Crypto Chasers

Contributor: Script Money
Full-stack engineer, familiar with Web3 development ecosystem, and has written some technical tutorials.

This article is the sixth issue of the bi-weekly report produced by CryptoChasers (20231018-20231031), with information collected from personal sources and community group chats. It mainly focuses on practical content related to Web3 development and Crypto activities.

Section Settings Explanation:
Selected this week: 3 most noteworthy information recommended by the author
Recommended tools: 3 developer tools worth trying recommended by the author
Hot topics from the community: 3 hot topics from this week and previous weeks in the community group chat
Developer activities: Grants and hackathons that can be participated in the coming weeks
Recommended by friends: Projects, recruitment, advertisements, etc. from community members

Welcome to submit contributions in the comments section or private message the author.

This Week's Selections

ParadigmCTF write up

Website: https://github.com/fuzzland/writeup
Reason for recommendation: Fuzzland's community member @0xAWM_eth provided the answers to ParadigmCTF2023 and they also achieved a good ranking of 4th place.

ZK-Hunt: A new attempt to hide information in a full-chain game

Website: https://xlog.app/post/captainz/ZK-Hunt-quan-lian-you-xi-shi-xian-yin-cang-xin-xi-de-xin-chang-shi-md
Reason for recommendation: A deep article on blockchain technology design, the link is a Chinese translation version, suitable for developers interested in learning about zero-knowledge proofs or full-chain games.

Laputa

Website: https://github.com/Cygnusfear/laputa
Reason for recommendation: A high-quality project that won 4 awards in the just-ended ETH global online 2023. It uses MUD2.0 for contracts and react-three-fiber for the frontend, achieving a pure web3D interactive interface. The code is fully open source. Suitable for frontend developers and those interested in MUD.

Recommended Tools

heygen

Website: https://www.bilibili.com/video/BV1Gh4y1i7bU/
Reason for recommendation: heygen is a tool used for video lip-syncing and language swapping that has recently become popular. The link is a technical analysis video brought by @数字黑魔法.

latent consistency model

Website: https://github.com/replicate/latent-consistency-model
Reason for recommendation: A new sampler for quick image generation, greatly reducing the number of steps and image generation time required. The official library for Mac is provided, and plugins can be found for use in WebUI. There is a demo link at https://replicate.com/luosiallen/latent-consistency-model.

Fe

Website: https://fe-lang.org/docs/index.html
Reason for recommendation: The Fe language in the Ethereum ecosystem, similar to Rust, is used to write smart contracts instead of Solidity. In the upcoming ETH Istanbul, there is a separate prize for applications built with Fe, indicating that the foundation values this tool. Those interested can learn more about it.

Hot Topics from the Community

Topic 1: How to implement task scheduling and logging in Rust

1. Rust can be executed through script calling rust-script.
2. The SDK of xxl-job mainly supports Java, and other languages need to use shell or HTTP API for calling.
3. Use crontab for task scheduling.
4. Use HTTP for scheduling and load balancing.
5. Use cloud service's log storage function.
6. Use ELK with K8S cronjob for logging and aggregation analysis.
7. Use betterstack for logging and aggregation analysis.
8. Use Render cloud service to integrate crontab and logging.

Topic 2: Discussion on the issue of unknown IP requests encountered when using Flask to write services

1. Use nginx to configure basic auth for authentication.
2. Change the request method from GET to POST.
3. Check the specific content of the request, such as whether the password is directly sent.
4. Check the source IP of the request to determine if there are multiple IPs attempting collision.
5. Use encrypted transmission, such as HTTPS.
6. Remove API parameters from the URL.
7. Use network service providers for security protection.
8. Log and analyze detailed information of the request.
9. Use UUID as the password and do not respond or sleep for a few seconds in case of errors.
10. Set a server whitelist to only allow requests from IPs on the whitelist.
11. Limit IP ranges and only allow requests from specific sources.

Topic 3: Discussion on the issues encountered in array operations in Solidity storage layout

1. Make sure the first slot of the array is the length, and the elements come after.
2. Attempting to operate at slot+1 or slot+2 positions may fail.
3. Pay attention to the storage method of the array, keccak256 is not needed, they are stored sequentially.
4. Make sure there are no issues when writing data, the problem may occur when retrieving data.
5. Use sload to get the correct value.
6. Make sure to read the array only after writing the length to the slot.
7. Adjust the shift operation to be consistent with the push operation.

Hackathons & Events

Not many new events, you can check the previous issue for past events

• https://community.starknet.io/t/announcing-the-early-community-member-program/102092 StarkNet's community contribution application, any contribution that helps the development of StarkNet can be applied, deadline is November 23rd.
• https://permahacks.arweave.dev/ Arweave hackathon from October 30th to November 10th.

Recommended by Friends

• Very useful Twitter API: https://apidance.pro/
• Fuzzland, a blockchain security analysis platform, is hiring. Experience in Rust and Web3 is required, preferably with Fuzzing experience. Fully remote work. https://fuzzland.notion.site/We-Are-Hiring-af638527ff654395a950121a2f0809fc
• Vulnerability discovery ZKP platform: https://www.0xhacked.com/
• CTF organized by Fuzzland, starting from December 1st, lasting for 2 days: https://ctf.blaz.ai/