Open Source

ERC-2771 integration introduces address spoofing vulnerability — OpenZeppelin

The smart contract vulnerability arises after the integration of ERC-2771 and multicall standards. OpenZepplin identified 13 sets of vulnerable smart contracts.

Soon after Thirdweb revealed a security vulnerability that could impact a variety of common smart contracts used across the Web3 ecosystem, OpenZeppelin identified two specific standards as the root cause of the threat.

On Dec. 4, Thirdweb reported a vulnerability in a commonly used open-source library, which could impact pre-built contracts, including DropERC20, ERC-721, ERC-1155 (all versions) and AirdropERC20.

James Edwards, the lead maintainer for cybersecurity investigator Librehash, said that while AI chatbots can develop smart contracts, deploying them in a live environment is risky.

Read more

Fight between crypto and governments “just getting started,” says ShapeShift CEO

The crypto industry needs to prepare for increasing government pressure as it ramps up its challenge to state monopoly over money, says ShapeShift CEO Erik Voorhees.

Despite the unprecedented regulatory pressure that crypto has been facing recently in the United States, the fight between the American government and the crypto industry has just started, believes ShapeShift CEO Erik Voorhees.

According to the entrepreneur, U.S. authorities still don’t see crypto as an existential threat to the fiat system, with their recent crackdown an opportunistic reaction to last year’s blowups of fraudulent crypto companies.

“They see it as sort of this scammy area where they can come in and look like the hero for cleaning up a mess,” Voorhees said in an exclusive interview with Cointelegraph.

According to Voorhees, crypto must become mainstream before governments move against it fully. At that point, “it will be too late” for government actors to crack down on crypto since too many people will be aware of its value and utility.

Voorhees does not doubt that crypto will ultimately win the battle for the hearts and minds of people, partly because it is free from the restrictions on capital flows in traditional finance systems.

“Capital goes where friction is least […]. In the crypto world, capital moves freely; it moves effortlessly,” he pointed out.

Watch the full interview on our YouTube channel and don’t forget to subscribe!

Fight between crypto and governments “just getting started”, says ShapeShift CEO

The crypto industry needs to prepare for increasing government pressure as it ramps up its challenge to the State monopoly over money, says ShapeShift CEO Erik Voorhees.

Despite the unprecedented regulatory pressure that crypto has been facing recently in the United States, the fight between the American government and the crypto industry has just started, believes ShapeShift CEO Erik Voorhees. 

According to the entrepreneur, U.S. authorities still don’t see crypto as an existential threat to the fiat system, and their recent crackdown is just an opportunistic reaction to last year’s blowups of fraudulent crypto companies. 

“They see it as sort of this scammy area where they can come in and look like the hero for cleaning up a mess,” Voorhees said in an exclusive interview with Cointelegraph.

According to Voorhees, crypto needs to become mainstream before governments move against it fully. At that point, “it will be too late” for government actors to crack down on crypto since too many people will be aware of its value and utility.

Voorhees has no doubt that crypto will ultimately win the battle for the hearts and minds of people in part because it is free from the restrictions on capital flow that are present in traditional finance systems.

“Capital goes where friction is least […]. In the crypto world, capital moves freely, it moves effortlessly,” he pointed out.

Watch the full interview on our YouTube channel and don’t forget to subscribe!

Polygon launches decentralized ID product powered by ZK proofs

The public launch of Polygon ID comes 12 months after it was first launched in a closed-environment to a select group of builders.

Polygon, a layer-2 scaling protocol for Ethereum, has launched a zero-knowledge decentralized identity solutionto the public nearly a year after announcing its development.

The Polygon ID service uses zero-knowledge proofs (ZK proofs) that use cryptographic techniques to allow users to verify their identity online without having their sensitive information passed or potentially stored with a third party.

Polygon Labs publicly released Polygon ID on March 1, almost 12 months after the project was officially launched in a closed-source environment.

The Polygon team says Polygon ID was built to “solve the issue of digital trust.”

“What sets Polygon ID apart from most other decentralized ID frameworks is its implementation of zero-knowledge technology, allowing users to verify their identities or other credentials without necessarily revealing sensitive information,” Polygon said.

The public release introduces four new tools to the Polygon ID toolset — Verifier SDK, Issuer Node, Wallet SDK and Wallet App — that will allow Polygon developers to integrate decentralized identity into their applications.

A simple chart explaining how Polygon ID interacts with user credentials. Source: Polygon

Users will be able to produce zero-knowledge proofs using off-chain credentials — such as their passport, national ID or a bachelor’s degree — to interact with smart contracts and verify information on-chain.

