Crypto Chasers

Contributor: Script Money
Full-stack engineer, familiar with Web3 development ecosystem, has written some technical tutorials

This article is the sixth issue of the bi-weekly report produced by CryptoChasers (20231018-20231031), the information is sourced from personal collection and community group chats. It mainly focuses on practical content related to Web3 development and Crypto activities.

Section settings description:
Editor's Picks of the Week: 3 most noteworthy information recommended by the author
Recommended Tools: 3 developer tools recommended by the author worth trying
Hot Topics in the Community: 3 hot topics from this week and a historical week in the community group chat
Developer Activities: Grants and hackathons that can be participated in the coming weeks
Recommended by the Community: Projects, recruitment, advertisements, etc. from community members

Welcome to submit contributions in the comments section or private message the author

Editor's Picks of the Week#

ParadigmCTF write up#

Website: https://github.com/fuzzland/writeup
Reason for recommendation: Fuzzland's community member @0xAWM_eth provided the answers to ParadigmCTF2023, and they also achieved a good ranking of 4th place.

ZK-Hunt: A new attempt to hide information in a full-chain game#

Website: https://xlog.app/post/captainz/ZK-Hunt-quan-lian-you-xi-shi-xian-yin-cang-xin-xi-de-xin-chang-shi-md
Reason for recommendation: A deep blockchain technology design article, the link is the Chinese translation version, suitable for developers interested in learning zero-knowledge proofs or full-chain games.

Laputa#

Website: https://github.com/Cygnusfear/laputa
Reason for recommendation: A high-quality project that won 4 awards in the just-ended ETH global online 2023. The contract uses MUD2.0, the frontend is react-three-fiber, and it implements a pure web3D interactive interface. The code is fully open source. It is suitable for frontend developers and friends interested in MUD to learn.

Recommended Tools#

heygen#

Website: https://www.bilibili.com/video/BV1Gh4y1i7bU/
Reason for recommendation: heygen is a tool used for video lip-syncing and language conversion that has recently become popular. The link is a technical analysis video brought by @数字黑魔法.

latent consistency model#

Website: https://github.com/replicate/latent-consistency-model
Reason for recommendation: A new sampler for quick image generation, greatly reducing the required steps and image generation time. The official library for Mac is provided, and plugins for using it in WebUI can also be found. There is a trial link: https://replicate.com/luosiallen/latent-consistency-model

Fe#

Website: https://fe-lang.org/docs/index.html
Reason for recommendation: Fe language in the Ethereum ecosystem, similar to Rust, used to write smart contracts instead of Solidity. In the upcoming ETH Istanbul, there is a separate prize for applications built with Fe, which shows that the foundation values this tool. Those interested can learn more about it.

Hot Topics in the Community#

Topic 1: How to implement task scheduling and logging in Rust#

1. Rust can be executed by calling rust-script through a script.
2. The SDK of xxl-job mainly supports Java, and other languages need to use shell or HTTP API for calling.
3. Use crontab for task scheduling.
4. Use HTTP for scheduling and load balancing.
5. Use the log storage function of cloud services.
6. Use ELK with K8S cronjob for logging and aggregation analysis.
7. Use betterstack for logging and aggregation analysis.
8. Integrate crontab and logging with Render cloud services.

Topic 2: Discussion on the issue of encountering unknown IP requests when using Flask to write services#

1. Use nginx to configure basic authentication for authorization.
2. Change the request method from GET to POST.
3. Check the specific content of the request, such as whether the password is directly sent.
4. Check the source IP of the request to determine if there are multiple IPs attempting collision.
5. Use encrypted transmission, such as HTTPS.
6. Remove API parameters from the URL.
7. Use network service providers for security protection.
8. Record logs and analyze detailed information of requests.
9. Use UUID as the password and do not respond or sleep for a few seconds in case of errors.
10. Set a server whitelist to only allow requests from IPs on the whitelist.
11. Limit IP ranges and only allow requests from specific sources.

Topic 3: Discussion on issues encountered in array operations in Solidity storage layout#

1. Ensure that the first slot of the array is the length, and the elements come after.
2. Trying to operate at slot+1 or slot+2 positions may fail.
3. Pay attention to the storage method of the array, there is no need to use keccak256, it is stored sequentially.
4. Ensure that there are no problems when writing data, the problem may occur when retrieving data.
5. Use sload to get the correct value.
6. Ensure that the array is read only after writing the length to the slot.
7. Adjust the shift operation to be consistent with the push operation.

Hackathons & Events#

Not many new events, you can check the previous issue for past events

• https://community.starknet.io/t/announcing-the-early-community-member-program/102092 StarkNet's community contribution application, any contribution that helps the development of StarkNet can be applied, deadline is November 23rd.
• https://permahacks.arweave.dev/ Arweave hackathon from October 30th to November 10th

Recommended by the Community#

• Very useful Twitter API: https://apidance.pro/
• Fuzzland, a blockchain security analysis platform, is hiring. Experience in Rust and Web3 is required, and experience in Fuzzing is preferred. Fully remote work. https://fuzzland.notion.site/We-Are-Hiring-af638527ff654395a950121a2f0809fc
• Vulnerability discovery ZKP platform: https://www.0xhacked.com/
• CTF hosted by Fuzzland, starting from December 1st, lasting for 2 days: https://ctf.blaz.ai/