blocksec - Pwim.Net

Blockchain Security Startup BlockSec Pulls $8m in Seed+ Funding Round

Blockchain security startup, BlockSec has announced it has completed a new seed plus funding round where it pulled the sum of $8 million from top investors.

As announced by the startup, the funding round was co-led by Vitalbridge Capital and Matrix Partners, with participation from investors Mirana Ventures (Venture Partner of Bybit), CoinSummer, and YM Capital.

The market value of BlockSec was not revealed. Still, the team behind the project said the newly injected capital will go a long way towards scaling up its research and production team and provide the on-chain monitoring and attack interception capability to more decentralized applications.

The decentralized ecosystem is replete with many on-chain exploitations across the board. With many protocols recording exploits by the day, BlockSec was founded to provide a final solution to this menace. Since its inception in 2021, BlockSec has played a key role in warding off attacks on several protocols, including the stablecoin DEX Saddle Finance.

Thus far, BlockSec has audited as many as 100 protocols spanning the Solidity and Rust ecosystems respectively. BlockSec has developed a real-time on-chain monitoring system to block ongoing attacks and rescued more than 5 million assets. The flash loan monitoring system and the transaction visualization system are both Intellectual Properties of BlockSec, which are widely used in the industry today.

The ongoing exploitation of crypto-native protocols has stirred the demand for more security-focused outfits. Expectedly, investors realize this and notably contribute their quota to helping startups in the space. As reported earlier by Blockchain.News, CertiK recently pulled $88 million in funding to ink a $2 billion valuation.

The CertiK funding was notably unique as American investment banking giant Goldman Sachs Group Inc joined the investors who bootstrapped the blockchain security firm. Like BlockSec and CertiK, other notable protocols building the proper infrastructures in the space also record massive backing from venture capital firms across the board.

BlockSec Shares Alerts of ETHPoW Tokens Persistent Attack

It is barely a week since the Ethereum Proof-of-Work (PoW), or known as the ETHW token, went live, and it has become the target of cybercriminals.

According to an alert shared by blockchain security firm, BlockSec, the ETHW protocol suffered a replay attack with the hacker carting away 200 ETHW tokens.

Taking to Twitter, BlockSec said:

“The exploiter (0x82fae) first transferred 200 wETH through the omni bridge of the Gnosis chain, and then replayed the same message on the PoW chain and got extra 200 ETHW.”

As detailed by BlockSec, the attack occurred in part because the gnosis bridge didn’t correctly verify the chain ID of the cross-chain message. Despite the clear observation from BlockSec, the core developers behind the ETHW protocols said the attack did not originate from the ETHW blockchain and only affected the bridge instead.

“ETHW itself has enforced EIP-155, and there is no replay attack from ETHPoS and to ETHPoS, which ETHW Core’s security engineers have planned in advance,” the ETHW Core developers wrote in a Medium post.

The developers said in the note that they have been making attempts to reach the Omni team in a bid to alert them of the exploit.

“We have contacted the bridge in every way and informed them of the risks,” it said, adding that “Bridges need to correctly verify the actual ChainID of the cross-chain messages.”

The ETHW protocol was forked from the mainnet when Ethereum transitioned from the Proof-of-Work to the Proof-of-Stake (PoS) protocol. The PoS Ethereum was long in the making, and its success will allegedly make the Ethereum network expend 99% less energy through the employment of validation consensus models.

The ETHW protocol has not launched on major exchanges, but its token IOU has gone live on top exchanges, including FTX, MEXC Global, and Bybit as reported earlier by Blockchain.News.

BlockSec Launches Phalcon Fork for Collaborative Testing on Ethereum Mainnet

Blockchain security tech firm BlockSec has released a new toolkit for collaborative testing on private chains, called Phalcon Fork. This developer and security researcher-focused toolkit allows users to fork arbitrary transaction positions and block numbers on the Ethereum mainnet, providing greater control over testing, analysis, and debugging on testnets.

Phalcon Fork offers several advantages over traditional solutions such as Goerli. According to the Phalcon Fork user manual, users can retain services and states from the Ethereum mainnet, facilitating rapid integration and debugging with other DeFi contracts. Additionally, users have full control over block information, including Timestamp, BaseFee, and MixDigest.

One of the key features of Phalcon Fork is the ability to utilize snapshots, which allow users to save specific blockchain positions and revert back to them during testing processes. The snapshots record the transactions being executed and deployed by the user at a given time. This feature is particularly useful when a user wants to run multiple tests of a script or save certain states and return to them later.

Phalcon Fork also includes an integrated faucet, which allows users to acquire free fork network Ether (ETH) to conduct transactions on private chains. To directly interact with the chains and execute transactions, Phalcon Fork provides a remote procedure call node called Fork RPC. This can be integrated with Ethereum Virtual Machine-compatible development frameworks such as Hardhat, Foundry, Remix, or added to MetaMask.

Currently, users can only fork from the Ethereum mainnet; however, BlockSec has teased future support for additional blockchains, such as the BNB Smart Chain and Arbitrum.

April has been an exciting month for Ethereum developers, as the highly anticipated Shapella hard fork went live on the Ethereum mainnet without any issues on April 12. This upgrade allows Ethereum validators to withdraw staked ETH from the Beacon Chain. This has led to positive price action for Ether (ETH), with the asset gaining roughly 12% since April 12, trading at $2,092 at the time of writing.

Phalcon Fork is a significant addition to the Ethereum developer toolkit, offering greater control and flexibility over testing, analysis, and debugging on private chains. As the blockchain industry continues to evolve and expand, tools like Phalcon Fork will become increasingly important for developers looking to build on top of existing networks.

Uniswap Foundation Announces Grant Recipients for V4 RFPs

On November 1, 2023, Uniswap Foundation publicized the selections for the first round of Request for Proposals (RFPs) for Uniswap V4 through their official Twitter handle, @UniswapFND. The announcement is a significant stride towards enhancing Uniswap V4, with several teams and projects earmarked to contribute various improvements to the protocol.

The first RFP, titled “Provide Liquidity Widget,” has been awarded to the team Polya (@polya_ai). The primary objective of this RFP is to develop a Deposit Liquidity Widget that would facilitate easy integration across a myriad of front-end platforms.

The second RFP for creating an Open-Source Design Package for Uniswap’s LP User Experience has been given to Airfoil Studio (@AirfoilStudio). The project aims at creating comprehensive supporting documentation for hook developers along with a sample set of Proof of Concept (POC) hooks to enhance the Liquidity Provider (LP) user experience on Uniswap.

For the third RFP concerning POC Hook Developer Docs, the responsibility has been shared between two teams: Umbrella Labs (@0xUmbrella) and Brokkr (@BrokkrFinance). The focus here is to compile a robust set of POC hooks complemented by comprehensive supporting documentation for the developer community.

The fourth RFP is centered on research regarding the appearance of bad hooks and has been awarded to Robert Chen from Ottersec (@NotDeGhost), Composable Security (@Composable_Sec), and BlockSec (@BlockSecTeam). This RFP is directed towards exploring the “malicious design space” of hooks, and understanding how protocol stakeholders should reason about their security to prevent potential threats.

Uniswap Foundation expressed its enthusiasm towards the innovative contributions these selected teams are expected to bring to the Uniswap ecosystem. The Foundation also extended its gratitude to all the applicants and hinted at future RFP opportunities, underscoring the high-quality submissions they received which made the selection process highly competitive.