Pinescript, MetaQuotes Blog: September 2022

Monday, September 19, 2022

Ethereum PoW sees replay exploit for 200 ETHW days after rocky start

Ethereum PoW, the version of the Ethereum blockchain that continues to run on a proof-of-work (PoW) consensus mechanism, experienced a replay exploit over the weekend due to a faulty third-party contract.

Developers of Ethereum PoW were alerted of the issues and immediately took steps to rectify the problem.

The blockchain was established as a fork of the Ethereum network, which switched to a proof-of-stake (PoS) consensus mechanism on Thursday in an event known as the Merge. The PoS network now continues as Ethereum.

The replay exploit refers to the same transaction being duplicated on both chains when they’re not supposed to.

This means if a user transacted on Ethereum PoW, the same was executed on Ethereum – which eventually allows attackers to illicitly trick smart contracts into releasing tokens from one chain, even as the actual transaction was executed on another chain.

Attackers used the Omni bridge of the Gnosis network to conduct the exploit. Some 200 weighted ether (wETH) was transferred through the bridge on Saturday, and the same transaction was replayed on the PoW chain – resulting in the attacker gaining 200 ETHW, or approximately $1,600 at the time.

Faulty data from the Ethereum PoW network’s Chain ID used by a contract caused the issue, security firm BlockSec said in a tweet. A Chain ID is a set of numbers used by the browser-based crypto wallet MetaMask to sign transactions for the network. An incorrect Chain ID causes transactions to fail because users aren't connected to the correct network, rendering a network unusable.

BlockSec warned that the issue might eventually cause the balance of the chain contract deployed on the PoW chain to “be drained.”

Meanwhile, Ethereum PoW developers said in a Sunday post that the attack exploited the contract vulnerability of the bridge, and not their blockchain itself.

"We have contacted the bridge in every way and informed them of the risks," it said. "Bridges need to correctly verify the actual ChainID of the cross-chain messages," the developers wrote.

As such, the network saw glitches on its first day with users stating they weren't able to access the blockchain's servers using public information provided by Ethereum PoW. CoinDesk verified the claims and wasn't able to access Ethereum PoW’s web servers using those links provided, as reported.

ETHW tokens tumbled in the past 24 hours following the exploit, falling some 37%, and extending weekly losses to over 80%, CoinGecko data shows.

Ripple, SEC case heads for conclusion after summary judgment filed

Ripple, SEC case heads for conclusion after 'summary judgment' filed

CRYPTOS | 9/19/2022 3:58:51 AM GMT

Join Telegram

Ripple argued that XRP profits came from “market forces of supply and demand” rather than any contract between Ripple and XRP token holders.

The U.S. Securities and Exchange Commission (SEC) and Ripple Labs have both called for a federal judge to make an immediate ruling on whether Ripple’s XRP sales violated U.S. securities laws.

In separate motions filed on Sept. 17 by Ripple and the SEC, both have called for summary judgment in the U.S. District Court Southern District of New York.

Summary judgments are submitted to the courts when a party involved believes there’s enough evidence at hand to make a ruling without the need to proceed to trial.

Both parties have called on Judge Analisa Torres to make an immediate ruling as to whether Ripple’s XRP sales violated U.S. securities laws. Ripple has argued that the SEC has run out of answers to prove XRP sales constituted an “investment contract," while the SEC has held strong on its beliefs that it does.

Ripple CEO Brad Garlinghouse in a Twitter post on Sept. 17 said the filings made it clear that the SEC “isn’t interested in applying the law.”

“They want to remake it all in an impermissible effort to expand their jurisdiction far beyond the authority granted to them by Congress,” he said.

Meanwhile, Ripple general counsel Stuart Alderoty noted that “after two years of litigation” the SEC is “unable to identify any contract for investment” and “cannot satisfy a single prong of the Supreme Court Howey test.”

In its motion for summary judgment, Ripple claimed that the SEC’s case “boils down to an impermissibly open-ended assertion of jurisdiction over any transfer of an asset."

