Eth Chinese website 2022-04-04 19:17:59 阅读数:328
The safety of cross chain bridging is red again ,Ronin Network value 6.25 Billion dollars of assets disappeared
Ronin Network By Sky Mavis An Ethereum side chain developed by the company , Mainly for NFT game Axie Infinity Provide support .3 month 23 Japan ,Ronin The chain was stolen by hackers through its cross chain bridge 173,600 gold ETH and 2500 ten thousand USDC, The value is about 6.25 Billion dollars .
The following is a summary Ronin Network Announcement of the attack ：
Ronin Network There was a security incident ,3 month 23 Japan Sky Mavis Of Ronin Verifier node and Axie DAO The verifier node is invaded , Lead to 173,600 gold ETH and 2500 ten thousand USDC Hacked through Ronin The bridge was stolen in two transactions .( Transaction hash ：1 2 ) The hacker used the hacked private key to forge the withdrawal .Ronin Call them 29 The attack was found on the morning of the th , Because one user said he couldn't get from Ronin Bridging puts forward 5,000 ETH The assets of the .
Details of the attack ：Sky Mavis Of Ronin The chain currently has 9 individual Verifier node . Make a deposit transaction / Withdrawal transactions require 5 Signature of a verifier . The hacker succeeded in controlling Sky Mavis The four one. Ronin Verifier node and one by Axie DAO Third party verifier running .
at present ,Ronin The measures taken are ：
For this accident ,Optimism Team developers @kelvinfichter Sent a review tweet , Here's the point ：
This time Ronin Bridging attacks are very different from previous bridging attacks , It is not caused by loopholes in smart contracts , It's more about “ Multiple signatures ” A typical attack by setting the private key of this mechanism . as long as 9 Name in verifier node 5 Verifiers were controlled , Bridging assets can be easily transferred away . That's why trust minimization is so important .
@kelvinfichter I think the most fundamental mistake is to rely on a bridge based on the verifier's signature for the security of assets .Ronin Bridging is based on a very fundamental assumption ： Most private keys will not be compromised . Obviously, this assumption is no longer tenable .
So how to resist such attacks ？ First , Obviously, multiple verifier nodes should not be run by a single entity ( Unfortunately ,Sky Mavis running 4 Nodes ). If you have enough resources , You should implement multiple clients . It seems that this attack is due to a bug Caused by the , The bug Is used to recover the private key or force the private key to sign any message . This is why multiple clients are so important , It also explains why the Ethereum community has repeatedly stressed the importance of multiple clients to fully prepare for merger . If Ronin There are at least three client implementations , Then hackers won't succeed . Of course , The cost of running three clients is high , however 6.25 The loss of $100 million is even worse ！
Some extensions on the safety of cross chain bridging ：
before ,Vitalik stay Ethereum foundation research team for the seventh time AMA On Expressed their views ：“ The reason why I maintain a positive attitude towards the Multi Chain blockchain ecosystem , And maintain a negative attitude towards cross chain applications , A key reason is that bridging has fundamental security limitations .” And later published an article 《 What is? “ Shared security ”, Why is it so important ？》, adopt “ Shared security ” This concept explains why cross chain bridging has such fundamental security limitations .
Distributed to open source contributors POAP：GitPOAP Soon to go online
GitPOAP Will be in 4 month 7 Daily online main network .GitPOAP Designed to provide support to software contributors POAP in remembrance of , This platform allows developers to be based on GitHub Activity casting POAP. The original intention of this project is to make open source developers and maintainers gain recognition and credibility . This chain record of developer achievements will achieve a reputation and identity driven Web3 Application ecosystem .
GitPOAP Will go back to Github User history , And distribute annual contributors to anyone who contributes to Ethereum's open source projects POAP. Because it is currently aimed at the contribution of software , So if you merge and submit any project PR, You can claim POAP.
How to cast ： Connect your wallet and use your GitHub The account login gitpoap.io ( When it goes online ), The casting qualification can be displayed .
