RiB Newsletter #36

June 01, 2022

Welcome to the #36 edition of Rust in Blockchain, the monthly newsletter about Rust, distributed systems, cryptography, and other industry topics. Previous: #35.

There are quite a few security advisories this month that might impact blockchain projects. If you are using OpenSSL, crossbeam, or hyper you should see if you need to upgrade.

Thanks

Thanks to contributors: Aadz, Camila Hanada, Dan Shields, Hunter Trujillo, John Adler, keymakercasa, Piotr Dziubecki, thewinfred, Brian Anderson and Aimee Zhu. Thank you for your help!

RiB needs help to keep up with Rust blockchain projects. If you follow a particular project, or otherwise find information that is beneficial to the Rust & blockchain community, please contribute to the next issue by submitting a PR to the next draft.

Project Spotlight

Each month we like to shine a light on a notable Rust blockchain project. This month that project is…

cargo-supply-chain.

This project lists the authors, as registered with crates.io, of every crate in your dependency graph.

Interesting Things

Blog Posts

Papers

Projects

sta-rs. Rust workspace for implementing basic functionality of STAR: Distributed Secret-Sharing for Threshold Aggregation Reporting.
dmix2 - A Decentralized Bitcoin Mixer, written in Rust

Security Advisories

Monthly security advisories, from RustSec, and GitHub Advisories. Bold entries here are especially relevant to blockchain projects.

RUSTSEC-2022-0027: Vulnerability in openssl-src.
- OCSP_basic_verify may incorrectly verify the response signing certificate
RUSTSEC-2022-0026: Vulnerability in openssl-src.
- Incorrect MAC key used in the RC4-MD5 ciphersuite
RUSTSEC-2022-0025: Vulnerability in openssl-src.
- Resource leakage when decoding certificates and keys
RUSTSEC-2022-0018: Vulnerability in totp-rs.
- Timing attack.
RUSTSEC-2022-0019: Unsoundness in crossbeam-channel.
- Channel creates zero value of any type
RUSTSEC-2022-0020: Unsoundness in crossbeam.
- SegQueue creates zero value of any type
RUSTSEC-2022-0021: Unsoundness in crossbeam-queue.
- SegQueue creates zero value of any type
RUSTSEC-2022-0022: Unsoundness in hyper.
- Parser creates invalid uninitialized value
RUSTSEC-2022-0028: Vulnerability in neon.
- Use after free in Neon external buffers
CVE-2022-23066: Incorrect Calculation in solana_rbpf.
CVE-2022-31264: Integer overflow in solana_rbpf.

Most Active in May

Parity: 605 merged PRs, 180 closed issues, 167 open issues

Solana: 559 merged PRs, 110 closed issues, 114 open issues

Sui: 489 merged PRs, 146 closed issues, 169 open issues

Fuel: 352 merged PRs, 195 closed issues, 145 open issues

Aptos: 307 merged PRs, 48 closed issues, 64 open issues

Project Updates

Aleo

118 merged PRs (1, 2, 3), 27 closed issues (1, 2, 3), 28 open issues (1, 2, 3)

Anoma

11 merged PRs (1), 13 closed issues (1, 2), 22 open issues (1)

Aptos

307 merged PRs (1), 48 closed issues (1), 64 open issues (1)

Casper

96 merged PRs (1, 2), 91 closed issues (1, 2), 108 open issues (1, 2)

Technical Release Memo for v1.4.6

ChainSafe

8 merged PRs (1, 2), 10 closed issues (1, 2), 8 open issues (1)

COMIT

4 merged PRs (1), 0 closed issues, 2 open issues (1, 2)

Concordium

45 merged PRs (1, 2, 3, 4, 5, 6, 7), 46 closed issues (1, 2, 3, 4, 5, 6), 48 open issues (1, 2, 3, 4, 5, 6)

Sirius Release NOW Available on Testnet

Conflux

16 merged PRs (1), 1 closed issues (1), 1 open issues (1)

DarkFi

1 merged PRs (1), 1 closed issues (1), 0 open issues

Dfinity

99 merged PRs (1, 2, 3, 4, 5, 6, 7), 23 closed issues (1, 2, 3, 4, 5), 13 open issues (1, 2, 3, 4, 5, 6)

The Internet Computer for Ethereum Developers

Dusk Network

21 merged PRs (1, 2, 3, 4, 5, 6, 7), 34 closed issues (1, 2, 3, 4, 5, 6), 26 open issues (1, 2, 3, 4, 5)