The motion also argued that the SEC cannot establish that XRP token holders could not “reasonably expect profits” based on Ripple’s efforts as there were no contract obligations between Ripple and XRP token holders.

On the other hand, the SEC’s own motion for summary judgment argued that there can be an “investment contract” without a contract, any rights granted to the purchaser, and without any obligations to the issuer.

But Ripple argued in its motion “that is not and should not be the law, because without these essential features there is nothing to which the Howey test can sensibly be applied.”Ripple instead pointed to profits coming from “market forces of supply and demand,” something that the SEC “conceded” according to the Ripple motion.

The significance of this admission was highlighted by U.S. Attorney Jeremy Hogan in a Sept. 17 post on Twitter, stating that “these concessions are perfect for a summary judgment.”

Community reaction

The filing of the Ripple and SEC motions brought about mostly positive sentiment from the XRP community, with one Twitter user believing “the end is near”:

The motion for summary judgment comes nearly two years after the SEC sued Ripple, former CEO Christian Larsen and current CEO Brad Garlinghouse in Dec. 2020 for allegedly raising $1.3 billion through unregistered securities sales through XRP.

If the court executes the summary judgment, the court ruling will have a profound impact on determining which cryptocurrencies constitute a security under U.S. securities laws.

The XRP token rose to highs not seen since July following the motion filing — reaching nearly $0.40, but has fallen slightly since then and is currently priced at $0.34, according to CoinGecko.

Wednesday, September 7, 2022

Coinbase users made 100x on crypto by exploiting a bug

Coinbase users from the Eastern European country of Georgia exploited a bug in the exchange’s app, withdrawing 100 times the exchange rate. Due to a technical error by a third-party, Coinbase suffered improper withdrawal of funds.

Coinbase’s mispricing results in improper withdrawal of funds

Coinbase users in Georgia reportedly exploited a bug in the exchange. This allowed users to cash out their holdings for 100 times the exchange rate. Users pocketed thousands of dollars in profit, exploiting the exchange rate bug.

Georgia’s national currency, the Lari (GEL) was mistakenly priced at $290 instead of $2.90. Coinbase told Coindesk that the missed decimal point was a third-party technical issue. Users who reportedly took advantage of the pricing error had their bank accounts and debit cards frozen by banks soon after the transfer.

0.001% of Coinbase’s total users exploited the error, a total of 1,000 customers made transfers to their accounts. Coinbase is yet to disclose the size of its total losses, however a spokesperson considers it a “small non-material amount.” Coinbase fixed the issue and took steps to retrieve the improperly withdrawn funds.

Users who made 100x on their withdrawals to their accounts have lost access to their bank accounts. Therefore it is likely that Coinbase will soon exact the improper withdrawal amount from the users.

LevanIlashvili, a pseudonymous crypto influencer, reported that Georgian bank TBC has blocked accounts of users who took advantage of the pricing error on Coinbase.

Coinbase’s mispricing results in improper withdrawal of funds

Users who made 100x on their withdrawals to their accounts have lost access to their bank accounts. Therefore it is likely that Coinbase will soon exact the improper withdrawal amount from the users.

Ethereum's native .ETH domain debuts on easyDNS ahead of the Merge

EasyDNS, a Canadian Internet Service Provider (ISP), has released the first ever Ethereum's native .ETH domain to cater to registrations on its platform. Interestingly, easyDNS was the first ISP to support the Ethereum Name Service (ENS) linked to legacy IANA TLDs .XYZ domains. According to a blog post outlining the development, ENS native domain services first began in 2018, but this will be the first time .ETH has come into use.

What does a native .ETH domain mean for Ethereum?

Over the years, easyDNS has made it easier for people and organizations to use .XYZ or .COM domains for Ethereum wallet addresses. This latest release infers that .ETH domain can be used for registrations at easyDNS.

.ETH is Ethereum's top-level domain that utilizes the Ethereum Name Service (ENS). It boasts over 1.5 million .ETH names since 2017. Some Twitter handles, for example, "vitalik.eth" are already using the new domain name.

