Velar cuts bridge for Stacks

Lesson# 2: This is the Voting contract which will select the new owner and at a time only proposal can create. Contract Explanation: => Struct Proposal will hold the start time and new owner address. => Function propose will create the new proposal. => Function vote will use to give a vote and voting time period will be 2 days. => Function end have some checks like 50% of the tokens used for the voting and then make a new owner and delete the data from struct. What is the bug in this contract? Let's take an example If user A create a proposal and he did not get too much vote. So, When the voting period comes to an end he will do multiple operations in one transaction like: 1) Flash-loaning large amount of voting tokens from its AMM contract. 2) Transfer tokens directly to the voting contract without any access control. 3) Invoke the end function to become the owner. 4) Withdraw the funds by using getLockedFunds. 5) Re-pay the loan. #smartcontracts #security #blockchainsecurity

Developing innovative products brings new security risks that must be addressed cautiously. At Folks Finance, when we started our new crosschain product, xChain, complexity hit differently. We had to protect both Algorand and xChain protocols. No shortcuts. During almost 3 years on Mainnet, our products, thanks to our strict measures, have never fallen into stolen money due to security breaches. We always protect the code with multiple audits, and recently, we have started to use public audit competitions. White hat hackers showed us blind spots traditional auditors missed. On DeFi risks do not rely only on the code but also on the economic part of the protocol, that is why we implemented strict caps on: - Borrowing - Collateralizing - Crosschain transfers We want to make sure that the risks are always monitored and mitigated. DeFi isn’t a game; builders must consider the safeguarding of users' funds at the core of the protocol mission.

The profound and often hidden costs following a hack go far beyond lost funds. Hacks, such as the infamous Euler Finance breach of 2023 which... 💔 shattered user trust 🤬 plunged the community into fear and anger 〽 left a lasting stain on the protocol's reputation. The devastating event forced the team into a frantic crisis mode, derailing their dreams and delaying progress... While also spreading fear and uncertainty throughout the entire DeFi ecosystem, illustrating that the true toll of a hack goes far beyond financial loss. #web3 #security #blockchainsecurity

You’re logging into your bank’s website, trusting it’s really your bank and not an imposter. Behind the scenes, DNSSEC is working to create a “chain of trust” that confirms the site’s legitimacy. But here’s the twist—the chain goes all the way up to the root DNS, which has no parent above it to verify its authenticity. So, how do we trust the root DNS zone? Enter the Root Signing Ceremony—a unique process that builds this ultimate layer of trust. It was fascinating to learn how the internet’s trust starts here.

You spoke. We heard. Introducing Figment Vaults! ✨ Enabling institutions to stake any amount of ETH. It’s time to simplify institutional ETH staking with Vault’s privacy and customization. This initiative enables institutions to stake any amount of ETH while catering to the unique needs of their business and end users. Vault features include: - Stake any amount of ETH - ETH is never commingled with other institutions - User sub-accounting - Multi-region support - Auto-compounding rewards - Non-custodial staking - Multi-client infrastructure 🤝 Figment Vaults is powered by our SOC2 certified Ethereum Infrastructure, ensuring a robust and multi-layer security to mitigate Double-signing risks. This release of Figment Vaults is just the beginning. Read more in our blog here. 👉 https://lnkd.in/eMG_67VG

✨ Imagine being one of the 4 lucky addresses to receive 100 USDC on the zkSync Era chain. Airdropper Protocol trusted its system to distribute tokens based on Ethereum L1 activity. But what if something went wrong? 😔 During the audit, we uncovered 3 critical vulnerabilities that could have put the whole process—and your rewards—at risk. Security flaws in the claim process could have jeopardized fairness and transparency. 🎯 At Icon0x, we understand how vital trust is in the world of decentralized finance. That’s why we specialize in making sure your smart contracts are secure, reliable, and ready to perform. With our expert auditing services, you can distribute your airdrops with confidence. Don't leave your project’s success to chance. 📩 Reach out to us today and let’s make your protocol bulletproof! #SmartContractAudit #DeFiSecurity #AirdropAudit #BlockchainSecurity #zkSync #Ethereum

Elevate your #documentmanagement game with #CryptoESIGN! Seamlessly fill forms and sign digitally, boosting efficiency and security. Say goodbye to manual paperwork and hello to streamlined workflows. Read blog to know more: https://lnkd.in/dxjcZmqp

📚 Habit Stacking = Study Out Loud + Posting on LinkedIn 📚 TryHackMe | Encryption - Crypto 101 This room highlights the importance of encryption to protect confidentiality, ensure integrity, and authenticity. There are many layers to protect sensitive data. For example there are industry standards like PCI-DSS (payment card industry data security standard), or encrypted tunneling for an unsecured internet using SSH (secure shell), or certificates to validate businesses. The two main categories of data encryption are symmetric (uses the same key) and asymmetric (uses a pair of keys). Highlights: 🔸 Digital signatures prove the authenticity of files using asymmetric cryptography where the user's private key is verified by their public key. 🔸 🔸 🔸 Certificates prove the identity of the web server for a business. 🔸 SSH uses usernames and passwords to log into virtual machines 🔸 SSH Private Keys are like passwords and are used to log into servers 🔸 Diffie Hellman Key Exchange is a way for two parties to communicate secretly over the internet by exchanging cryptographic keys.

#CRYPTOBASICS PART 2️⃣ What is #staking? Simply put, improve a Proof-of-Stake network (security and processing) by locking funds into it while earning rewards! Read more in our guide at https://lnkd.in/dF_NQ-uk #cryptostaking #stakingtax #stakingtaxes #stakingtaxtool #stakingtaxsoftware #cryptoportfolio #cryptoportfoliotracker #cryptotaxes #cryptotax #cryptotaxsoftware #cryptotaxtool

More on the passkey front. Developments from FIDO have made sign-ins 75% faster and 20% more successful than password-based authentications. What are passkeys? A method of authentication without a password that leverages public-key cryptography to authenticate users without requiring them to remember or manage long strings of characters. https://hubs.la/Q02TKVnb0