Circle research

Weekly Crypto Recap 1/11-1/17

Know & go

  • Top story of the week: The Ethereum Constantinople upgrade has been delayed.
  • Three things to know: (1) Veil launches on mainnet (2) Grin launches on mainnet (3) The launch of Bakkt futures might be delayed due to the government shutdown.
  • Market snapshot: Total crypto market capitalization is around $122 billion at press time, down 1.3% w/w. BTC is trading at $3658 (down 1% w/w), ETH is at $122 (down 3.8% w/w). BVOL (the rolling 30-day annualized Bitcoin volatility as calculated by BitMEX) is 64%, the lowest so far this year, vs. 77% last week.
    (As of 1/18 10:30AM ET)

Weekly market snapshot

Top Story

Constantinople delayed

The Ethereum Constantinople network upgrade was supposed to take place on Wednesday January 16, at block 7,080,000, but has since been delayed. Chain Security, a smart contract audit team, found a vulnerability on January 15 that would compromise the security of the chain via a vulnerability resulting from EIP-1283. As we discussed in last week's recap, EIP-1283 was included in the Constantinople upgrade to lower the gas costs of certain storage operations.

What was the vulnerability?

The exploit discovered by Chain Security is called a reentrancy attack. Right now, every storage operation costs 5,000 gas. Post Constantinople, certain storage operations would cost only 200 gas due to EIP-1283. This reduction in gas costs would have made reentrancy attacks viable on smart contracts that met certain conditions. In a tweet, Chain Security stated they "found multiple cases of contracts that would become vulnerable to reentrancy with EIP-1283, however none of these result in critical exploits".

Reentrancy attacks. Smart contracts interact with other (external) smart contracts by "calling" them. A malicious external smart contract could keep withdrawing ETH from the first contract by "reentering" it at the same point over and over (i.e. calling the function multiple times) before the first invocation is complete (i.e. before the balance of the contract is adjusted at the end of the first invocation).

The DAO hack of 2016 (that caused the chain split of Ethereum Classic from Ethereum) was the result of reentrancy attacks that allowed attackers to steal 3.6 million ETH from the DAO smart contract.

What's next?

Because Chain Security found the exploit before Constantinople occurred, the Ethereum community decided to delay the upgrade so that the main chain would not be compromised. Ethereum developers held a meeting on Friday January 18 and proposed to implement the network upgrade in late February. According to Evan Van Ness, as of now, EIP-1283 will no longer be included in the upgrade.

The community is divided over the event. Most people understand that code will have security flaws and believe that it is a blessing that the vulnerability was discovered ahead of time. On the other hand, part of the community is concerned that it was too close of a call and ask why it wasn't brought to light sooner.

MyCrypto shared a great tweet thread answering that exact question: "[The vulnerability] isn't found by auditing the EIP or Geth or Parity. It is found by auditing every existing contract while that contract is on an already updated chain. Or by researchers imagining what devs could write that could be inadvertently exploitable."

In other news

  • The Bakkt launch has been delayed to spring 2019. The decision on the Van Eck/SolidX Bitcoin ETF could get delayed due to the government shutdown as well. Source.
  • Veil, the prediction market application built on Augur and 0x, launched on mainnet this week. REP, Augur's native token, is up 57% w/w. Source.
  • Brave surpassed 5.5 million monthly users and has over 28,000 publishers on its platform. Source.
  • Gnosis will launch a decentralized autonomous organization called dxDAO to govern DutchX, its decentralized exchange. Source.
  • Grin launched on mainnet this week. It is the second project to launch on the privacy focused MimbleWimble protocol. Source.
  • Paul Chou, CEO of LedgerX (crypto options exchange) believes "Ethereum futures [are] as premature as the bitcoin ETF proposals were two years ago". Source.
  • Swiss bank, Vontobel, plans to offer institutional clients custodian services for crypto. Source.

Crypto funding

  • Bakkt announced the purchase of the back office operations of a futures commissions merchant (Rosenthal Collins Group), including compliance, treasury services, and risk management. Source.
  • Vlad Zamfir is joining Casper Labs to build a fully scalable blockchain and deliver the Casper protocol upgrade. Casper Labs raised $20 million in funding led by Galaxy. Source.

Global regulatory roundup

  • China will implement new rules on blockchain companies starting February 15, that will require them to register their domain names and server addresses with the Cyberspace Administration of China (CAC). Non compliance will carry a fee of 5k-30k yuan ($737-$4,420). Source.
  • Malaysia's Securities Commission could release a full digital asset regulation framework by 1Q19. Regulation classifying "digital currencies and digital tokens" as securities came into effect on January 15. Source.
  • The ESMA published advice to EU institutions that lays out the rules that apply to crypto assets and provides the entity’s position on gaps in the current regulatory framework. Source.

What we’re reading

What we’re listening to

Circle in the news

Circle released the third attestation report on US dollar reserves backing USDC issued by independent accounting firm, Grant Thornton LLP as of December 31, 2018.

Where we’ll be in January

  • Crypto OTC Roundtable Asia, 1/19-1/20, Singapore
  • Binance Conference, 1/21-1/22, Singapore
  • World Economic Forum Annual Meeting, 1/22-1/25, Davos, Switzerland
  • Paris FinTech Forum, 1/29-2/1, Paris, France

If you have any thoughts or questions, please reach out at [email protected].

Disclosures

Reports, market insights, and other information (“Information”) provided by Circle Internet Financial Limited (“Circle”) or its affiliates have been prepared solely for informative purposes and should not be the basis for making investment decisions or be construed as a recommendation to engage in investment transactions or be taken to suggest an investment strategy in respect of any financial instruments or the issuers thereof. Information has not been prepared in accordance with the legal requirements designed to promote the independence of investment research and is not subject to any prohibition on dealing ahead of the dissemination of investment research under the Market Abuse Regulation (EU) No 596/2014. Information provided is not related to the provision of advisory services regarding investment, tax, legal, financial, accounting, consulting or any other related services and is not a recommendation to buy, sell, or hold any asset. Information is based on sources considered to be reliable, but not guaranteed, to be accurate or complete. Any opinions or estimates expressed herein reflect a judgment made as of the date of publication, and are subject to change without notice. Trading and investing in digital assets involves significant risks including price volatility and illiquidity and may not be suitable for all investors. Circle and its affiliates trade and hold positions in digital assets and may now or in the future trade or hold a position in an asset that is the subject of Information provided. As a result, Circle or its affiliates may be subject to certain conflicts of interest in connection with the provision of Information. Circle will not be liable whatsoever for any direct or consequential loss arising from the use of this Information.