“This means that off-chain data can now be used for trustless on-chain verifications in the widely-supported Verified Credential format.”

Polygon claims it’s also the first ZK-based digital ID tool that allows users to hold credentials locally on handheld devices such as smartphones, and that users will no longer need passwords:

“Passwordless logins exchange encrypted verifiable credentials by simply scanning a QR code or connecting to a desktop wallet. Organizations can benefit from improved security, a better user experience, and productivity of their system administrators whose time is not taken up by password resets.”

The co-founder of Polygon ID, David Schwartz, said in a March 1 tweet that the product was built “on the latest decentralized identity standards” which will help protect developers and users against unauthorized access from third parties.

“Providing identity in a way that the average consumer can use is the holy grail of digital ID adoption,” he explained in a separate press statement.

Related: Decentralized finance to be examined at inaugural CFTC tech advisory meeting

Multiple projects have already committed to integrating Polygon ID upon launch, such as Web3 infrastructure provider Kaleido, ID verification solution Fractal and Web3 community management system Collab.Land. Together they have a user base of over 4 million, according to Polygon.

Other Web3 projects, such as metaverse platform The Sandbox and blockchain builder community Guild.xyz, are in the process of integrating Polygon ID too.

Following the news, the price of Polygon’s native token, MATIC (MATIC), increased 2.5% from $1.22 to $1.25 in a matter of hours before falling back to $1.23.

Other blockchain-based ID products out in the space today include Quadrata and IDNTTY.

Coinbase new blockchain seen as ‘massive confidence vote’ for Ethereum

One Ethereum bull hopes the launch will help onboard a host of other crypto companies and financial institutions onto Ethereum.

The Ethereum community appears to have taken a bullish view of Coinbase’s newly announced layer-2 network, Base, which has been described as a “massive confidence vote” and a “watershed moment” for the blockchain network. 

Secured on Ethereum and powered by layer-2 network Optimism, Base aims to eventually become a network for building decentralized applications (DApps) on the blockchain. The layer-2 network is currently in its testnet phase, according to Coinbase CEO Brian Armstrong.

Members of the crypto community such as Ryan Sean Adams, host of the Bankless Show, believe the move “is a massive vote of confidence for Ethereum,” which could set a precedent for cryptocurrency companies and financial institutions to use Ethereum as the settlement layer of choice.

Coinbase has approximately 110 million verified users and has partnered with 245,000 companies in over 100 countries since it was founded in 2012. Its cryptocurrency exchange is the second largest in terms of trading volume, behind Binance according to CoinGecko.

“If Coinbase converts 20% of its 110m verified users to Layer 2 users in the coming years, this alone will 10x the total number of crypto native users,” Adams added.

Adam also commended Coinbase for opting to open-source Base and believes the new layer-2 network will bring about even more block space demand on Ethereum.

Meanwhile, Sebastien Guillemot, co-founder of blockchain infrastructure firm dcSpark, suggested that Coinbase made a wise decision to go with a layer 2 as opposed to an independent sidechain, noting that “almost all” cryptocurrency transactions and value locked on Ethereum resides on layer 2s these days.

Ryan Watkins, the co-founder of crypto-focused hedge fund Syncracy Capital, described the news in a Feb. 23 tweet as a “watershed moment” in the Ethereum rollup ecosystem. He added that there was “likely no one better” positioned than Coinbase to onboard the next 10 million users and institutions to Ethereum.

Not everyone was bullish though.

Gabriel Shapiro, general counsel of investment firm Delphi Labs, explained in a Feb. 23 Twitter post that launching a centralized layer-2 network “opens the door” to unwanted SEC scrutiny.

Related: Coinbase beats Q4 earnings estimates amid falling transaction volume

“A centralized L2 that trades lots of tokens any number of which could be alleged securities, or does lots of DeFi transactions that arguably might alleged to be regulated (securities swaps etc), opens the door to the SEC making new kinds of secondary market claims,” wrote Shapiro, adding:

“imo, this will accelerate the SEC’s “secondary market” agenda re: blockchain securities issues, because they can’t let an SEC registrant “get away with” potential violations & build up a legal arbitrage strategy right under the SEC’s nose.”

Shapiro’s concerns come as the SEC has recently upped its enforcement efforts against several stablecoin issuers and staking service providers of late.

