In this 3-2-1 Q&A Session #1, Jerome and Pratik will answer 3 questions Coinchange users asked them, 2 most important twitter threads Coinchange readers need to be aware of and 1 DeFi hack that happened over the last month.
In short here is what you will be learning about:
Question 1: When is the Ethereum merge expected to occur, and what will be the results of the Merge?
Question 2. What is the most recent update in the regulations for crypto?
Question 3. What is new at Coinchange?
Twitter Thread #1: Using Certora, MakerDAO recently found a fundamental bug that was in the code for 4 years!
Twitter Thread #2: Uniswap acquires genie.xyz which is a NFT marketplace aggregator.
DeFi Hack: Uniswap User Loses $8M Worth of Ether in Phishing Attack.
When is the Ethereum merge expected to occur, and what will be the results of the Merge?
Ethereum Merge is expected to occur around September 2022. The current Ethereum Mainnet referred as “ETH1” will merge with the Beacon Chain proof-of-stake system referred to as “ETH2” and will mark the end of proof-of-work for Ethereum. After the merge this naming distinction will be deprecated.
What is the most recent update in the regulations for crypto?
The most recent update in the regulations is from the EU regulators. The EU agreement has two key components:
Insider trading, Wash trading and Front running. MiCA calls on cryptocurrency businesses, most notably token issuers, to declare information on their environmental and climate impact.
What is new at Coinchange?
The Coinchange 2.0 mobile app release for iOS and Android is focused on a refreshed look-and-feel and improvements to the UX design and messaging in all user journeys across the app. The release also provides Coinchange users with enhanced account security with 2-factor authentication using Google Authenticator, and other popular multi-factor authentication services, improving security with industry-standard 2-step verification methods.
We already have the next update almost ready to be released which would cover easier transfer to Earn account and improved security for multi-account access. Stay tuned for the next Q&A where we’ll give you more details.
Twitter Thread #1 Using Certora, MakerDAO recently found a fundamental bug that was in the code for 4 years! If exploited, the bug would have dramatically increased the price of DAI making it difficult for users to repay their debts.
The bug was found after extensive test, audit, integration testing and formal verification by the Protocol Engineering Core Unit. The Certora Prover automates formal verification which MakerDAO uses as part of their tool since 2021. Formal verification is the highest and most thorough security assessment that can be done thanks to its exhaustiveness. Funds were not at risk because of the steps required to “exploit” the bug.
This event shows that use of Formal Verification should be part of a holistic approach to smart contract safety. It highlights that even the most tested and long standing protocols can have bugs. Hence why audit and formal verification are not enough to make a protocol truly secure. What does is the implementation of the right sets of control over the protocol (multi-sig and timelock) which MakerDAO has in place which essentially rendered quasi-impossible to “exploit” the bug.
An NFT marketplace is essentially an application that is the facilitator for people to buy and sell NFT and an NFT marketplace aggregator aims to achieve the same benefit as ‘1 Inch DEX Aggregator’ but for NFT, whereas 1 Inch is dedicated to ERC20 only. We’ve covered the marketplaces and their role in the adoption of NFT in our research paper. Although it is not the first time that Uniswap is using and implementing NFT in its offering (remember UNisocks redeemable and the latest upgrade to V3 which uses NFT as position ownership for LP instead of an ERC20).
Uniswap is positioning itself as a comprehensive platform to purchase any digital asset, whether ERC20 or ERC721. It follows the footstep of Pancakeswap which implemented NFT purchase from their app since Sept 2021 and SushiSwap which is currently experimenting with its NFT platform ShoyuNFT. This decision is perfectly rational when those DEX already have a loyal user base and can also benefit from the additional revenue that NFT trading can bring.
We can note that Genie is not the only NFT marketplace aggregator that exists. Gem.xyz is also an NFT marketplace aggregator which has been acquired by Opensea in April this year but will work more like an investment/advisory relationship than a merger (meaning that Gem will continue to operate as a stand alone product & brand).
Uniswap User Loses $8M Worth of Ether in Phishing Attack. The attacker enticed users with a fake Uniswap airdrop message. The message claimed to airdrop UNI tokens to liquidity providers (LP) based on the number of fake LP tokens they received. Liquidity providers supply their assets on Uniswap in return for rewards. Interacting with the phishing message, however, gave the underlying smart contract permission to transfer assets out of and gain full control of a user’s wallet. One person, who was providing over $8 million worth of wrapped bitcoin (WBTC) and USD coin (USDC) to a WBTC/USDC liquidity pool, according to blockchain data, unknowingly interacted with the phishing message. In the hours following the attack, Binance founder Changpeng Zhao alerted users to be aware of a possible exploit on Uniswap. This was however later corrected, as the exploit was limited to a phishing message and did not affect the Uniswap protocol.
The attacker was able to gain control of the wallet, exit the LP’s positions and transfer the tokens to other wallets. Blockchain data further shows the attacker started to move stolen funds through privacy protocol Tornado Cash.
Phishing scams happen all the time. However we are not exposed to this attack as Coinchange doesn’t interact with any UI for any protocol that we use in our strategies. We create proxy contracts that directly interact with the smart contracts of the protocols and this eliminates the interaction with the UI or the website interface of the protocols.
This concludes our 3-2-1 Q&A article. We’ll see you in the next one, two weeks from now.
Meanwhile, kick back and earn passive income using Coinchange. Sign up today!