each spaced two weeks apart, Shanghai date would be early March. Either way Shanghai in March seems increasingly likely (Just my own guessing, nothing official from the core devs on a date yet)
Iâm a long time hodler. At the moment I have most of my ETH staked with CB. With withdrawals coming soon. I figured now is a good time to explore solo staking. Since Iâm not tech savvy. I feel solo staking is a little out of my comfort zone. I looked into using dapenode and rocketpool. After looking at tons of videos and guides. I decided to try the rocketpool route. I followed this guys YouTube video.
I was able to follow along pretty good and now Iâm officially running a node on rocketpools testnet. Iâm surprised itâs actually working. With that said. I feel like Iâm missing so much understanding of what is really happening with my node. All I know is I followed a bunch of copy and paste code into the terminal and got it to work. Did I secure my device enough? Did I set up ssh that I have no idea how to use? Is my firewall setup? What is my computer going to do when I lose power? At this moment Iâm a very dangerous eth staker. Thereâs so much I need to learn in order to trust myself with staking real eth. I wish there was some kind of staking class I could attend. Iâm going to keep learning as much as I can until withdrawals are enabled. Once that happens my eth will go back to the safety of my hardware wallet until I feel 100% comfortable staking on my own. Thanks to everyone of you that help guys/gals like myself. Cheers.
Network density,
Half a million validate,
For security.
Disclaimer: This is a long-winded reflective post. Skip to the end if you would prefer a TL;DR.
Now is the perfect time to reflect on your own personal wins and regrets from the bull market just gone. Itâs quiet, fundamentals are showing strong with Ethereumâs strength above $1,000 and a bottom feels like it may have formed. Donât @ me if I jinxed it.
Personally, Iâd give myself a 5/10. Overall I did ok.
The Good:
My early bull run strategy was good. I sold the last of my Bitcoin after its initial run to $30K/40K as the first part of taking profits. I splashed out on a couple of things Iâd been wanting for a while and I diversified into to physical assets as well as leaving some aside for paying tax (just not quite enough in the end đ). Also, losses which will be covered in âThe Uglyâ were kept to a responsible (enough) % of my stack and I did not double down or try to gamble back shitcoin losses. Losses were accepted and rational portfolio allocations were stuck to. Once the shitcoins went to Goblintown, my precious ETH stack was left untouched.
Finally, I managed to hit my 32 ETH target and run a solo validator node. It was a lot of learning for me but solo staking is very satisfying and worth the effort.
The Less Good:
I sold all of my shitcoins and was full ETH by the time the bear market kicked in to 5th gear. This allowed me to fund quitting my job temporarily to go to Hodlercon and do a long delayed trip with my family in the UK. I should have sold these earlier but I managed to shake these bags before we entered Goblintown.
The Bad:
I had a cash out plan and my target was not hit as I was hoping. My cash out plan evolved after an event I will cover in the next section. The bad thing is that part of my target was hit and I did nothing about it.
The Ugly:
35% of my stack was lost to shitcoins in 2020 and DeFi coins in 2021. Overconfidence from picking out Chainlink in the 2018 bear and then selling the top in late 2019/early 2020 contributed to this greatly. It was a humbling experience but also, unfortunately this loss of 35% of my stack was the reason why my cash out target was not hit. I had a set $ amount I wanted to sell (which would be hit at around a $4.5K ETH) or when a bunch of my favourite indicators on https://www.LookIntoBitcoin.com flashed sell. After losing the 35%, the cash out amount crept up since I had less ETH to sell (it went up to about a $9K ETH). Due to the elongated nature of the late bull run, less than half of the sell indicators I was following flashed sell. I tried to time the peak too close. As a result, the peak I expected never came and I never sold when I should have.
Learnings:
So what have I learned and what can you learn from me? My first piece of advice is never to double down to re-coup losses. After I lost my shitcoin stack I was tempted to double down and I had other coins lined up. But guess what, those coins did terribly. I would have only lost more ETH and wouldnât be solo staking today. Set aside a portion of your stack to leave invested in ETH for the long run. Do not waver from this allocation. If you find that hard, maybe staking is for you. A 16 ETH rETH minipool or 32 ETH solo node cannot be partially sold. Itâs a great way to keep assets locked in for your long term investment thesis, also earn a yield and of course help to decentralise Ethereum!
Secondly, I think itâs important to stick to a cash out plan. Furthermore, I think laddering out is better too. Itâs easy to want to hit a target but this market is too unpredictable to rely on such a hit or miss strategy. Everyone is different, so I donât think this strategy suits everyone but if you are someone with a cash out plan, Iâd recommend sticking to it and Iâd also recommend having multiple targets over a single cash out price.