Elrond

77 merged PRs (1, 2, 3, 4, 5, 6, 7), 1 closed issues (1), 4 open issues (1, 2)

Espresso Systems

101 merged PRs (1, 2, 3, 4, 5), 48 closed issues (1, 2, 3, 4), 19 open issues (1, 2, 3, 4)

Findora

29 merged PRs (1, 2, 3, 4), 1 closed issues (1), 3 open issues (1)

Fluence

39 merged PRs (1, 2, 3), 23 closed issues (1, 2, 3, 4), 4 open issues (1, 2, 3)

Fuel

352 merged PRs (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13), 195 closed issues (1, 2, 3, 4, 5, 6, 7, 8, 9, 10), 145 open issues (1, 2, 3, 4, 5, 6, 7, 8)

Golem

25 merged PRs (1, 2, 3, 4, 5), 13 closed issues (1, 2, 3), 10 open issues (1, 2, 3)

Grin

2 merged PRs (1), 1 closed issues (1), 1 open issues (1)

Helium

16 merged PRs (1, 2, 3, 4, 5), 10 closed issues (1, 2), 3 open issues (1, 2, 3)

Holochain

27 merged PRs (1, 2), 4 closed issues (1), 5 open issues (1)

Announcing the Holochain Developer Education Initiative

IOTA

226 merged PRs (1, 2, 3, 4, 5, 6, 7, 8), 53 closed issues (1, 2, 3, 4, 5), 41 open issues (1, 2, 3, 4, 5, 6, 7)

Energy Consumption of IOTA 2.0

Maidsafe

51 merged PRs (1, 2, 3, 4), 10 closed issues (1), 5 open issues (1, 2)

MobileCoin

135 merged PRs (1, 2), 25 closed issues (1), 24 open issues (1)

MobileCoin launches Bounties on Gitcoin

NEAR

194 merged PRs (1, 2, 3, 4, 5, 6, 7, 8, 9), 49 closed issues (1, 2, 3, 4, 5, 6, 7), 42 open issues (1, 2, 3, 4, 5, 6, 7)

Nervos

180 merged PRs (1, 2, 3, 4, 5, 6, 7, 8), 3 closed issues (1, 2, 3), 3 open issues (1, 2, 3)

Oasis

49 merged PRs (1, 2), 1 closed issues (1), 3 open issues (1)

Parity

605 merged PRs (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14), 180 closed issues (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14), 167 open issues (1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)

Secret Network

12 merged PRs (1, 2, 3), 10 closed issues (1, 2, 3), 0 open issues

Shockwave Alpha Mainnet Upgrade is Complete!

Solana

559 merged PRs (1, 2, 3), 110 closed issues (1, 2, 3), 114 open issues (1, 2, 3)

Subspace Labs

94 merged PRs (1), 13 closed issues (1), 4 open issues (1)

Sui

489 merged PRs (1, 2), 146 closed issues (1, 2), 169 open issues (1, 2)

TezEdge

20 merged PRs (1), 0 closed issues, 1 open issues (1)

Zcash

175 merged PRs (1, 2, 3, 4, 5, 6), 86 closed issues (1, 2, 3, 4, 5), 34 open issues (1, 2, 3, 4, 5)

Rust in Bitcoin

An improvement to amount display types in Rust Bitcoin will help make BIP-21-encoded URIs shorter and their QR codes easier to scan. BDK implemented the “oldest-first” coin selection algorithm, which will be available to wallet authors in their next release. 0-conf channels have landed in LDK, allowing channels funds to be safely spent before there are block confirmations under some scenarios. Federico Tenga proposes a proof of payment protocol for LNP/BP. And in testing Bitmask RGB transfers, it’s been observed that Bitcoin L3 token protocols will result in a dramatic improvements in privacy.

For further details, see the links in their respective sections.

For discussion join the Rust in Bitcoin Telegram group.

BDK

25 merged PRs (1, 2, 3, 4), 21 closed issues (1, 2, 3, 4), 12 open issues (1, 2, 3, 4)

OldestFirstCoinSelection

Bitmask

3 merged PRs (1), 1 closed issues (1), 0 open issues

Comment on RGB token transfers and their privacy

Zero-conf Channels

LNP/BP

8 merged PRs (1, 2, 3), 8 closed issues (1, 2), 0 open issues

Discussion around a proof-of-payment protocol

Added amount::Display - Added a configurable Display type for denominations or other user-facing amounts. This patch reduces all representations of numbers to the minimum width by default, thereby reducing the use of superfluous zeros that caused BIP21 URIs to be needlessly longer, which often made QR codes larger or harder to scan than necessary.