HashingBits Week 97: CowSwap On Base, Electric Developer Report & Clober $501k Exploit

GM! BUIDLers

In this latest issue of HashingBits, we’re diving deep into Ethereum’s Core Developers meetings, covering all the major updates in the Ethereum ecosystem. But that’s not all—we’ll explore the latest happenings in the Aptos, Base. Arbitrum ecosystems, along with advancements in the AI & Web3 space. For developers, we’re highlighting new tools designed to assist smart contract developers and auditors. Also we are taking a look at the recent $501k+ exploit of Clober DEX due to reentrancy attack.

EtherScope: Core Developments ????

L1 & L2 Developments

• Moonwell launches the Moonwell Card, enabling users to spend crypto globally at 44+ million merchants with support for Apple Pay and Google Pay
• Nexus has launched its testnet, inviting users to contribute computing power to its distributed supercomputer network, aiming to build a verifiable internet.
• Kernel DAO has launched its Mainnet on BNB Chain, offering restaking options for BNB, LSTs, and BTC derivatives, along with Kernel Points (KP) for additional rewards.
• Astorl has launched its Mainnet, introducing capital efficiency on the Eclipse platform. Users can now earn, lend, borrow, and optimize their returns.
• Balancer v3 launches including improved Developer Experience (10x Custom Pool DX), 100% Boosted Pools for optimized yields, and Hooks enabling customizable AMM strategies.
• Pendle launches PendleSwap, enabling multi-coin swaps with the best rates and no extra fees, enhancing DeFi accessibility.
• Kamino launches open access to Swap.Kamino.Finance, offering zero slippage, zero fees, and zero MEV for seamless DeFi trading on Solana.
• Hyperlane introduces Eco Routes, enabling seamless stablecoin liquidity across any chain with easy integration for enhanced cross-chain connectivity.
• Caldera launches Conwai, an Ethereum AI focused rollup live on mainnet, designed to support data processing, model training, and autonomous agents.
• Odos DAO officially launches alongside its Tokenized Loyalty Program, starting December 20, 2024.
• PancakeSwap launches PancakeSwapX on Ethereum and Arbitrum, offering zero trading and gas fees at launch for seamless swapping.
• Clearpool launches Ozean’s Poseidon Testnet, advancing toward on-chain native yield through its RWA-focused blockchain.
• Celestia launches Ginger (v3) on Mainnet Beta, featuring 2x data throughput, 6-second single-slot finality, and 1.33MB/s data capacity.
• Prysm cannot set gas limit through validator client currently
• FOCIL breakout #1: consensus layer spec relatively stable, aim for devnet at end of January
• L1 R&D workshops: notes from pre-Devcon workshops

EIPs

• EIP7839: Unified network configuration (EL to fetch config from CL at startup)
• EIP7840: Add blob schedule to EL config files

ERCs

• ERC7837: Diffusive tokens
• ERC7838: Instruction specific address
• ERC7841: Cross-chain message format and mailbox

EcoExpansions: Beyond Ethereum ??

Aptos

• Binance now supports native USDT on Aptos
• Take a look at OurNetwork’s Aptos mega issue
• Developer report of Aptos 2024

Base

Arbitrum

• Royco mainnet beta is live on Arbitrum
• Ostium launched Referral Scores
• Corn maizenet is live on arbitrum
• Eternal AI collaborated with Arbitrum to bring decentralized AI agents to Arbitrum chain

Hackathons, Workshops, CTFs & Events

Updates on Development Kits & Tools

• Safe multisig transaction hashes (Bash script): adds support for offchain message hashes
• Ape v0.8.22 (Python contract framework): 2x faster checksumming, updated isolation and adds support for web3.py v7 & python v3.13
• Heimdall-rs v0.8.5: adds LLM postprocessing to decompiler
• Besu v24.12.0: breaking changes including metric name updates
• Erigon v3.0.0-alpha6: default mode changed from archive to full node, adds minimal prune mode for low disk space users and performance improvements
• Nethermind v1.30.0: default gas limit increased to 36M and adds Taiko & Linea L2 support; v1.30.1: startup fix
• Reth v1.1.3: breaking API changes, adds NodePrimitives (primitive trait abstraction) to several components; v1.1.4: op-reth fix
• Nimbus v24.12.0: adds reading bootstrap nodes yaml
• Teku v24.12.0: block publishing performance improved

Explore the Depths of Knowledge: Research Papers, Blogs and Tweets??

Twitter

• Primer on ETH gas limit raise
• Proposal to deposit Polygon POS stables to Morpho
• AI Agent takeaways
• 2025 to be the year of DePin chain wars
• Shared Private State: The HTTPS Moment for Blockchain Technology (Part 1)

Articles

• 6th Annual Crypto Developer Report
• The Cypherpunk Endgame & Real World Ethereum
• Hyperbolic: Cultivating the Open and Accessible AI Ecosystem
• Cosmos is expanding: Skip joins the Interchain Foundation
• 20 Common Solidity Beginner Mistakes
• Are Telegram Mini Apps Really Secure?
• Navigating the Unique Risks & Solutions for Rollups & Sidechains
• What Is A Blockchain Unconfirmed Transaction?

Research Papers

• BA-ORABE: Blockchain-Based Auditable Registered Attribute-Based Encryption With Reliable Outsourced Decryption
• Reward-based Blockchain Infrastructure for 3D IC Supply Chain Provenance
• Execution Tickets evaluated using agent-based simulation: validator decentralization & MEV capture is promising but questions remain for builder centralization, off-chain agreements & multi-block MEV
• EF academic grants round: summary of 39 completed & in progress results from 2022 grants

Watch??

Web3 Security

Articles

• Breaking Down CloberDEX’s Costly $501K Exploit
• Decoding Vestra DAO’s $500K Exploit
• Breaking Down the Thala DeFi Hack & Move’s Decompilation Risks
• 1inch resolver contract exploit via private key compromise
• Radiant Capital October $50M exploit update, developer shared zipped PDF containing macOS malware received from impersonator of former contractor

Research Papers

• Pioplat: A Scalable, Low-Cost Framework for Latency Reduction in Ethereum Blockchain
• BrokerChain: A Blockchain Sharding Protocol by Exploiting Broker Accounts
• Incentivized Symbiosis: A Paradigm for Human-Agent Coevolution

Twitter

• Security & Privacy threats in interoperability
• CloberDEX’s 501K exploit: Detailed analysis

Clober DEX

On 10th Dec, Clober DEX Liquidity Vault on the Base network was exploited. The attacker used a reentrancy vulnerability in the _burn function of the Rebalancer contract, stealing 133.7 ETH (~$501K).

The exploit targeted the _burn() function's failure to follow the checks-effects-interactions (CEI) pattern—a key security principle in smart contract design.

Exploit Details:

Attacker’s Address:

To know about this exploit in detail, read the post mortem.

Community Spotlight