Cointelegraph sat down with activist and cybersecurity expert Chelsea Manning to discuss how blockchain technology can combat challenges associated with artificial intelligence.
Tornado Cash Fork, Privacy Pools, Deployed on Optimism Testnet
Privacy Pools uses zero-knowledge proofs to prove that funds in anonymous transactions are not linked to criminal activity, such as North Korea’s $625 million hack on Axie Infinity.
Polygon launches decentralized ID product powered by ZK proofs
The public launch of Polygon ID comes 12 months after it was first launched in a closed-environment to a select group of builders.
Crypto Wallet Provider Safe Launches Developer Stack Enabling Account Abstraction
The open-source stack will allow developers to build web3 apps that enable account abstraction while maintaining a web2 user experience.
Coinbase new blockchain seen as ‘massive confidence vote’ for Ethereum
One Ethereum bull hopes the launch will help onboard a host of other crypto companies and financial institutions onto Ethereum.
The importance of open-source in computer science and software development
Open-source software development promotes collaboration, innovation and accessibility in the tech industry.
Starkware commits to open source its ‘magic wand’ Starknet Prover
The prover is the crucial engine Starkware uses to roll up hundreds of thousands of transactions and compress them into a tiny cryptographic proof written on the Ethereum blockchain.
Decentralized Twitter alternative goes live on Apple’s App Store
The Damus app is powered by Nostr which uses decentralized relays to distribute end-to-end encrypted messages.
Number of devs increased during crypto winter: Electric Capital report
Ethereum continues to be the dominant blockchain for developer activity, however, a few other chains continued to gain ground.
zkSync developer Matter Labs raises $200M, commits to open-sourcing platform
Over 150 projects, including Chainlink, Uniswap and Aave, have signaled their intent to deploy on the layer-2 blockchain.
ShapeShift moves closer to full decentralization with open-source mobile app
The organization transitioned to a DAO in July 2021 as part of a broader pledge to decentralize its operations.
Controversial mixer Tornado Cash open-sources UI code
The privacy-focused mixer has been at the center of several DeFi exploits over the past year as users attempted to obfuscate the trail of stolen funds.
Is the Ukraine war intensifying regulatory pressure on crypto firms?
Every day, people are seeing “live” why sanctions matter. “Everyone is starting to rethink the importance of compliance and crypto.”
Hedera Governing Council to buy hashgraph IP, and open-source projects code
Distributed ledger service, Hedera Hashgraph is expected to deploy a panoply of upgrades in 2022 in line with their long-term pursuit of decentralization.
Bitcoin hash rate jumps to ATH as Jack Dorsey confirms Block’s mining system
Bitcoin’s hash rate hits new all-time highs as Jack Dorsey tweets that Block is “officially building an open Bitcoin mining system.”
Polygon ’s Side Of The Story: Hard-Fork Resolved A “Critical Vulnerability”
The Polygon team promised an explanation and here it is. A few weeks ago, the Ethereum Layer 2 network hard-forked their blockchain, seemingly without explanation. As usual, NewsBTC got to the bottom of the case and presented all of the available information. The only piece missing was a promised official report from Polygon’s experts. Is this it? Apparently so.
Related Reading | Community Voted, Why Uniswap Will Be Deployed On Polygon
Before we get into it, let’s remember Polygon’s co-founder Mihailo Bjelic’s explanation as reported by us:
“We’re making an effort to improve security practices across all Polygon projects,” Bjelic tweeted. “As a part of this effort, we are working with multiple security researcher groups, whitehat hackers etc. One of these partners discovered a vulnerability in one of the recently verified contracts. We immediately introduced a fix and coordinated the upgrade with validators/full node operators. No funds were lost. The network is stable.”
It’s important to remember that the crypto ecosystem was concerned with the way that they managed to do all this. It seemed centralized. However, the co-founder assured everyone that “The network is run by validators and full node operators, and we have no control over any of these groups. We just did our best to communicate and explain the importance of this upgrade, but ultimately it was up to them to decide whether they will do it or not.”
However, this was Polygon node operator Mikko Ohtamaa’s further complaint:
“Next time it happens can you at least announce a critical update to all Polygon node operators. Now this looks super unprofessional and confusing for the community. It was not mentioned or pinned down in any major channels or publications.”
And that’s the story so far.
What Did The Polygon Experts Say?
Considering the infamous Poly Network exploit was merely in August this year, it’s good to hear Polygon is working hard in securing their whole operation. They’ve ”been investing significant effort and resources into creating an ecosystem of security expert partners, with the goal of improving the security and robustness of all Polygon solutions and products.” With that in mind, this is the company’s version of what happened:
“Recently, a group of whitehat hackers on the bug bounty platform Immunefi disclosed a vulnerability in the Polygon PoS genesis contract. The Polygon core team engaged with the group and Immunefi’s expert team and immediately introduced a fix. The validator and full node communities were notified, and they rallied behind the core devs to upgrade the network. The upgrade was executed within 24 hours, at block #22156660, on Dec. 5.”
So far, so good. This rhymes with Bjelic’s explanation and gives the community more details. However, we know that they barely notified the validators and node operators. They don’t even have to lie about it, because they do have a great reason as to why they ran the whole operation in stealth mode.
“Considering the nature of this upgrade, it had to be executed without disclosing the actual vulnerability and without attracting too much attention. We are still finalizing our vulnerability disclosure policy and procedures, and for now we are trying to follow the “silent patches” policy introduced and used by the Geth team.”
According to Ohtamaa, “there are multiple open source projects out there” that have done similar operations in a more effective manner. And that might be true, but it doesn’t take from the fact that Polygon’s actions were justified.
MATIC price chart on Binance | Source: MATIC/USD on TradingView.com
The Aftermath
In the end, the critical update worked out fine enough:
“The vulnerability was fixed and damage was mitigated, with there being no material harm to the protocol and its end-users. All Polygon contracts and node implementations remain fully open source.”
Related Reading | Polygon Opens Vault On MakerDAO, Commits $50 Million Worth Of Matic Tokens
Remember, one of the early criticism was that they forked the Polygon blockchain “to a completely closed-source genesis.” Here, the official source assures that “contracts and node implementations remain fully open source.” Good. Is there something else they want to tell us?
“We are still working on closing the final proceedings with Immunefi and the whitehat hacker group, primarily in terms of their rewards and multiple rounds of reviews of the fixed vulnerability. We will post a detailed postmortem once this process is finished, likely by the end of next week.”
The team will publish yet another post with even more details for the technically oriented people. That’s above our pay grade. Stay tuned to Polygon’s blog if you’re interested.
Featured Image by Diana Polekhina on Unsplash – Charts by TradingView
Taproot Update: Bitcoin Users Home In on Activation Plan, Date Still TBD
The meeting ended with rough consensus in favor of BIP8 (false), as well as with approval of two possible methods to put this BIP into motion.
How DeFi ‘Degens’ Are Funding the Next Wave of Open-Source Development
Gitcoin’s Kevin Owocki coins the phrase “regenerative finance” to describe the future of funding open-source development.
Developers Debate Disclosure Protocols After ‘Accidental’ Ethereum Hard Fork
Ethereum’s largest client Geth hard-forked after a bug was tripped Wednesday. Developers are now weighing the merits of security disclosures methods.
For These Blockchain Commons Interns, Their Open Source Careers Are Just Beginning
The Blockchain Commons took on 7 interns this year to build out the organization’s many open-source projects.