Regarding the launch of Base, the lawyer opined that it could be a “bad step for them” and inflict “collateral damage” on the rest of the ecosystem, particularly in the event that the SEC finds a vulnerability to expose:


The importance of open-source in computer science and software development

Open-source software development promotes collaboration, innovation and accessibility in the tech industry.

Open-source refers to the practice of making source code freely available to the public, allowing anyone to view, modify and distribute the code. In computer science and software development, open source is important for several reasons, as explained in the below sections.

Collaboration and innovation

Global collaboration and contributions to the creation of software projects are made possible by open source, leading to faster innovation and the creation of more advanced and reliable software.

The creation of the Linux operating system is a prime illustration of how open source promotes cooperation and innovation. Linus Torvalds founded the open-source Linux project in 1991. It is one of the most popular open-source projects in history and is widely used in servers, smartphones and other devices today.

Related: Why less may be more when building Web3

Thousands of programmers from all over the world work together on the Linux project to develop the operating system by correcting problems, adding new features and enhancing performance. Anyone can contribute to the project because the source code is openly available for developers to inspect, alter and share.

The collaborative spirit of the Linux project has sparked quick innovation and produced an extremely sophisticated and dependable operating system. There are numerous instances where open source has aided in collaboration and creativity, including the creation of the Python programming language, the MySQL database and the Apache web server, to name a few.

Cost savings

Since open-source software is frequently free to use and distribute, both enterprises and individuals can significantly cut the cost of software creation and deployment.

The use of the LibreOffice productivity suite is one example of how open-source aids in cost savings. Alternatives to expensive, closed-source office productivity suites, such as Microsoft Office, include LibreOffice. Businesses and individuals can avoid paying high software license fees by utilizing LibreOffice.

Increased transparency and security

By allowing anybody to access, evaluate and alter the source code, open source encourages greater transparency and security. This increases the software’s overall security and stability by allowing developers and security professionals to find and repair bugs and security vulnerabilities more rapidly.

For instance, a group of developers that work on the project can remedy a problem if a security flaw is found in an open-source project. This community is capable of promptly identifying a fix and producing a patch that can be widely applied, enhancing the software’s security for all users.

Proprietary software, in contrast, is created behind closed doors, with the vendor of the product being the only one with access to the source code. It is the vendor’s responsibility to address the problem and make a patch available when a security flaw in proprietary software is found. If the vendor is not motivated to accomplish this, the procedure may take some time or even not happen at all.

Community support

Open-source software often has a large and active community of users and developers who provide support and help to improve the software. This can result in faster and more efficient problem resolution.

Related: What are decentralized social networks?

The creation of the WordPress content management system is one instance of how open-source fosters community support. Since its initial release in 2003, WordPress has grown to become one of the most widely used content management systems in the world, powering millions of websites.

A sizable and vibrant community of users and developers work together on the WordPress project to advance the platform. Through online forums, documentation and tutorials, this community helps to make WordPress more approachable and user-friendly by offering assistance to other users.

Education and training

Students and professionals can access real-world software projects using open-source software, giving them a chance to learn and advance their abilities. Additionally, open-source programming languages, such as Python, Java and Ruby, are frequently utilized in education and training courses because they are affordable, simple to learn, and have a big user and developer community that can offer assistance and resources.

For instance, many colleges and institutions teach computer science and software development using open-source programming languages because they allow students to use tools and technologies that are currently in use and help them build skills that are applicable to the labor market.

Additionally, many open-source development tools and platforms, such as GitHub, are widely used in the industry, making it possible for students to gain experience with tools and technologies that are used in real-world development projects. This can help to bridge the gap between education and employment, making it easier for students to transition into software development careers.

Starkware commits to open source its ‘magic wand’ Starknet Prover

The prover is the crucial engine Starkware uses to roll up hundreds of thousands of transactions and compress them into a tiny cryptographic proof written on the Ethereum blockchain.

Ethereum layer 2 scaling solution StarkWare announced plans to open source its proprietary Starknet Prover under the Apache 2.0 license, which has processed 327 million transactions and minted 95 million nonfungible tokens (NFTs) to date. 

The prover is the crucial engine Starkware uses to roll up hundreds of thousands of transactions and compress them into a tiny cryptographic proof written on the Ethereum blockchain.

“We think of the Prover as the magic wand of Stark technology. It wondrously generates the proofs that allow unimaginable scaling,” said Eli Ben-Sasson, president and co-founder of Starkware.

Eli Ben-Sasson presenting at the Starkware sessions 2023. Source: Cointelegraph

Starkware has faced criticism from the crypto community and competing solutions such as ZK Sync and Polygon for holding onto the IP behind its tech, which contradicts blockchain’s open source and interoperable ethics.