My final piece of advice is to stay humble and stay cautious. Now that I have experienced the feeling of winning a big bet on one of just 2 altcoins to go on a big run up last bear market and subsequently thinking Iâm a genius and can do it again, I see this attitude everywhere. Look at Do Kwon or any of the has beens last bull run. They think they can make a comeback and are trying to build up their redemption arcs. They got lucky. Then they got overconfident and greedy. Then the market turned and their shenanigans that they thought was proof they were geniuses revealed that they really arenât any better than the rest of us. In fact, theyâre worse. At least I kept my losses limited and didnât keep leveraging up. Keeping my bullishness and self-confidence in check is the only reason I didnât lose it all. There were definitely points where I wanted to go all in on my shitcoins but I didnât because I knew it was irresponsible.
Anyway, I apologise for the long-winded nature of this post. I donât really have the time today to flesh it out into a nice concise ordered write up. I guess Iâll leave you with a TL;DR instead.
TL;DR:
hardware wallet is a MUST if you have more than $2k in crypto and you are not cashing that out right now and leaving.
Transfer your valuable NFTs from hot/burner to COLD (hardware) wallet. While Gas is still quite cheap at night US time/morning EU time. You can bundle (x20 items) thru OS. Yes, you might end up paying like 0.01-0.02e per transfer.
Another good practice is to use revoke . cash âs application and also remove permissions from time to time.
I know to most people itâs a given but I keep seeing people getting hacked here and there and Iâd rather remind again. And your not garbage NFTs are valuable to! so remember that. Trust me, it might suck and feel like unnecessary investment and use of money transferring assets but youâd be happy you still have all your stuff cause for non-hardware wallets itâs not IF itâs WHEN youâll lose it all so act accordingly.
The following will serve as an extremely abbreviated version of my research into the revoke.cash browser extension, focusing as narrowly on privacy as I can.
Obviously weâre taking a different direction here, as this is clearly not a wallet. However, I think its fair to say that this one is particularly relevant to my ethfinanciers.
Revoke.cash was downloaded directly from the chrome webstore
Starting off, the extensionâs privacy tab on the chrome webstore page looks good. No data collection is always good to see.
Immediately upon installation we see this POST request to Amplitude, an analytics platform.
There are a few identifiers, including âuser_idâ, âdevice_idâ, âsession_idâ, and âinsert_idâ. Not so great.
And the keen reader may notice the fields âinitial_referrerâ, and âinitial_referring_domainâ. The values here are âEMPTYâ, but I take massive issue with this in the case that they are ever used to collect that data.
If theyâre going to be collecting your referer header, the least they could do is misspell it as the HTTP spec does haha.
I will go into how the extension functions in a more extensive revision, which will include a review of some crypto scams, and a taste of malware analysis.
But this single request to Amplitude got me wondering what happens when I visit https://revoke.cash using my everyday use firefox installation, with only uBlock Origin and NoScript enabled.
Here we see a request to hxxps://scripts.simpleanalyticscdn.com/latest.js - An obvious tracker, BOOM instantly killed by NoScript
Worth noting that I did not see a request to this domain when using the extension.
Here we see a javascript file trying attempting to force my browser to generate POST requests to 127.0.0.1:8545
Either way, killed by NoScript.
Maybe theres some extension functionality that its trying to interact with?
On the bottom right of the page you can see those connections are refused, even with the extension in use. Odd.
Back to firefox, we see a request to amplitude just as generated by the extension. However, this time uBlock killed that attempt.
I keep harping on the fact that by installing extensions, you allow them to completely bypass protections such as NoScript and uBlock Origin.
Be careful out there, folks
gm gentlemen,
a quick reminder about the KZG ceremony: https://ceremony.ethereum.org/
You can help by contributing your randomness to the whole thing. The more people participate the better, as it only takes one honest person to make the whole thing a success.
Itâs really easy and fast to do. All you need is an Ethereum wallet address with more than 3 transfers, and then itâs just writing some random text and signing a bunch of messages and youâre already done. The whole process takes <2 minutes.
Youâll get a POAP too, so get going and help secure & scale Ethereum! This will be used for the danksharding implementation later on.
To make an analogy, your posts about security analysis, and potentially teaching us to do those kinds of investigations ourselves, play the same role in the broader ecosystem that fraud proofs do on optimistic rollups. If you start with a trusted system, and the system is honest, then all is well and good, but if theyâre not honest, and nobody is checking on them, then they can get away with anything. For such a system to become trustless, you need a sufficient number of capable fraud-checkers who are checking often enough such that thereâs a near-certainty someone would catch malfeasance if it were present. The more people capable of checking ecosystem tools to see if theyâre doing bad things, the more trustless the ecosystem becomes. Itâs really crucial
Beautifully put. To this end, I will be putting together a guide detailing exactly the steps I have been taking, along with resources, and assistance wherever needed. The vast majority of the process is non-technical, just critical thinking with an almost cynical mindset haha.
I previously announced that I will be releasing a more in-depth review of revoke.cash, where this extension will also be used as we explore a variety of interesting crypto scams.
If youâre interested in learning more about infosec in a very easy to digest fashion, I would recommend checking that out when it is released.
I have also promised an analysis of Fire.
No commitment to any particular order can be made, but these are all on my plate.
