Welcome to the #42 edition of Rust in Blockchain, the monthly newsletter about Rust, distributed systems, cryptography, and other industry topics. Previous: #41.
It was a bonanza of a month for blockchain Rust, with many new projects appearing and blogging about their work, including a new HotStuff derivative, HotShot, a new Ethereum light client, Helios, a new Ethereum full node implementation, reth, a new ZKVM, OlaVM, and a Rust SDK for Avalanche. We also heard more about the Plonky2 zero-knowledge prover.
In recent months we’ve noticed a steady trickle of security advisories
relevant to Rust blockchains, with new advisories this month
We hope everybody is running
but note that
cargo-audit references only the RustSec advisory
database, and some vulnerabilities reported to the GitHub advisory
database are not in the RustSec advisory database. Neither the
libp2p advisories published this month are currently in the RustSec
In other security news, Secret Network’s trusted execution environment was completely compromised. Fortunately it was done by whitehat researchers, but it’s more bad news about SGX and secure enclaves.
RiB needs help to keep up with Rust blockchain projects. If you follow a particular project, or otherwise find information that is beneficial to the Rust & blockchain community, please contribute to the next issue by submitting a PR to the next draft.
Each month we like to shine a light on a notable Rust blockchain project. This month that project is…
The behavior of Avalanche subnets is defined by customized VMs, which communicate with the Avalanche node over RPC. Avalanche VMs are typically written in Go. This is an official SDK for developing Avalanche VMs in Rust.
It was announced recently in a blog, Rust VM SDK: Build Custom Virtual Machines on Avalanche using Rust, and there is documentation available: How to Build a Simple Rust VM.
There are two example VMs using the SDK:
- Minority Corruption Resilience in Byzantine Generals With Unknown and Fluctuating Participation
- The Latest View on View Synchronization
- Leader Election from Randomness Beacons and Other Strategies
- Upgradable Smart Contracts: What They Are and How To Deploy Your Own
- Designing Secure Access Control For Smart Contracts
- Specialized Zero-Knowledge Proof failures
- Unique Pseudonymity on Ethereum: Verifiably Deterministic Signatures on ECDSA
- Decentralization of ZK Rollups
- Constructing ZK SNARK Circuits
- How to transform code into arithmetic circuits
- CESC ‘22: Field Notes from the Zero Knowledge Workshop
- Theory of Cryptography Conference ‘22: Field Notes
- Parse, don’t validate — correctness in smart contract development
- Plonky2: A deep dive. More about the zero-knowledge prover from Mir protocol.
- DLC on Lightning.
A description of the first discreet log contract
on the Lightning network, written with
- These two recent posts provide a good overview of the ecosystems building on Bitcoin, some of which are developed in Rust:
- Folding Schemes with Selective Verification
- Practical Settlement Bounds for Longest-Chain Consensus
- An Auditable Confidentiality Protocol for Blockchain Transactions
- Linear-map Vector Commitments and their Practical Applications
- Ligero: Lightweight Sublinear Arguments Without a Trusted Setup
- Extensible Decentralized Secret Sharing and Application to Schnorr Signatures
- Vortex: Building a Lattice-based SNARK scheme with Transparent Setup
- HotShot. A BFT consensus protocol based off of HotStuff, with the addition of proof-of-stake and VRF committee elections. Blog post: Espresso HotShot: Consensus Designed for Rollups.
- Helios. A fast, secure, and portable light client for Ethereum. Blog post: Building Helios: Fully trustless access to Ethereum.
- decaf377. A prime-order group designed for use in SNARKs over BLS12-377. Blog post: Introducing Poseidon377, our instantiation of a SNARK-friendly hash.
- miniSTARK. GPU accelerated STARK prover and verifier.
- Nova-Scotia. Middleware to compile Circom circuits to Nova prover.
- OlaVM. A new ZKVM. Blog post: Hello, OlaVM!
- reth. A new Ethereum full node implementation in Rust. Blog post: Introducing Reth.
- Shinobi. A private bridge from Bitcoin to Secret Network.
secp256k1- Unsoundness. Related to usage of
ckb- Large dep group requires a lot of resources to process but the cost to commit the transaction is very low
ckb- Transaction header_deps validation issue (network forking)
ckb- type_id script resume may randomly fail
tauri- Tauri Filesystem Scope can be Partially Bypassed
wasmtime- out of bounds read/write with zero-memory-pages configuration
wasmtime- may have data leakage between instances in the pooling allocator
alyun-oss-client- Leakage Aliyun KeySecret
libp2p- DoS vulnerability from lack of resource management
Most Active in November
Parity: 439 merged PRs, 186 closed issues, 124 open issues
Sui: 395 merged PRs, 160 closed issues, 170 open issues
Solana: 264 merged PRs, 53 closed issues, 31 open issues
Fuel: 247 merged PRs, 165 closed issues, 137 open issues
Filecoin: 224 merged PRs, 131 closed issues, 92 open issues
- Espresso HotShot: Consensus Designed for Rollups
- Decentralizing Rollups: Announcing the Espresso Sequencer
- Releasing Espresso Testnet 1: Americano
- The Filecoin Spacenet goes live
- Filecoin Network v17 Shark Upgrade
- Paper: Temporary Block Withholding Attacks on Filecoin’s Expected Consensus
- Notice: Successful Resolution of xAPIC Vulnerability on Secret Network. Secret Network’s TEE was completely compromised. More at the researcher’s site.
Rust in Bitcoin
For discussion join the Rust in Bitcoin Telegram group.
4 merged PRs (1), 0 closed issues, 0 open issues
- Contractum. A new smart contract language for RGB.
1 merged PRs (1), 0 closed issues, 0 open issues
If we’ve missed any other notable Rust Bitcoin projects or ecosystems, feel free to contribute!
Rust in Ethereum
If we’ve missed any other notable Rust Ethereum projects or ecosystems, feel free to contribute!
Dec 15 | Online
Feb 24 — Mar 5, 2023 | Denver, USA
Jobs can be found at Job Board.
Want to be included in the next issue? Feel free to submit a PR to the next draft.
Join the discussion on RiB telegram group ❤️