EthCC  2022 Breaking news day 2
The Furucombo team is happy to attend and sponsor EthCC Paris! We decided to summarize the talks we attended so everyone could join along in all the developments in the crypto space. The following will be a diary of our days at attending EthCC in Paris. Enjoy!
Gate Your App Without Doxing Your Users: ZK Attestations & Attestations as Web3 Cookies to Leverage your On-chain Data
Shared by Leo Sayous from Sismo. Sismo is a modular attestations protocol focused on decentralization, privacy, and useability. Sismo proposed a well organized solution that enables generating proofs to specific groups of accounts. Attester contracts issue attestations from claims about group memberships that are made by users. To prove themselves, users need to provide corresponding zk proofs — yet to be verified.
Who are the users of such Attestation? Attestation can benefit reputation systems, access control, and plays an important role in identity curation (which is also known as DID). Those attestations can be issued through a centralized credential, in a decentralized way (like a badge), in a non-transferrable token, or as a soulbound token. Despite the availability of on-chain service, attestation is also the key to the data liquidity. This data liquidity can be the key to break the current limits of web3 services.
How to Use DeFi to Facilitate the Fiat Funding of Crypto Companies
Shared by Victor Charpiat from Kolat. Many Web3 companies raise their funds through crypto. However, companies need fiat to operate. One of the solutions is using crypto as collateral, and borrowing fiat. In most of the cases, that collateral will be reused to generate extra interest. However, just like what just happened to Celsius & Three Arrows Capital, the lack of transparency put the lender at risk. KOLAT proposed a way to solve this issue by managing the funds through a multisig wallet in which KOLAT can be one of the verifiers which lowers the risk of funds being controlled by a single person. We can see that people are starting to become aware of the problem of these centralized entities, and are trying to figure out some solution to prevent such things from happening again.
OpenVino + Kleros: BioDigital Certification
Shared by Mike Tango Bravo from OpenVino. The presenter Mike is introducing their services, OpenVino, the open-source winery and wine-backed crypto-asset. WTB Token represents a bottle of wine. The vineyard owner can start to sell the wines which are not ready to sell yet (normally should be stored for about 3 years). The WTB holders can trade them anytime, and can redeem them to get a bottle shipped 3 years after production. Once you redeem it, you will get a token representing your share of that winery and you can also leave a comment attached to that series of wines on-chain. This can be fascinating for people who are probably not going to have their own vineyard, even if it’s just a tiny part of ownership. The Biodigital certification is achieved by running a staking & validating network. This is a good example of how Web3 can and will become a solution to one’s real-life problems.
State of ENS
Shared by Makoto Inoue from ENS. Everybody starts to find the connection on-chain by using POAP’s, ENS’, or OAT’s. A fun fact is that people who have ENS’ are generally not crypto developers, it’s owned by some brand. Another interesting development is that it’s about how to transfer your subdomain. For example, if there is a domain called `alice.furucombo.ens`, it will be represented by a real NFT. Furucombo can transfer this NFT to Alice, and now Alice has this subdomain’s ownership.
State of the Art of Ethereum Smart Contract Fuzzing in 2022
Shared by Patrick Ventuzelo from FuzzingLabs. Testing is an important stage of contract development. Fuzzing is known as one of the most efficient techniques to find bugs in software. When it comes to contracts, it provides a completely different idea from testing the function behavior. The number of fuzzers are still limited. Echidna has been developed for a comparatively long period of time, which is the most complete solution. Foundry is new but popular recently, which is worth looking forward to.
Re-imagining the DevEx/Ux of Wallets & Dapps
Shared by Gregory Markou from ChainSafe. The user experience has been more mature and crypto OGs are starting to get used to everything. However, there are still several points which make no sense from a user’s perspective, such as
- Requiring user to connect their wallet, which force user to reveal their actual address
- Wallets should return more information to keep the state synced with services (see EIP-1193, EIP-2831 for more information)
Another thing that is quite interesting is that the seed phrase we are using is based on BIP-39 is comprised of 12 or 24 words. By adding an extra word to the seed phrase (which is actually designed from the beginning), this lets users have an extra list of accounts, just like a squirrel hiding its nuts.
Building Decentralized Apps
In this speech, by Austin Griffith from Ethereum Foundation, Scaffold-eth is introduced. Scaffold Eth is a tool to support developers in debugging or demoing their contract easier. Also it is a good tool for web2 developers to get into the web3 world. They have a platform called SpeedRunEthereum which teaches people how to design a contract step by step. Also check out BuidlGuidl, a curated group of Ethereum builders creating products, prototypes, and tutorials to enrich the web3 ecosystem.
Human-friendly Contract Interactions with Sourcify Verification
Shared by Kaan Uzdogan from Ethereum Foundation. Users do ‘yolo-signing’, or blind-signing when interacting with their wallets these days. As a smart contract developer, you could use Natspec to describe function information. The comments will be stored in metadata after being compiled. The metadata hash will be appended after contract bytecode, which can be linked to ipfs if the data is uploaded. As a wallet developer, you can decode contract bytecode to get the metadata to show the information of functions.
Building Secure Contracts: How to Use Fuzzing Like a Pro
Shared by Josselin Feist & Natalie Chin from Trail of Bits. As we always say, testing plays an important role in developing. There are different ways to find vulnerabilities, such as unit test, manual review, fully automated analysis (like Slither), and semi automated analysis (like Echidna). Unlike the other softwares, smart contract focuses on finding the invariants to keep the contract in a correct state. To define good invariants, the speaker suggests to start small, and iterate through several steps:
- define in English
- write in solidity
- run echidna
The target of the invariant can also be identified in two perspectives: function level and system level. For function level invariants, it’s usually stateless. For system level, it’s usually stateful and requires certain initialization. Starting simple, then follow with composition. Fuzzing can be a very useful tool to discover bugs that are hard to discover through other ways.