Succinct releases fix after revealing potential SP1 vulnerability, critics say communication process lacks transparency

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

BTC0.0₂₀

ETH0.0₂₀

HTX0.0₂₀

SOL0.0₂₀

BNB0.0₂₀

Succinct releases fix after revealing potential SP1 vulnerability, critics say communication process lacks transparency

01-29 06:29

Odaily News LambdaClass has come under scrutiny after it recently disclosed a serious security vulnerability in the proof generation process of Succinct SP1 ZKVM, a zero-knowledge proof infrastructure company. The vulnerability in SP1 version 3 was discovered in collaboration with 3Mi Labs and Aligned, and stems from the interaction of two independent security vulnerabilities. Succinct previously disclosed this potential vulnerability to its users via Github and Telegram. Although the vulnerability was quickly resolved before disclosure, the process raised concerns about the transparency of the security practices of the Zero-Knowledge Virtual Machine (ZKVM). SP1's technology is currently supporting upgrades to the rollup infrastructure under development: -Mantle Network has integrated SP1 to transition to ZK validity rollup, aiming to shorten transaction completion time and support institutional-grade asset settlement; -AggLayer uses SP1 to generate pessimistic proofs to ensure the security of its cross-chain interoperability solution; -Taiko has adopted SP1 as a ZK prover to protect its L2 execution using a multi-prover system; -Soon is a relatively new project that is building an SVM rollup framework that uses ZK fault proofs powered by SP1 to settle to Ethereum, similar to Eclipse, which uses RISC Zero. LambdaClass warns that the full impact of the vulnerability requires further assessment. It is worth noting that the exploitation of the vulnerability depends on the interaction between the two issues, which means that fixing one issue may not be enough to prevent exploitation. LambdaClass developer Fede stressed on social media that his team felt compelled to disclose the issue publicly after sensing a lack of urgency on the issue from Succinct. According to Avail's Anurag Arjun, Succinct leadership acted responsibly in fixing the issue, but he agrees that better public disclosure practices are needed. Arjun confirmed that his team was privately informed of the issue before the vulnerability was publicly disclosed. Avail's deployments were not at risk because they rely on Succinct's proprietary attestor, which remains under license. Avail's rollup clients have not yet started using their SP1-driven bridge contract, so there is no practical impact. At the same time, Succinct’s supporters point out that responsible disclosure often involves private reporting before public announcements to avoid unnecessary panic and potential exploitation. Additionally, Succinct's SP1 update version 4 (called Turbo) addresses the discovered vulnerabilities, and downstream projects have begun integrating these fixes. (Blockworks)

原文链接

最热快讯

2025-06-09 06:33:00

Former Huaxing Capital investor: Investing in Circle seven years ago was a matter of luck, but its current market value of $20 billion is unexpected

Odaily News Lei Ming, who was once an investor in Huaxing New Economy Fund, invested in Circle in 2018. In his latest interview, he said that there was a certain amount of luck in investing in Circle seven years ago. At that time, Circle's main business was not stablecoins, and its valuation was only US$3 billion. Now the market value of US$20 billion is somewhat unexpected. The core judgment of investing in Circle is that blockchain technology can create very large commercial and social value in the future. The essence of finance is license ability, and Circle happened to be the one with the most complete licenses at that time. Circle was listed on the New York Stock Exchange last week, becoming the "first stock of global stablecoins". After two trading days, the stock price has risen by 247.42% from the issue price, with a market value of approximately US$24 billion. This IPO issuance of Circle ultimately raised US$1.1 billion and received more than 25 times oversubscription. (IPO Early Knowledge) Earlier news, Hong Kong-listed company Huaxing Capital disclosed that its Huaxing New Economy Fund had invested in Circle as early as 2018. The company will continue to be optimistic about the development of blockchain technology and actively explore the layout in the fields of Web3.0 and cryptocurrency assets.

2025-06-09 06:03:56

OKX即将上线USDG (Global Dollar)

Odaily星球日报讯据官方公告，OKX 即将上线 USDG（GlobalDollar），具体时间安排如下：USDG 集合竞价时间段：2025 年 6 月 11 日下午 8：00 至 9：00（UTC+8）；USDG/USDT 现货交易开盘时间：2025 年 6 月 11 日下午 9：00（UTC+8）；USDG 开放提币时间：2025 年 6 月 11 日下午 11：00（UTC+8）。（本条快讯由AI辅助生成）

2025-06-06 03:23:37

Hyperliquid’s 50x leveraged BTC short position turned from loss to profit, with a floating profit of over $600,000

Odaily News According to hypurrscan data, as the price of BTC fell this morning, Hyperliquid's 50x leverage whale turned its previous BTC short position into a profit, with a current floating profit of over $600,000. Its current position is 394 BTC short positions, with a total value of over $40 million, an average opening price of $103,772, and a liquidation price of $104,230.

2025-06-06 02:59:35

James Wynn wrote a long article about himself: He started playing with contracts in March, earned 8-digit profits from Meme coins, and lost 100 million in a week

Odaily News James Wynn posted on the X platform that he had just started to participate in perpetual contract trading in March this year. He had never traded seriously before, and at most he speculated on MEME coins (previously he was famous for discovering PEPE at a market value of 600,000 and making 8-digit profits). He once rolled over 3 million US dollars to 100 million in just one month, and then lost it all in one week on HyperLiquid. At that time, he was just playing around, but the on-chain data was public, and hundreds of thousands of people watched his account soar and plummet, so he just let himself go. Later, things gradually got out of control. He understood that this was essentially gambling. He wanted to recover his losses, but he was also afraid of being laughed at for "making 100 million and not being able to keep it", so he got deeper and deeper. The numbers jumping on the screen became a virtual game, and greed completely prevailed.

2025-06-06 02:55:00

BTC rebounded and broke through 102,000 USDT, and the 24-hour decline narrowed to 2.87%

Odaily News OKX market shows that BTC rebounded and broke through 102,000 USDT, and is now at 102,016.4 USDT, with the 24-hour decline narrowed to 2.87%. (This newsletter is generated by AI)

2025-06-06 02:52:44

SlowMist: Lazarus hackers are using a new stealing Trojan, OtterCookie, to target cryptographic practitioners

Odaily News The SlowMist security team has issued a warning that the North Korean Lazarus hacker group is using a new stealing Trojan called OtterCookie to launch targeted attacks against cryptocurrency and financial practitioners. Attack methods include faking high-paying job interviews/investor negotiations, using deepfake videos to impersonate recruiters, and disguising malware as "programming test questions" or "system update packages." Theft targets include login credentials saved by browsers, passwords and digital certificates in macOS keychains, and encrypted wallet information and private keys. SlowMist recommends being vigilant about unsolicited job/investment invitations, requiring multiple verifications for remote interviews, and never running executable files of unknown origin, especially so-called "technical test questions" or "update patches." Strengthen terminal protection (EDR), deploy antivirus software, and regularly check for abnormal processes.

资讯热榜