This is last call for requests, before I leave this up to the community to continue.
Hey Fam
There was a comment a few days ago in the daily about me tweeting about JPEGs, and also the frequent âBankless has too many ads!â Take
I typed out a pretty thorough response, as itâs stuff I hear a lot and also I think is shortsighted. Since the comment was 3 days ago, itâs buried to the depths of Reddit, so I wanted to draw attention to it here:
https://reddit.com/r/ethfinance/comments/108x76j/daily_general_discussion_january_11_2023/j4d8cqf/
Would love yâallâs thoughts / feedback.
Love you guys
So a little something regarding how my staking experience is going.
Prior to the merge I was running Geth on one SSD and Lighthouse on another SSD.
My attestation performance was fairly good, consistently around 97-98%. Back then you didnât rely on the execution client for attesting, just for block proposals, so it wasnât a huge deal if it couldnât keep up.
Coming up to the merge I moved away from Geth and installed Nethermind on the same drive as Lighthouse, and on the other drive installed Teku-Besu (As a fallback pair).
Now with both a consensus client and execution client on the same SSD, and an execution being a requirement, it canât quite keep up. Attestation performance is averaging around 93-94% and I am seeing the occasional message pop up in my logs stating that the execution engine is not in sync.
Iâve been putting off addressing this for the longest time⌠But I figure better now than never!
Iâve ordered an NVMe that has 10x the read/write speeds and 10x the IOPS of the current SSDâs I have. Hopefully in the next week I will get it and install it and move the primary pair (Lighthouse-Nethermind) across.
If anyone else has been getting poor attestation performance, this may be something to look into.
I wrote a long post about my learnings at the end of 2021. That was (in hindsight) after we had peaked and I think itâs just reasonable to update that post and include my 2022 learnings.
I have some goals for the next 24-36 months and hope that reflecting on my learnings will help me to make stuff happen. Will it be as easy as I think? Def not (but I also donât think it is as easy as it might sound here!). But I want to grow, improve, challenge myself, so we need goals to measure success :)
Free EVMavericks Tees for ETHDenver!
Hope everyone is pumped for the conference!
If you happen to be going and hold an EVM, we will be ordering EVMavericks tees free for anyone that wants one for the conference! (fyi, First come first serve, there will be a max # of tees ordered)
To sign up, just drop your size and pick up your tee at the conference (no doxxing): https://discord.com/channels/963992696387694592/1064925676479729
Weâll also get some laptop stickers made for anybody that wants one! (No EVM necessary)
There will also be a few ethfinance & evmaverick hang outs planned for ETHDenver, so be sure to check those out if youâre going! Details to come!
Greetings allâŚthereâs been great coverage on the Nightfall privacy announcement. Iâve got a consolidate list of the links we hit:
From my POV, a good day here. Made great progress getting everyone at EY on the same page. Much love to the EthFinance communityâŚ
Another night shift,
Review and merge pull requests,
The open-source gift.
The Braskyâs Strike Back Part II
Itâs been over 2 months since my wife lost her job and wanted to share an update. We had both found job opportunities on separate coasts of the US and weâre prepared to live apart for a few months so that we could find the income to keep the house and wait for something permanent to open up back home. I had even readied the house and advertised it for rental hoping to find a tenant while we were gone.
At the last minute we both found jobs in townâŚnot only did she get hired with full time employment but sheâll be making 20% more than her previous job!!! I had been watching our little one as my main trade is in construction and the real money is made on large industrial projects but requires traveling away from home. I had found a part time gig that worked well with our schedules but had to quit as I was going back on the road to work. I got a call right before leaving and a side hustle that I had tried to get started back in August has now just opened upâŚand Iâll be making more than double my previous income while still playing daddy day-care!!!
The last few months have definitely been a trial and has put a lot of stress on our marriage but we came out as better spouses and better positioned than before!! We had enough savings in case of emergencies and I was prepared to start selling my sweet sweet precious ETH if things got worse. We were able to not burn through everything and our ETH stack is still intact earning rewards!! Glad I can share this my ETH fam and anyone else going through the fire. Amazed to have a spouse who can get aggressive and when the bear bites we bite back.
Economist Eric Budish presents a new paper (video) showing skepticism regarding the cost of securing the Bitcoin network. The main criticism boils down to the fact that there is no trust in the system (trustless), in the sense that there is no âmemoryâ to build up trust. A miner is only trusted by spending computing resources right now, but does not get rewarded for building up a good reputation. He argues that although this is a perfectly fine model for security, it getâs very expensive. In the concluding remarks, Budish briefly discusses PoS and says that it could potentially be used in a better way.
I think his arguments for the cost of securing the Bitcoin network is interesting and probably valid (depending on what the attack looks like). People in crypto should not be arrogant and dismiss criticism, but instead try to understand all perspectives to be able to build better systems. Iâm not sure how trust in a decentralized system would look, or even if itâs a good idea (Any Layer0 player comments?). Also, PoS certainly have clear advantages: E.g., the cost of an attack is significantly larger, as the attacker risks losing the capital (not the case with mining). But if the capital required to secure the network needs to be way higher than the transactional value of the network, that could be an obstacle for growth. Are there any attempts to clearly work out the economics for PoS?
