OpenZeppelin

Axelar network devs + OpenZeppelin are joining forces to solve liquidity fragmentation in the EVM ecosystem + unlock interoperability for Web3 builders with a single click. Ethereum is scaling horizontally, much like the internet itself. L2 blockchains are proliferating alongside modular + application-specific chains. These blockchains are compatible with the Ethereum Virtual Machine (EVM), but they are not natively interoperable with Ethereum. Most L2s establish a baseline cross-chain connection to Ethereum via a sequencer + bridge. The sequencer passes bundles of verified transactions to the Ethereum blockchain for final verification. The bridge allows users to move wrapped assets between Ethereum and the L2. This creates bad UX, falling short of the interoperability that is core to the Ethereum blockchain itself 🤦 ❌ Apps redirect users through "bridge" interfaces ❌ Users can't transact between L2s directly ❌ Apps can't integrate functions on other EVM chains These are the dimensions of Ethereum's interoperability problem. Efforts to find a solution are picking up momentum across the EVM community. Interop Labs + OpenZeppelin are joining these efforts, working in 2 stages to make interoperability a core part of EVM 👇 1️⃣ Axelar network will be integrated into @OpenZeppelin libraries + Contracts Wizard, enabling interop at ground level for EVM ecosystem devs: 🌐 Full EVM interoperability 🦾 Seamless + simple from Day 1 🧲 Eventually available to all Cairo + Solidity dApp builders 2️⃣ OpenZeppelin + Interop Labs will collaborate on Ethereum Improvement Proposals (EIPs) designed to improve interoperability at the protocol level + make it easier for applications built on EVM chains to connect seamlessly. Security is core, as always. The collaboration will include bug bounty + incident response programs. Open-source development is also a core commitment. Deliverables will be publicly available under open-source license, fostering transparency + encouraging open contributions. Learn more: get involved with Interop Labs + OpenZeppelin efforts to address a critical pain point in the Ethereum ecosystem 👀 Read the OpenZeppelin blog ⤵️ https://lnkd.in/ej36EPb2 🔔 Join us on the Multichain Nation podcast, Thu 5pm UTC ⤵️ https://lnkd.in/ezYeVSnE

Institutional adoption of blockchain technology hinges on the security and reliability of smart contracts. Moody’s Ratings interviewed OpenZeppelin to discuss the pivotal role of standardized security practices. Explore the insights and potential solutions to the industry's challenges, including the need for uniform auditing standards and the integration of emergency 'kill switch' mechanisms without compromising decentralization. Read this Q&A installment from Bits, Bytes, and Basis Points here: https://mdy.link/469EkZ9 #Blockchain #SmartContracts #InstitutionalAdoption #DigitalEconomy #Security

OpenZeppelin has onboarded tens of thousands of developers to Ethereum and secured over $5.48T USD in value transferred. Unfortunately, the onchain world is still riddled with security gaps, poor developer experiences, and insufficient tooling. This is why, for the last few years at OpenZeppelin, we’ve been hard at work integrating our stack beyond the EVM, bringing our stack of products and services to Starknet, Arbitrum Stylus, and Polkadot. We believe that for onchain ecosystems to be successful, builders need a secure environment that works for everyone, from hackathon teams to large enterprises. I’ve had a blast this last year expanding our footprint across ecosystems and supporting our mission to protect the open economy, regardless of which execution environment it runs on. If you’re an ecosystem looking to provide a secure environment for your builders, check out our ecosystem stack: https://lnkd.in/dGFAY7AQ 🫡🛡️📚

Loved meeting all the amazing founders at a16z crypto in London and leading a Security Best Practices Workshop together with Michael Lewellen! At OpenZeppelin, we're delighted to empower the web3 community by sharing our leading security strategies with the next wave of innovative projects and their fantastic teams! Thank you Maggie Hsu Emily Graff and Anna Semenova 🇺🇦 for creating this opportunity. Fantastic people, great projects, and positive energy!