Some Web3 platforms and devices also utilize .ETH names as login identifiers for Decentralized Apps (DApps). EasyDNS said that interested parties could find instructions on how to enable .ETH registrations on their platform.

"There's a new crypto module in the control panel from where you can register and manage .ETH domains (and any conventional names with ENS linking enabled)."

EasyDNS hopes to add selected decentralized namespaces in the future – with .BTC domains likely to start. Services relating to .ETH domain name will be paid for using Ether, but users must have a Web3-enabled browser, for example, Metamask. Currently, the service fee has been set at 500 gwei – factored into the gas fee.

Ethereum Merge is closer now than ever

The upcoming Ethereum Merge will occur between September 13 and 15, according to the network's co-founder Vitalik Buterin. Nevertheless, the impending transition from a proof-of-work (PoS) to a proof-of-stake (PoS) consensus algorithm has elicited questions regarding ETH issuance. Two scenarios may play out, according to an analysis recently released by Glassnode – see chart below.

The first option suggests that ETH be issued on both PoS and PoW chains alongside the EIP-1559 burn – making it an inflationary process. On the other hand, the second situation calls for ETH to be issued on only the PoS and via the EIP-1559 burn – presenting a higher deflationary bearing on the protocol.

It is unclear how the Merge would play out and which of the two scenarios Ethereum developers will settle for. However, investors are concerned about the ongoing pullback to $1,510.

Support at the ascending trend line must hold to prevent losses from stretching to $1,400. Many expect the Merge to influence the price positively, but some say that the event may birth another crypto crash as investors sell the news.

Friday, September 2, 2022

Largest Ether mining pool Ethermine opens new ETH staking service

The new service offers Ethermine members a chance to collectively stake their ETH and earn 4.43% interest annually on top of their ETH deposits. As little as 0.1 ETH ($159) required to enter.

Ahead of the rapidly approaching Ethereum (ETH) Merge on Sept. 15, Ethermine, the world’s largest Ethereum mining pool has unveiled a new staking pool for users. Notably however, it is not available to U.S. miners

The new service offers Ethermine members a chance to collectively stake their ETH and earn interest on top of their deposits. As little as 0.1 ETH ($159) required to enter. However the smaller the holding, the greater the fee. The platform is currently offering stakers an annual ETH interest rate of 4.43%.

At the time of writing, 393 Ether worth roughly $626,000 at current prices has been invested into Ethermine's new pool.

Staking pools such as these hold significance as they offer competitive interest rates and a lower barriers of entry than solo staking as node operators, which requires at least 32 ETH ($51,000) to operate a node. In comparison, to Ethermine's interest rate, staking on Ethpool as a node operator garners an annual interest rate of 4.6%.

The switch to offer staking is something of a pivot for Ethermine which currently operates as a multi-currency mining pool, allowing users to mine ETH, Zcash, Ethereum Classic (ETC), Beam (BEAM), Ravencoin (RVN) and Ergo (ERGO).

After the merge, ETH mining will be phased out as the network changes from a proof of work (PoW) mining model to proof-of-stake (PoS) staking model.

At time of writing there are 222,657 active miners on Ethermine that account for a combined hash rate of 261.1 terra hashes per second (TH/s). After Sept. 15 the pool will only continue to support the PoW mining of Ethereum Classic (ETC), Ravencoin (RVN), Ergo (ERGO), and Beam (BEAM).

End of the Mining Era

Miner dashboards will have a Merge countdown clock and minerscan keep mining ETH up until the timer hits zero.

ETH miners will soon be replaced with PoS validators, which could help cut the ETH network consumption by 99%.

However, some in the ETH miner community have pushed to keep the current PoW consensus mechanism because the shift will make their high powered and costly mining rigs redundant.

Other high profile members of the crypto community have also been critical, arguing the changes will cause negative impacts beyond the loss of mining.

The current PoW system is an energy intensive process where miners harness large amounts of computer power to solve complex puzzles, validate transactions and earn ETH rewards.

Under the PoS model, participants or validators lock up set amounts of cryptocurrency in a smart contract on the blockchain; their stake helps secure and decentralize the network.

Pinescript, MetaQuotes Blog