Edit:
Thanks for the comments and suggestions to listen to Justin Drake on this, will take a look!
I also found this quite intense twitter discussion on the subject: https://twitter.com/alexoimas/status/1525505965029830656?s=20&t=X2P3CnyeNNKtinMsJCP9Ww
And this blog post: https://hugonguyen.medium.com/a-review-of-budishs-51-attack-theories-what-is-the-fair-price-of-an-old-asic-59a7dcf9ff94 which argues that the scenarios in Budish article are unrealistic. The author also argues PoW > PoS.
For the first time in my 6 years of crypto I am starting to seriously ponder: I do not actually get the âpointâ of bitcoin. Itâs unprofitable to mine it. It pays no yield if you already have it. It doesnât protect you from inflation. It needs a steady supply of greater fools during its cycle because its security costs scale with price (see: boom-bust curve). Its vocal supporters are cringe. Iâve always agreed that bitcoin is pristine collateral while ETH has a place as a programmable crypto asset but things have changed. Iâm at the point where the flippening is not a meme anymore - it is the guaranteed outcome of the supply/demand dynamics that we are witnessing now - just needs more time to play out. ETH is now the pristine collateral imo, and I donât see why in the future ETH canât have flipped Bitcoin multiple times.
I recorded a new Launch Pad episode with /u/sikhsoldiers. Jasper is an extremely popular member of the Rocket Pool community.
In the episode, we talk about how his early crypto journey had him spending time here in ethfinance, his path to the Rocket Pool community, and how he became Rocket Poolâs resident DeFi expect. At the end of the video, we do a run through of his paper âWhy Paradigm Was Wrong: How rETH Will Flip stETHâ.
You can watch it here: https://youtu.be/DwUQMZA9Jus
For those of you who donât know, Launch Pad is an interview series within Rocket Fuel - a daily news show summarising everything happening in the Rocket Pool community.
MEV-Boost relay transaction censorship has gotten a good amount of attention since the Merge, and for good reason. Fortunately, word has gotten around and the trend is improving.
So I think itâs time to emphasize another problem in the relay space: relays who also run builders. Relay-builders as opposed to independent relays? I need a better term for this. This is informed by my time working on the Aestus relay, and while I believe our relay can help with this problem, I hope you can trust that my goal here is not marketing. We donât make any money off this relay anyway.
In a world without relays, proposers and builders would have to trust each other directly: depending on the implementation one would always be able to steal MEV from the other. Relays sit in the middle and take on all that trust. As long as the relay is trusted, proposers and builders each enter a trustless relationship with the other.
However, a malicious relay, working with one side or the other, can execute all the attacks they were supposed to prevent. A relay working with a builder can steal MEV from a proposer or the other builders, and likewise, a relay working with a proposer can steal MEV from a builder.
Now letâs bring relay-builders into this. An entity that is running both a relay and a builder has a clear conflict of interest. Compromising the relayâs neutrality by working together with their builder could immensely improve profitability. Letâs list out some potential attacks that relay-builders could carry out. These are in roughly increasing order of subtlety and with names Iâm making up on the spot, with âyouâ being the relay-builder:
Single-Block Copying: Some third party builder has submitted a block to the relay that is more valuable than the block your builder made. Simply copy all the transactions from the third-party builderâs block, but make it so you keep any value that is not sent to the proposer. Send a bid to the proposer with your block instead of the other builderâs. A competent builder should be able to detect this and trash your reputation.
Ignoring Other Builders: A third-party builder submitted a block more valuable than your builderâs block. You should pass on the third-party bid to the proposer. Instead, pretend you didnât see it. Submit your builderâs bid instead. Done naively like this, the third-party builder should be able to catch it.
Multi-Block Copying: Multiple builders have submitted blocks with valuable MEV. Build your block from the most valuable transactions from each of them. Make sure your bid to the proposer will legitimately win the auction, but keep the rest of the MEV for yourself. I donât know if builders would detect this, might take some analysis and time.
Obfuscated MEV Copying: Same as with the first two copying attacks, but with intent to be subtle about it. For example, if a third-party builder/searcher has a truly novel source of MEV extraction that only they know how to do, theyâd recognize if it were stolen, so only copy MEV that can be identified as a recognizable strategy and is unlikely to come from a private mempool. Implement some fuzzing, make your copied MEV transactions slightly different so as to give plausible deniability that maybe your builder found that MEV on their own. Might be hard to detect.
Auction Manipulation: Anyone can check the best current bid through the relay API, which is a problem in itself, but the relay has particularly low-latency access to this info. In case a third-party builder only very slightly outbids your builder, quickly create a new block with a winning bid and propose that instead. The relay has some wiggle room with timing to make sure your builder can always outbid. Catching this would require long-term analysis and may be covered by plausible deniability or obfuscation.