Making the prover open source under the Apache 2.0 license will enable any other project or network — or even games or database developers — to make use of the technology, edit the code and customize it. The tech was released in 2020 and is already being used by ImmutableX, Sorare and dYdX.

A sneak peek of the Starkware sessions 2023. Source: Cointelegraph

Avihu Levy, Starkware’s head of product, was reluctant to commit to a time frame for open-sourcing the prover but said it would occur after the token launch and decentralization of Starknet itself. He agreed, however, that it would be possible this year.

“We want to move forward with a decentralized, permissionless network and that means that you need to have this critical component out there,” he revealed speaking to Cointelegraph.

Levy said the decision to open source the prover showed Starkware was increasingly confident about its technology and said it would also enable projects to be more confident about using it as a crucial part of their protocols.

“In StarkEx, it’s sometimes considered vendor lock-up or lock-in. So the commitment wasn’t just a business commitment it was a technology commitment to StarkEx,” he explained.

“This is a strong signal that you will have everything you need to run it yourself independent of Starkware.”

Starkware has already open-sourced its programming language and EVM competitor Cairo 1.0, Papyrus Full node and is in the process of open-sourcing its new sequencer.

Related: StarkNet overhauls Cairo programming language to drive developer adoption

Ben-Sasson launched the Starkware Sessions conference in Tel Aviv on Sunday, which organizers said was the largest layer 2 conference held so far.

“This is a landmark moment for scaling Ethereum,” he told about 500 developers and guests. “It will put Stark technology in its rightful place, as a public good which will be used to benefit everyone.”

Decentralized Twitter alternative goes live on Apple’s App Store

The Damus app is powered by Nostr, which uses decentralized relays to distribute end-to-end encrypted messages, and has a powerful backer in Jack Dorsey.

Damus, a so-called “Twitter killer” built on a decentralized network, has been approved on the Apple App Store.

The Damus team confirmed the approval to its 11,500 Twitter followers on Jan. 31, following what it claims were at least three rejections from the Big Tech player.

Shortly after, Twitter co-founder and Nostr contributor Jack Dorsey shared the news with his 6.5 million followers, with the entrepreneur labeling it as a “milestone” moment for open-source protocols:

The app dubs itself the “social network you control” and is a messaging service built on Nostr — a decentralized network enabling encrypted end-to-end private messaging, among other things.

It plans to become a social media platform with uncensored content. It also has built-in payments through the Bitcoin (BTC) layer-2 Lightning Network, according to a Jan. 27 post from Protos.

No servers run the network. Instead, Nostr utilizes decentralized relays to distribute messages.

Nostr developers are also focused on using Bitcoin and the Lightning Network to prevent distributed denial-of-service spam attacks on the Damus app.

The Damus user interface displayed on an iPhone. Source: GitHub

There have been 44 different software developers who have contributed to the code for the Damus web app, according to the team’s GitHub page.

Getting Damus on the Apple App Store didn’t come without issues though.

The Damus Twitter page posted that it had failed in at least three attempts before finally being approved:

One of Nostr’s core developers, William Casarin, also shared some frustration on his personal Twitter account, stating that it would be a “shame” if Apple users couldn’t use Nostr natively.

Related: An inside look at the moral and technical considerations of crypto social media

While the exact partnership between Dorsey and Nostr isn’t known, the billionaire entrepreneur sent over 14 BTC — worth about $250,000 at the time — in mid-December to help the Nostr developer team.

While the news appeared to have increased awareness of the application amongst the Bitcoin community, other high-profile figures have tested out the Damus app too.

Amongst those include Ethereum co-founder Vitalik Buterin, former U.S. National Security Agency (NSA) contractor and whistleblower Edward Snowden and pro-crypto U.S. Senator Cynthia Lummis.

At the time of writing, the Damus web app has run into problems. A warning message on the site homepage reads:

“Damus Web is down because there is someone trying to exploit browser loopholes to steal private keys. I would not recommend using a web client at this time. Damus iOS is not affected.”

Number of devs increased during crypto winter: Electric Capital report

Ethereum continues to be the dominant blockchain for developer activity, however, a few other chains continued to gain ground.

The notion that bear markets are good for builders appears to be true, with the total number of monthly active Web3 developers increasing 5.4% to more than 23,300 over the last 12 months despite a near 70% drop in crypto prices.

