gm 👋
Thank you for being a part of the Cypherock family. Come rain, hail or storm, we are heads-down building the best possible product to keep your digital assets safe!
Over the next 8-10 minutes, we will be talking about hacks that caught our eye, DApps that we found interesting and our picks from Twitter and Reddit that we enjoyed.
If you loved the newsletter, message us! If you hated the newsletter, message us! We’re always looking for fresh perspective on things to cover and feedback to make your experience better!
Have an awesome week ahead!
Team Cypherock
Security Digest
setApprovalForAll: The double edged sword within the NFT ecosystem
NFTs have become a core aspect of the web3 ecosystem. The emergence of NFTs have attracted a major number of new entrants, and has allowed for new communities to form. As amazing as this innovation has been, infrastructure around NFTs have been faulty, and filled with vulnerabilities that attackers have explored to scam people into giving away thousands of dollars worth of digital assets. Today, we talk about one major vulnerability in the NFT smart contract ecosystem - setApprovalForAll.
Smart contracts are a core aspect of executing various functions for NFTs - send/receive and listing of NFTs on marketplaces are some common examples of functions that people execute with their NFTs. The setApprovalForAll function in a smart contract allows a particular asset to be transferred from your wallet at a later date from an operator. OpenSea for example will be using this function to transfer your NFT from your wallet to the wallet of buyer once your NFT has been sold.
Although an exceptionally useful function, in the case the operator has been compromised, the setApprovalForAll function may drain your wallet to a malicious address. Premint is a service used by NFT creators to collect a list of addresses before the mint date of their project. This is a tool that is used to create hype and prospect leads before any project goes live. Premint recently reported that they have been compromised. As of now, signing any transaction prompted by Premint may drain your wallet - due to the setApprovalForAll function, and this function will also be displayed on your Metamask Wallet. Further details of how the website was compromised are yet to be reported, but for now, it is advised that no transactions be signed prompted by Premint.
So, you want to mint NFTs but don’t know how to spot red flags: If you are using a wallet like MetaMask, review what functions that it is asking for. If you see a setApprovalForAll, be wary and research forums to verify the authenticity of the mint. Segregate wallets, and use each wallet for different reasons. If you want to mint an NFT, use a wallet that does not have any other assets besides those that are important for the mint. All other assets that you do not want getting compromised should be kept under cold storage.
Dapp News
Farcaster: A sufficiently decentralized social network
Decentralized social networks seem to be all the rage, but why has this innovation become so important? Founder of Farcaster, Varun Srinivasan notes that social networks with each passing year, places more restrictions on what users and developers can do. Social networks have the ability to close accounts, limit interactions and control what users see on their feed. On the developer end, as the need for auxiliary applications like games to attract users dwindled, developer capabilities were either limited or turned off due to increasing API costs and added complexity.
Decentralized networks could target these problems by ensuring open access to the network for developers, and being able to provide direct interaction between users and their audience. Farcaster wants to build a sufficiently decentralized network to solve these problems. Sufficient decentralization is not a term used to describe a lazy approach to decentralization, but a term used to define the interaction between to individuals with the ability to interact even if the network prevents it.
Twitter Tales
Strap in for one of the most in-depth state-of-Bitcoin threads ever, courtesy of Will Clemente. The thread talks about long term capital allocation theses, insights into mining activity and valuation methods for Bitcoin.
Reddit Reads
We know you like all things crypto security because you’re reading this newsletter. But, if you are a fan of candy as well, boy do we have a treat for you. u/D3FEATER has managed to make a Bitcoin cold storage wallet out of skittles, check out the post below!
The tastiest Bitcoin storage wallet from r/CryptoCurrency
Updates from Cypherock
PRE-ORDERS FOR INDIA ARE HERE 🇮🇳
As we have begun shipping Cypherock pre-orders within India, we will start shipping internationally over the course of the next two weeks. All pre-order information will be communicated via email.
In the meantime, if you could support our posts on Twitter, Facebook and LinkedIn that would greatly help us share our product with the rest of the world.
Is Your Crypto Safe? Take the Cypherock Quiz and find out!
Will your crypto get hacked? Are you going to lose your crypto? Cypherock has come up with a detailed quiz that will help you understand the pros and cons of your security model. Upon completion, you will get a detailed analysis mailed to you. Take the quiz now!
Here’s some alpha 🚀
Security is our utmost concern. We want to keep your crypto safe and give you the best possible experience interacting with the web3 ecosystem. Because we like you, we want you to make money too!
Cypherock recently launched an affiliate program. You receive a unique code by either signing up on our website, or by purchasing a Cypherock X1. Through your code, your referrals receive 25% off on their purchase and you make $50 per sale!
Sign up to become a Cypherock Affiliate!
Have questions regarding our product, or the affiliate program? Our Growth Lead loves chatting with people, hit him up here.