Block Timing Manipulation: A third-party builder submitted a block more valuable than the one made by your builder. Give your block priority in the relayâs block validation system, or better yet, donât waste time validating it at all (you made it, you trust it). Make your competitorâs block low-priority for validation or otherwise stall it so itâs less likely to be ready when the proposer asks for the best bid. Hard to detect, covered by plausible deniability, and current data APIs donât expose enough timing information to help with detection or can be manipulated. This could be an actual concern.
Builder Colocation: Most builders will make ~1 submission per second, with value increasing over time as more bundles and txâs arrive. Builders that are geographically closer to the relay, with lower latency, will tend to have slightly higher-value blocks because of it. If a relay and builder are running in the same data center, under the same account/project, on a high-speed private LAN, that will give them a competitive edge. This maybe doesnât quite qualify as an attack, but a neutrality concern at least.
I want to be clear that I have no reason to believe existing relay-builders are malicious and carrying out these attacks. But why accept the possibility that they may some day occur? Why connect to relays that require extra trust assumptions when there are alternatives?
Right now, Ultrasound and Agnostic are the only relays not operating their own builders. Aestus is temporarily running a builder, but it doesnât extract MEV, doesnât take any profit, and only operates until we get a reliable set of third-party builders connected (otherwise we might not have any blocks for connected proposers). I would encourage everyone to direct their validators and builders to those relays and to ask existing relay-builders to consider only running one or the other. Iâm grateful to the early relay-builders for getting us off the ground, but now we can start to hold the space to a higher standard.
Iâm going to make some guesses for what might happen on the beacon chain regarding withdrawals. I want to qualify these as âguessesâ, because reality rarely unfolds as we expect and it would overestimate my foresight to call them predictions. Also, since Iâm not making predictions, I acknowledge that itâs difficult to quantify the results of many of these guesses.
BONUS: What our community can do to support this transition:
There was a fairly-notable phishing post on r/CC yesterday where the user mistakenly sent tokens to an address that looked very similar to his actual address (same starting and ending characters). He originally thought he had clipboard malware that changed his address, but it turned out he actually copied to the wrong address.
If you look at his PolygonScan history days before the mistakenly transaction, you can see that he was targeted multiple times.
All these similar-looking address had interacted with his account in the past 2 weeks:
This is known as address poisoning. Attackers send low-value token transactions and receive 0-value token transactions to-and-from your addresses, hoping that you accidentally pick their address in future transactions.
Blockchain explorers and and some wallets will show these transactions. The recommended way to avoid getting tricked is to use an address book of whitelisted addresses. Most wallets and exchanges have an address book feature.
Iâve posted a comprehensive list of crypto scams here along with best practices to avoid getting scammed: https://reddit.com/r/ethfinance/comments/106lsai/comprehensive_list_of_common_crypto_scams_and/
If youâre active in DeFi, youâll probably come across many scams and random phishing airdrops on your accounts. Especially true on low-fee networks like Polygon PoS and BSC.
We had so much fun in Hawaii weâre going to do it again⌠for those of you that donât know HodlerCon 2024 is currently in the planning stages. Join our Discord to get involved
Luau Dao is submitting a presentation about our Decentralized Layer Zero Vacation at ETH Denver! đ¤Fingers crossed we get accepted. That being said, we had to make a pitch video for the talk. I couldnât keep it to myself because I wanted to share it with you fam! I hope you enjoy!
GM EthFam,
So Iâve been thinking about whether LSDs represent almost a multipolar trap.
A multipolar trap is a situation where participants are incentivized to act in a way detrimental the good of the group, and to themselves in the long run. The most obvious example is the tradgedy of the commons. We each share a piece of land, it can support each of us grazing 10 goats. If I graze 11 goats the quality of the land might deteriorate, but so slowly it wonât matter, whereas I get 10% more goat, itâs an obvious choice. Unfortunately you all make the same obvious choice and so the field is overgrazed and after a few years becomes barren and most of everyoneâs goats starve. If you decide to be the better person and keep to the original limit of 10 goats, then all youâre doing is disadvantaging yourself relative to the rest of us 11 goat havers. We can all afford more turnips than you due to goat inflation and so you end up out competed.
Getting back to ether staking⌠by using a centralized service rather than solo staking you get access to an LSD. This gives you advantages in terms of opportunity access, you can swap into something else if you want to or create leveraged positions or whatever.
Like with the shared field, the disadvantage is on a community level. The decentralization and âlegitimacyâ of Ethereum the network, and by extention, ether the asset is compromized, meaning it is less likely to be as highly valued in the future. Sure, you could take the high ground and not use a centralized service, but then are you disadvantaging yourself with lost opportunity cost. And if you do, and most people chose a centralized service then you still lose out from the loss of perceived legitimacy anywayâŚ
âŚ
Except that entire scenario is not analogous to Ethereum staking today due to another option, that hopefully most of you have been hearing repeat in your heads the entire time youâve been reading. Rocketpool solves the lose-lose coordination failure, by providing an option that gives people the ability to access an LSD without compromising the decentralization of the whole. With it the multipolar trap is easily disarmed, the field doesnât need to be depleated for individuals to gain the advantages.