According to a Jan. 16 report from Electric Capital, “full-time” developers — categorized as those who contribute to 76% of GitHub commits — also increased 15.2% to over 7,000, while “one-time” builders fell 6.2% to over 3,500 during the same time period, between December 2021 and December 2022.

Despite the crypto market capitalization beginning its long plunge from its all-time high (ATH) of $2.9 trillion in November 2021, monthly developer activity only began to fall this past June, after the metric reached its record high of nearly 26,500 active developers.

This fall was partly attributed to the fall in developer activity in the Terra ecosystem following its catastrophic collapse in May.

Monthly active developer count over time compared to crypto’s market capitalization. Source: Electric Capital.

The next three months from June to September saw a 26% fall in weekly active Web3 developers.

Last year did however see 61,127 new Web3 developers come into the industry — the most ever recorded and a 25.8% increase from 2021.

In fact, more new Web3 developers deployed their first line of open-source crypto code in the past year (109,723) than between 2014 and 2020 (101,054).

Monthly active developer count since Bitcoin was launched compared to when Ethereum and its smart contract functionalities were introduced. Source: Electric Capital.

Ethereum continues to dominate developer activity, having increased its full-time developer count by 9% to 1,873 — which is more than the next three highest ecosystems combined: Polkadot (752), Cosmos (511) and Solana (383).

Developer counts on non-Ethereum chains are catching up though. The Cosmos and Solana networks increased 34% and 36%, respectively, while Starknet is among one of the mid-sized ecosystems to have made a solid run In 2022 with a 214% increase in developer count.

Related: Inside the blockchain developers’ mind: Building truly free-to-use DApps

The report also found that following Terra’s collapse only 28 (9%) of the original Terra developers stuck around for Terra 2.0 while 143 developers (42%) called it quits and migrated to other ecosystems.

Many of the former Terra developers migrated to Cosmos, 42 of 143, the most of any other ecosystem.

The number of full-time developers from each ecosystem since their launch date. Source: Electric Capital.

Electric Capital explained there are many more Web3 developers than accounted for in the report, as some projects are close-sourced.

zkSync developer Matter Labs raises $200M, commits to open-sourcing platform

Over 150 projects — including Chainlink, Uniswap and Aave — have signaled their intent to deploy on the layer-2 blockchain.

Matter Labs, the developer behind the Ethereum Virtual Machine-compatible zkSync, has received major industry backing as it pledges to fully open-source its platform — marking the first such initiative for a zk-Rollup technology. 

Matter Labs confirmed on Nov. 16 that it had closed a $200 million Series C funding round co-led by Blockchain Capital and Dragonfly, with additional participation from LightSpeed Venture Partners, Variant and existing investor Andreessen Horowitz. The company has now raised $458 million in financing across all rounds, including $200 million from BitDAO that’s earmarked for funding ecosystem projects.

Founded in 2018, Matter Labs is working to scale Ethereum through zero-knowledge proofs, a digital authentication process that enables seamless data sharing between two parties. Ethereum has enjoyed widescale acceptance among developers in the blockchain community, but mainstream adoption of its technology has been partially hindered by scalability issues. As a zk-Rollup technology, zkSync provides a layer-2 scalability solution for Ethereum that maintains the network’s security and decentralization features.

Over 150 projects have signaled their intent to launch on zkSync’s mainnet, which was released on Oct. 28 as part of a multistage process to bring the protocol into full production. Some of its most notable partners include Chainlink, Uniswap, Aave, Curve, 1inch and SushiSwap.

In addition to the funding announcement, Matter Labs disclosed that its zkSync technology would be released through an open-source MIT License later this quarter. This gives developers the ability to view, modify and fork the code.

In an interview with Cointelegraph, Matter Labs’ chief product officer, Steve Newcomb, said his firm wanted to “drive consensus in open source,” which is why everything in the mainnet release will be fully open-sourced by MIT’s standard. He explained that by open-sourcing the protocol, zkSync could become the layer-2 standard for the industry.

“In crypto, one of the major things we want to stop is centralized censorship. Anything other than full open source is centralized censorship of code,” Newcomb said. “We can’t decide who is right or wrong or good or bad.”

Related: Ethereum-scaling protocol zkSync’s layer-3 prototype set for testing in 2023

Although venture capital has flowed freely into blockchain projects for the past two years, deteriorating market conditions have caused investors to be much more cautious in recent months. According to Cointelegraph Research, venture funding in the crypto and blockchain industry fell 66% quarter-on-quarter to $4.98 billion. Still, 2022 is shaping to be a record year in terms of funding deals and total capital raised.