📣 OpenZeppelin is the TOP Security pick for The Arbitrum Foundation 📣 After a competitive 7-day vote against top-tier firms, we're honored to be the TOP choice to lead the Security charge! 🫶 Heartfelt thanks to all who championed our cause. 💪 Together, we'll bolster The Arbitrum Foundation resilience and shape the future of Rollup security. 👩💻 Come join our team! https://lnkd.in/dndAUNYA 👀 Dive into our winning proposal on the Arbitrum forum: https://lnkd.in/dRpQNYvV

📣🦀 ICYMI - The Arbitrum Foundation x OpenZeppelin 🦀📣 We're thrilled to announce the expansion of OpenZeppelin Contracts and Defender to Arbitrum Stylus, on top of our commitment to provide top-notch security services to builders in the ecosystem. 👀 You can read the full details here: https://lnkd.in/d2h4AMdv 👩💻OpenZeppelin is constantly looking for talented people to join the team and contribute in many different ways to our mission to help protect the open economy. 👉 Find your dream job here: https://lnkd.in/g-kiEPtD #web3 #blockchain #defisecurity #blockchainsecurity #arbitrum #audit #openzeppelin #defi #hiring #remote #applicationsecurity #technology #ethereum 🚀

📣 OpenZeppelin Defender 2.0 announcement 📣 Our mission-critical security, operations, and automation platform — is now generally available! Features:  👁 Code Inspector: powerful analyzer integrated with Github  🚀 Deploy: cross-chain deterministic contract deployments ⚡️ High efficiency and low cost for automation and operation with Relayers, Monitors and Actions  🌐 Support for private or forked networks, app chains, and rollups  🆕 Sepolia networks, Linea.build, Base, Polygon Labs 🚑 Incident response with Workflows  🎛 Access Control interface for contracts  📝 New tutorial and guides on docs  ✨ Redesigned interface  And much more… We provide native support for more than +40 networks, such as zkSync, Optimism Foundation, Moonbeam Network, Gnosis , BNB Chain Innovation, Avalanche, Fantom Foundation, Mantle Network, Scroll, MELD and more! Additionally, you can now add any custom, private or forked network on Defender. 👀 If you are a Defender user or want to try it, read on https://lnkd.in/d9JsYq7k

📝 MUD The MUD system [https://lnkd.in/g-cwDuFW]  provides a cohesive range of standard and extensible functionality to quickly develop blockchain applications. It compresses the complexity of building EVM apps with a tightly integrated software stack that handles data storage, upgrades, delegations, etc. The central component of the MUD system is the STORE, which is a contract that behaves like a database. All persistent storage is presented as a set of tables, and the STORE contract takes care of mapping this structure to the linear EVM storage layout. Although the STORE contract provides the basic database functionality, it will typically be extended to provide higher-level abstractions for users and developers. One such extension is the WORLD contract (in conjunction with the CORESYSTEMS contract) which provides generic and flexible mechanisms for many standard features. We found 32 issues including 2 Critical’s and 6 Medium’s: 🔴 Critical Severity: - Namespace Access Can Be Backdoored - Core System Can Be Disabled 🟡 Medium Severity: - Incorrect Hook Parameter - REQUIREINTERFACE Is Incorrectly Specified - Sliced Bytes Are Cut Off - Memory Corruption on Load From Storage - REGISTERFUNCTIONSELECTOR Can Be Front-Run and DoS'ed - Misleading Documentation 🟢 Low Severity: - Missing Table Registration - Off-Chain Indexers Can Lose Track of On-Chain State - Namespace Balance Transfer Value Can Be Lost - Delegation Can Be Misconfigured - Deployment Edge Case - Incorrect ERC-165 Interface - Incomplete Table Validation - Incomplete Module Access Control - Incomplete Resource ID Validations - Inexplicit Revert - World Resource ID ROOT String Has Unexpected Length - Override Removes Supported Interface 👀Read the full report at https://lnkd.in/gSW3ezyE 👩💻Interested in searching vulnerabilities in world class code? Join our team: https://lnkd.in/dndAUNYA #web3 #blockchain #defisecurity #blockchainsecurity #openzeppelin #defi #hiring #remote #applicationsecurity #technology #ethereum #smartcontracts 🚀

