MetaMask Security Monthly: July 2022

Luker Jen Jul 28 · 4 min read GM, GA, GE, or GN, wherever you are! Here’s the latest from our Security Laboratory, some new bounty program stats, and a few things to help you keep security top of mind! Security Laboratory The FBI Laboratory in the early 1930s in Washington, D.C. Endo CommonJS support … Read more

MetaMask Security Monthly: June 2022

Luker Jen Jun 29 · 6 min read Get ready for this month’s jam-packed issue, where you’ll find details about our continued progress from the Lab, a not-too-shabby MTTR, our HackerOne bounty program, and more! Make sure you see our deprecation announcement. Security Laboratory Endo Support for “where are my source files” use cases complete! … Read more

MetaMask Awards Bug Bounty for Clickjacking Vulnerability

JS_MetaMask Jun 2 · 3 min read MetaMask has granted a bounty of $120,000 to the United Global Whitehat Security Team (UGWST), including René Kroka and José Almeida, for their responsible disclosure of a critical security vulnerability. There were no known instances of this vulnerability being exploited, and the MetaMask team has already patched the … Read more

Ethereum’s client diversity: with 66% running Prysm, is The Merge safe to pursue?

Around the middle of this year, Ethereum, the second-largest blockchain in terms of monetary value, and with hundreds of billions of dollars worth of assets depending on its operation, will transition from the Proof-of-Work consensus algorithm securing the system today, to the Proof-of-Stake system of tomorrow – a procedure described by many as changing the … Read more

Is Polygon safu? Critics: Multisig isn’t secure enough, $5B in jeopardy

Polygon is perhaps the most popular alternative to transacting directly on the Ethereum baselayer (L1), giving users the opportunity to do fast transactions with low fees. Polygon (MATIC) is best known as a so-called side-chain to Ethereum, i.e. an Ethereum Virtual Machine (EVM) compatible blockchain running its own set of validator nodes. However, the Polygon … Read more

Critical bug in Ethereum L2 Optimism, $2M bounty paid

Ethereum Layer-2 solution Optimism has fixed a critical software bug in one of its smart contracts on Ethereum. On February 2nd, the Optimism team was alerted by Jay Freeman of a critical bug in Optimism’s fork of the Ethereum Geth client software. As per the Optimism announcement “Funds Are Safu.” The bug made it possible … Read more

If Ethereum Foundation is accurately timing the market, here’s what it means

‘Buy the dips and sell the rally,’ would be any seasoned trader’s piece of advice for timing the market. But, this timing can seldom be accurate in real-time. But, interestingly, a recent observation by trader Edward Morra seems to suggest that Ethereum’s all-time highs are matching with the sell-offs by Ethereum Foundation. $ETHFriendly reminder that … Read more

SEC’s Gensler hardens stance on crypto, says ‘if they’re selling it, we’re regulating it’

The cryptocurrency industry’s unparalleled boom last year had brought with it the attention of regulators worldwide, all of whom have shown varied levels of acceptance towards the emerging asset class. The U.S Securities and Exchange Commission’s Chief for instance has repeatedly expressed his skepticism about the lack of investor protection and information offered by blockchain … Read more

OpenZeppelin Completes Smart Contract Audit of Origin Dollar (OUSD)

Security is our top priority at Origin. The security of our smart contracts that handle user funds and millions of dollars of value is paramount. These smart contracts represent the core of OUSD and are also the biggest attack vector for hackers and exploits. With that in mind, we have completed multiple security audits and … Read more