Zambia strives to become a science and technology center in Africa , get Vitalik Support for
3 month 27 Japan , Bloomberg published an article 《 The founder of Ethereum supported Zambia to become a science and technology center in Africa 》, The article reports that a group of founders of start-ups in southern Africa are discussing with the government how to create a regulatory and business environment that can attract more technology companies and capital . The group is organizing a meeting , On 5 In June, he drafted detailed policy recommendations in Lusaka, the capital of Zambia , They believe that Zambia has advantages that the former African science and technology center did not have .
Earlier this year ,Vitallik To the president of Zambia at an online conference Hakainde Hichilema Expressed support , The meeting further showed that , Africa has recently thrived as a hotbed of start-ups , Especially in the field of financial technology and e-commerce . Companies that provide financial services to millions of people on the African continent who do not have bank accounts but have access to the Internet have attracted the attention of overseas investors , African companies are 2021 Raised a record amount of 50 Billion dollars .
Besides , Attracting technology companies will also help deliver on his campaign promises —— Improve employment , And the Zambian government is also looking for more open ways to promote economic development .
After this report was published , President of Zambia Hakainde Hichilema Tweet comments to ：“ Technology can bring opportunities to millions of Zambians . It's great to see international science and technology leaders share our vision of modern and innovative Zambia .” Vitalik Also tweeted back to ：“ We look forward to seeing more blockchain and encryption projects in Zambia and Africa ！ It's expanding 、 There is still a lot of work to be done in easy-to-use wallets and other important areas , But there are also many unique opportunities .”
Consolidation instructions update
Of the Ethereum foundation [email protected]_vanepps Continue to summarize some common or confusing questions about consolidation , Following 61 On the 7th In addition to the four points mentioned , There are the following additions ：
Besides , lately 《 Wealth 》 Magazine articles 《“ Merge ” Three misconceptions of , The next major upgrade of Ethereum will affect its supply and its impact on the environment 》, It's worth your attention . The three major misconceptions mentioned in the article are ：
Post merger verifier's revenue forecast
Focusing on pledge services Attestant Recently published a research article , Explore the revenue forecast of the verifier one year after Ethereum merger .Attestant Collected block height from 12,965,000 ( London upgrade is activated here ) To 14,207,123 Block data between ( The total amount of transaction rewards for all transactions in the block and all amounts paid directly to the fee recipient for all transactions in the block ）, Because London upgrade began to use 1559 Cost market .
The results are as follows ：
If you simply divide the total reward by the number of blocks , The average reward per block is 0.298 ETH.
And in terms of distribution , As the chart shows , Most rewards are less than 1 ETH Of .
And from the cumulative probability diagram , The question to answer becomes “ I want to get x individual ETH What are the possibilities of block rewards ？”
As can be seen from the figure above , Yes 80% The probability is that 0.4 Or less ETH Of . in other words , The answer to the above question can be “ One fifth of the blocks you propose will receive at least 0.4 individual ETH”.
Does the block reward have a trend over time ？ Answer that question , Please see the daily average block reward chart below ：
Remove the three values that need to be eliminated , The average daily block reward will be slightly higher than 0.25 individual ETH, And it is relatively stable in the long run . But in the near future , Most small transactions will move to the second floor , The first floor will focus more on large transactions , Large transactions may bring high rewards , But the number is also less , Therefore, whether the block reward will change more or less , It's all possible .
What does this mean for the verifier ？
The following figure shows the rate of return of the verifier on the consensus layer with the number of active verifiers .
Attestant Use the calculated average block reward 0.298 ETH And the number of blocks each active verifier expects to produce in a year , Get the total... That will be generated at the executive level ETH Reward , Based on this income, the yield prediction diagram of the executive layer is obtained ：
Put the yield forecasts of the consensus layer and the executive layer together after the merger , Will come to ：
It should be noted that , It's just a prediction , There are many variables that can cause these values to change over time .