RocketPool is the G.O.A.T.
Donât underestimate the decentralizing impact Shanghai will have. Lots of people fully aligned with Ethereumâs defining values like me have ETH staked with cexs where we would rather not, for various reasons, who will be empowered by withdrawals to revisit their position and consider going solo.
Iâve run validators on testnet but donât have the skills/confidence to do it with real money right now, but Shanghai marks a big psychological target for me to remedy that and itâs very easy to be inspired by people in this sub, describing how rocketpool, dappnode etc. are very easy to do. Plus ethstaker and all the guides. Itâs taking on a huge financial responsibility but itâs about integrity and aligning oneâs actions with oneâs values and you see that across the Ethereum community and it is inspiring.
It might take 6 months but Iâm really looking forward to watching the transition of ETH from centralized stakers to clean green homegrown (fanless, I recently learned here, so no noise and no fiddly dust hoovering!) validators.
I named my testnet validator raspberry pi âGoldfishâ because I often couldnât leave it alone more than a day without it dying. Even put a little goldfish sticker on it. Iâm looking forward to carrying that bs over onto a nuc; name suggestions welcome.
https://reddit.com/r/ethfinance/comments/108x76j/comment/j3vp7io/
This brings back memories. I was so systems illiterate that it took me about a week to set up my rig before even syncing the block chains. Almost every step in the guides I had to Google something or pester the kind people in the ethstaker discord. Iâd never used Linux before. Had to actually Google where to find the command prompt in Ubuntu as if âTerminalâ wasnât obvious enough. Didnât know what port forwarding was. Many such examples. Once I finally felt like I knew what I was doing, I wiped the entire system and started again from scratch. Then did that a couple more times. Each time getting quicker and more confident. I think by the 3rd try I had got it down to 30 minutes before syncing the blockchains. I ended up validating on testnet for only 1 day, then swapped over to mainnet. I specifically remember phiz telling me to practice on testnet longer but beacon chain launch was imminent. I hesitated due to no withdrawal mechanism but decided there was no way I was missing genesis lol. Itâs been more than 2 years since then, my rig diligently staking 24/7 without any major problems. In a weird way itâs been one of the only constants in my life, as lifeâs events pass by.
Tldr; I agree Shanghai will likely increase decentralisation. if I can do it, literally anyone can, and will. A focus after Shanghai should be towards making the process easier to ensure it.
âMake sure Ethereum winsâ â Steve Newcomb reveals zkSyncâs prime directive
Probably stuff all the gigabrains in ethfinance already know but cool to see zkSyncâs devotion to the Ethereum vision.For him, the end game of Ethereum is security so perfect that no quantum computer can break it and decentralization so good that no nation-state can stop it â in other words, a âprivate internet computer that cannot be hacked by any computer or stopped by any nation-state.â
âI want people to understand that this is more important than technology; this is possibly as important as what comes after capitalism and democracy,â he says.
I have a few Rocketpool validators that are currently pending. They should be active in 3 hours. After I write this comment, Iâm going to bed. Iâm not very active in this sub but I lurk like a mf. Iâm feeling inspired to talk about my journey from an ETH Holder to an ETH Staker.
My new yearâs resolution is to focus more on learning ethereum rather than focusing on price.
Lessons learnt in 2022:
Goals:
This is the second installment of my series of posts regarding the privacy of various Chrome browser crypto wallet extensions.
First entry can be found here, where we analyzed Rabby.
My approach:
This analysis has shown that my previous approach of broadly categorizing findings under âthe ok, the bad, the ugly, and the weirdâ is insufficient, subjective, and does not properly represent what I wish to convey.
Using Kali Linux, I downloaded Google Chrome directly from google.com/chrome.
Analysis of encrypted traffic was completed using BurpSuite + the provided root cert, installed in chromeâs local cert repo. Chrome is then launched with a proxy set to Burpâs listening port.
I will not be doing any sort of transactions whatsoever. I will, however, connect the wallet to a dapp.
On this New Years Day we will be taking a look at Tally Ho!
The Tally Ho extension was downloaded from https://chrome.google.com/webstore/detail/tally-ho/eajafomhmkipbjmfmhebemolkcicgfmd
I must start off by giving Tally Ho credit for something that Rabby did not implement. As I went through using the wallet to create a new address, I paid no attention to the seed phrase.
I was hit with a quiz that ensures that the user knows their seed phrase. I reinstalled Tally Ho, created a new address, and passed the quiz this time.
An excellent general security practice that every wallet should implement.
Upon installation, the first request Tally Ho generates is to api.coingecko.com in search of current token prices. Notice crab season in full effect.