📝 RestakeFi Restake Finance is a modular liquid staking protocol developed on EigenLayer, utilizing users' liquid staking tokens (LSTs) as collateral in crypto-economic security for EigenLayer's validated services. This approach, known as rehypothecation, allows depositors to earn both Ethereum staking rewards and EigenLayer's native rewards. Upon depositing, users receive restaked ETH (rstETH) shares, issued at a 1:1 ratio. These pooled LSTs are then managed by DAO-controlled smart contracts, facilitating deposits into EigenLayer. This process offers users the flexibility to restake their LSTs liquidly without locking their assets. EigenLayer introduces restaking, a novel crypto-economic security primitive within the Ethereum ecosystem. It enables ETH holders, whether staking natively or through LSTs, to participate in restaking via EigenLayer's smart contracts. This process not only secures the network but also opens avenues for additional rewards. RestakeFi builds upon EigenLayer to offer a streamlined, user-friendly interface for earning rewards from LSTs. By automating the operator selection process, the system simplifies the experience for users. The STRATEGYMANAGER's expertise guides fund allocation, creating a hassle-free and efficient path to reward generation for users. Currently, RestakeFi exclusively supports liquid restaking and interacts with EigenLayer M1 contracts[https://lnkd.in/g4HtD_6y]. We found 27 issues including 2 Criticals and 1 High: 🔴 Critical Severity: - Attacker Can Downscale All Protocol Shares by 18 Decimals - Shares Not Burned After Redemption of Underlying Assets 🟠 High Severity: - Attacker Can DoS Withdrawals 🟡 Medium Severity: - DoS in Controller's DEPOSITWITHPERMIT Function - Funds Can Get Stuck Due to Incorrect Initialization 🟢 Low Severity: - Protocol Token Cannot Be Unpaused - Protocol Token Initialization Might Not Be Properly Configured - Floating Pragma - Improper Namespace NatSpec Tag for ERC-7201 - Missing Docstrings - Confusing Usage of STAKER Index - Use of Boolean Literal as Conditional - Incorrect Value Emitted in Event 👀 Read the full report at https://lnkd.in/gdMV5HAc 👩💻 Hey! Is this interesting to you? We're hiring: https://lnkd.in/dndAUNYA #web3 #blockchain #defisecurity #blockchainsecurity #restakefi #audit #openzeppelin #defi #hiring #remote #applicationsecurity #technology #ethereum 🚀

📝 Scroll Bridge Gas Optimizations Scroll is a EVM-equivalent ZK-rollup designed to be a scaling solution for Ethereum. It achieves this by interpreting EVM bytecode directly at the bytecode level, following a path similar to that taken by projects like Polygon's zkEVM and Consensys' Linea. We reviewed the changes made to multiple Scroll contracts. These changes had the single purpose of reducing the gas cost of the operation. 11 issues were found including 1 High and 2 Low’s: 🟠 High Severity: - ETH Deposits Can Get Stuck if They Are Not Successfully Bridged 🟢 Low Severity: - Implementation Keeps Functionalities for Deprecated Variables - Solidity Version Is Not Fixed and Its Use Is Inconsistent 👀 Read the full report at https://lnkd.in/gdmDTZvu 👩💻 Interested in joining OpenZeppelin? Learn more about our current job openings: https://lnkd.in/dndAUNYA #web3 #blockchain #defisecurity #blockchainsecurity #scroll #openzeppelin #defi #hiring #remote #applicationsecurity #technology 🚀