Verkle tree Update summary
"Urge" Of the road map “The Verge" part Verkle tree The solution is the key problem that prevents Ethereum from becoming stateless client friendly ： Witness data size . In today's sixteen fork Patricia tree , The witness data of accessing an account is on average close to 3 kB, And in the worst case , He may be three times bigger than this . Suppose the worst-case scenario is that each block has 6000 visit (15m gas/ 2500 gas Each visit ), The corresponding witness data size is about 18 MB, For in 12 Of a second slot Pass through p2p Network to secure broadcast , It's too big .Verkle tree The size of witness data can be reduced to an average of about per account 200 byte , This makes the size of witness data provided to stateless clients acceptable .
Verkle tree It's a commitment program , It works similar to Merkel tree , But the witness data is smaller . It works by replacing hashes in Merkel's tree with vector promises , Vector commitment makes wider branching factors more efficient .
lately , Mainly responsible for Verkle tree Developed Guillaume Ballet Updated the progress of the test network , And start tweeting Verkle tree The popularization of knowledge . The following is a summary of his recent releases ：
3 month 12 Japan ,Guillaume Released a Verkle tree Test net Condrieu Of demo video . This is a single client test network , Use prestate To generate blocks . This means that the client does not need to synchronize the entire state to join the Ethereum network .demo I have a brief introduction to this test network ：
Compared with other test networks ,Condrieu What's special is 1) It uses verkle tree,2) The number of accounts and the storage tree are merged in the same tree ,3) The blocks it produces are stateless .
in general ,Verkle tree Wider and shallower , And prove smaller . It revolutionized the storage model . All attributes of an account will not be compressed on one leaf , These properties can be found on different leaves . Each leaf is 32 byte .
The block format has also changed , There are two new fields in the header of the block , One of the fields is a list , Contains the keys and corresponding values that will be changed in the block execution , Another field is to verify that the keys and values are correct .
Besides ,Guillaume Tweet right Verkle tree The changes of block format and tree structure are explained .
Block format ：https://twitter.com/gballet/status/1504390290144169992?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1504390290144169992%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fecn.mirror.xyz%2FplgOBPk-EBthP9YGF-b9sHsA_NXqKt93zXiuZBZ_hBE
Tree structure ：https://twitter.com/gballet/status/1508422189216894979?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1508422189216894979%7Ctwgr%5E%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fecn.mirror.xyz%2FplgOBPk-EBthP9YGF-b9sHsA_NXqKt93zXiuZBZ_hBE
L2 The road print of the expansion solution is GameStop NFT Market support , Its beta Version on line
3 month 23 Japan ,L2 Capacity expansion solution roadprint announced with game vendors GameStop Achieve cooperation , For its upcoming GameStop NFT Market support . Users can now access their... In advance beta edition (beta.nft.gamestop.com) Set your user name and profile , Make a pledge deposit to wait for GameStop NFT The official launch of the market .
Optimism Deployed calldata Compress , Lower transaction fees 40%
3 month 25 Japan ,L2 Expansion solutions Optimism Indicates that its network has been completed calldata Compressed deployment , Internet transaction fees will be reduced on average 40%.
Here is the process of calldata Compressed The first main network transaction hash .
before ,Optimism Published articles 《Optimism Cost optimization ： The way to the US classification fee 》 To introduce Optimism Cost components and analyze how adjustments to these components affect the user's transaction fee , For details, please click the article to read ( Chinese version ).
ECN Our translation work aims to deliver quality information and learning resources to the Ethereum community in China , The copyright of the article belongs to the original author , Reprint should indicate the source of the original and ethereum.cn, If it needs to be reprinted for a long time , Please contact the [email protected] To authorize .
This article was first published in ：https://news.ethereum.cn/Ecosystem/eth-weekly-2022-3-30/
版权声明：本文为[Eth Chinese website]所创，转载请带上原文链接，感谢。 https://netfreeman.com/2022/03/202203310937429417.html