Here we see a request for Arbitrumâs token list.
This is a âweb3â wallet, and as such we see many requests destined for chains and defi services that us ethfinanciers wont (admit to, at least) be using much.
An example of such a request, one which is quite demonstrative of the rest, looks like https://imgur.com/AEjA8m1
I dont have a problem with this activity, but it would be great to have a more Ethereum-centric version of this wallet.
api.blocknative.com is used to fetch Ethereum gas fees and block info.
Tally Ho reaches out to Compound Financeâs Github repo âtoken-listâ for a list of, you guessed it, tokens.
For a benign example of why this is not such a great practice, check out this request to Trader Joeâs âtoken-listâ repo.
The response is a 404. Not a huge problem, just a bit sloppy seeming. Could be bad news if an attacker is able to gain access to that repo, which is likely much less heavily protected than Trader Joeâs other assets.
Here is where things get a bit more subjective.
We see Ankrâs API being used to get the ETH balance of my new Ethereum address, notice the value â0x0â in the response.
And for the Alchemy haters, Ive got some bad news:
Alchemyâs API is used to fetch my addressâ balances of various tokens, which are specified by contract address in the POST request body.
You may notice requests to mainnet.infura.io in the above image. No need to worry, these requests were generated strictly by connecting to staking.synthetix.io.
One thing that left me a bit puzzled is this request to resolve.unstoppabledomains.com
My wallet address is sent as a GET parameter. Along with an âAuthorization:â HTTP header.
I have not had much time to look into this service, and would love to know more if anyone has any insight.
Refreshingly, no requests to telemetry services or advertisers were found.
I call upon the great /u/REALJohnBMacLemore. Would you please be willing to do the dirty deed, ser?
Happy New Year, yall!I continue to be amazed by the transparency of Defi sometimes. Just look at the Yearn.finance employee expenses here. Continuously streamed, withdrawn whenever the payee wants. Compare this to your traditional corporate payroll system.
Interesting message from Juno Finance:
Dear User,
This is an important announcement.
Juno doesnât custody crypto assets and relies on crypto partners for providing these services. Due to uncertainty with our crypto partner who is responsible for crypto operations for Juno, we strongly recommend withdrawing your crypto assets into a self-custody wallet. You can also choose to sell these assets for cash and keep them secured in your Juno checking account which is FDIC insured up to $250,000 via Evolve Bank and Trust.
There are daily platform limits for sells and withdrawals and weâre working with our partner to increase them for a smoother transition. Due to current market uncertainty we have also disabled crypto buys on the platform and auto-converted some of the stablecoins (USDC, USDT and mUSDC) to USD. Any fees incurred will be reimbursed. We apologise for the inconvenience and will keep you posted.
All Banking and Card related services continue to operate as usual. We will also transition to a new crypto partner in the coming weeks.
Emphasis mine.
Maybe theyâre shifting around their crypto backend and they arenât sure how assets held by the crypto provider will be handled during the transition. Itâs cool that they advocate for self custody.Heyyo! My Pride! I wanted to bring more attention to this post by Maswasnos further down in the daily.
If you have crypto assets stored with Juno or Wyre, withdrawal them now! The email in that post feels funny to me. The words seem exceptionally well chosen to provide the most warning with the least possible legal consequences. I suggest you heed their warning. If you custody with someone else, be sure they are not using Wyre to custody their assets. IMO, that is who Juno is attempting to warn you about.
Again, nothing confirmed, just my feeling.Heya fam, I need some help collecting more scam examples that are different to those I already have. If anyone has examples, Iâd appreciate a DM with it, a reply to this post with an imgur link or something or a discord DM at dreth#1988 if you have any good examples I havenât listed.
As of right now I have:
Thereâs one notorious scam I know Iâm missing and thatâs fake support people, so Iâd appreciate at least one example of that, not more than one is needed.
If thereâs any meaningfully different or interesting scams you have examples of, please send them my way. Iâd also apprecaite malware or anything that could be misleading to users or put them at risk. Do not post malicious links as a reply to this comment, just DM them to me.
Iâm on the EVMavericks discord and moderate the StakeWise discord, verify my username well if you want to DM me on discord, donât get scammed.
A million thanks to everyone that have helped me out !have a great day my fellow âeth maxisâ.
bear markets are great for buidlers.
while looking for web3/blockchain related jobs, I began working on my own blockchain project : Iâm building (from scratch front-end/back-end, the whole 9 yards) an LSD niche focused DeX liquidity aggregator.
way down the road, Iâm thinking about adding features like evolving the project into a platform that will make it easier for users to participate into liquidity pools, create and run rocketpool minipool, create finance-focused NFTs using oracles and open order books.
even if the project is a total failure and absolutely no one uses it, Iâm still happy to be full hand on on it building everything from UI/frontend to the backend and integration APIs of Uniswap/0x and interacting with Rocketpool/uniswap and building smart contracts.
as a software engineer, itâs an experience that is like a breeze of fresh air to do a fun side passion project that may or may not transform into a ârealâ product.
worst case scenario, no one uses it but it gives me legitemacy when talking about my experience in the web3 with recruiters.
best case scenario, users love it and it becomes my full time job.
âaverageâ scenario, it has some kind of traction, and keep being a fun passion project I will maintain while working full time job somewhere else.
anyway, thank you for reading my post, have a great day and may the force be with youWellâŚI think some records will never be broken.. According to my notes /u/Maleficent_Plankton has the best P/E ratio in the sub.
They have made 111 comments (according to Moderator ToolBox) in Ethfinance and achieved Doot status 16 freakinâ times. Thatâs crazy high.
Just wanted to give a shoutout on that amazing achievement.In an effort to spread awareness of what everyone in the project is working on, below is a list of users and their projects.
| Username | Description | |
|---|---|---|
| . | 404bachee | Creating an LSD DEX and lending app |
| . | 696_eth | EVMavericks Weekly - The top EVMavericks events of the week |
| . | austonst | Austus MEV-Boost Relay - A neutral, non-censoring block relay for Ethereum proof-of-stake validators and block builders |
| . | bbroad25 | â.08 today, easy.â |
| . | BramBramEth | Working on a seed phrase recovery tool |
| . | clamchoda | âŕźź 㤠ââ ༽㤠ETH TAKE MY ENERGY ŕźź 㤠ââ ŕź˝ă¤â |
| . | cryptojobsgg | CryptoJobs.gg - The #1 crypto jobs board for employers and future employees |
| . | Cryptouf | Unofficial Curve Newsletter - A newsletter about whatâs happening in Curve Finance |
| . | danceratopz | disCarbon - An app to offset your flight emissions by purchasing carbon credits |
| . | davidahoffman | Bankless Co-Founder - A guide for the crypto journey |
| . | domotheus | EF Researcher |
| . | Dreth | Writing a book about crypto/defi (hence asking for scam examples recently) and writing in my blog https://dac.ac/ |
| . | eetherway | Influence - An open-economy, space strategy MMO in which players own all of their content |
| . | ethmaxitard | L2 Cheatsheet - A directory of L2 resources |
| . | fc-test | Working on building a web3 game |
| . | hanniabu | Îther Îąlpha - Develops open source tools and resources (including this site!) |
| . | haurog | disCarbon - An app to offset your flight emissions by purchasing carbon credits |
| . | hashtagfuzzmaster | âALL HAIL THE ETERNAL CRABâ |
| . | InsideTheSimulation | RatioGang - A site to track the ETH/BTC ratio and flippening progress |
| . | Jey_s_TeArS | Daily haikus until weâre at least at 0.178 on the ETH/BTC ratio or highest market cap |
| . | jtnichol | Ethfinance Doots Happy Hour - A livestream roundup of the top 10 Doots of the Week GridPlus team member |
| . | logic_beach | RobotADay - An NFT collection with the goal of creating one robot per day; Coordinates a cohort of solidity learners: https://discord.gg/aVnY7jnJWt |
| . | LogrisTheBard | Tokenomics Explained - Explores financial topics related blockchain |
| . | Mister_Eth | ETHTPS.info - A dashboard to analyze the TPS of Ethereum and layer 2 networks |
| . | nikola_j | DeFi Saver - A one-stop dashboard for creating, managing and tracking your DeFi positions |
| . | nixorokish | EthStaker - Ethereum Beacon Chain community health consultant |
| . | pbrody | EY Blockchain team member |
| . | ProfStrangelove | LimitRanger - A dapp to use limit orders with Uniswap while paying low â or actually earning â fees |
| . | REALJohnBMacLemore | Caches - A web3 authenticated multi-topic forum on all subjects related to the Ethereum protocol and Web3 technology |
| . | RooftopPortaPotty | Doing security analysis of browser extensions and web3 wallets |
| . | stevieraykatz | Coinlander - An interactive experiment in the design and development of community gaming primitives, including the Seeker characters and The One Coin artifact |
| . | superphiz | EthStaker - Ethereum Beacon Chain community health consultant |
| . | the-A-word | Ethfinance Doots Happy Hour - A livestream roundup of the top 10 Doots of the Week |
| . | ToEthMooonGuy | âTo ETH Mooon!!! â(°0°)ââ |
| . | Tricky_Troll | Trickyâs Daily Doots |
| . | waqwaqattack | Rocket Fuel - A daily summary of all the happenings in the Rocket Pool community on Discord, Reddit, and the DAO forum and Redditâs r/ethfinance daily thread |
| . | Wholesome_Crypto | Wholesome Crypto - A podcast interviewing prominent people in crypto to share what lead them on their current path |
| . | wizardofhex | POAP Gated Documents - An app to share POAP-encrypted documents and open to contributors (registered with GitPOAP!) |
| . | ZeroTricks | EthArchive - A tool to view what happened âOn this Dayâ in Ethereum |
Made by Ether Alpha with â¤ď¸
