ChainLight

We did it again. We are thrilled to announce that ChainLight has won @defcon 32, the Olympics of CTF. This marks our 8th victory and the first time any team has won 3 consecutive years in the DEF CON history. 🧵For those new to ChainLight, here’s a little thread about us:

🤝 New partnership: Theori x @okta finance.yahoo.com/news/theori-ok… We’re bringing red-team firepower + automated pentesting as Okta’s trusted security service provider. Raising the bar for identity threat resilience 🚀

Thank you for reading. To stay up-to-date with the latest report and research from our award-winning security researchers: 👉 Subscribe Newsletter: mailchi.mp/chainlight/new… 👉 Join Discord: discord.com/invite/chainli… (6/6)

3️⃣ @th3r0ar Loses $780K • Using a backdoor function in the staking contract, the deployer manipulated the token balance of a specific address by directly altering the storage. • The team attributed the responsibility to an external developer. (5/6)

Which rug pulls, exploits, and security breaches happened this week? Read this 2-minute weekly summary to stay in the loop 🧵👇 (1/6)

When we released the ZK Book over a year ago, we took the ZK education space a huge step forward. Our book pioneered the approach of "just enough math" to learn ZK. Today we do it again with a new addition to the ZK Book. "Circom and Constraint Design Patterns" This new section focuses on how to design, create, and audit non-trivial ZK circuits. You've probably seen a lot of tutorials about how to prove you know the evaluation of a polynomial using Circom. But how do you go from there to designing a ZKVM or proving you know the primage of a traditional hash function (like MD5 or Keccak256)? The new part of our ZK Book takes you on a journey from multiplying to numbers together to: - building a ZKVM from scratch - coding constraints for the MD5 hash function - learn the recurring design patterns in constraint design The last part was interesting because some of the established "design patterns" don't even have names for them. We had to invent some terminology! As usual, we are extremely thoughtful about how we introduce the reader to new ideas to avoid overwhelming someone new. We are careful to ensure we teach the prerequisites in a sensible order and with a lot of examples. Each chapter shows how to build a circuit for an increasingly complex application. With each chapter, you both review what you learned previously and learn a new design pattern. Once you build up a collection of these design patterns, you can compose them together to build more complex applications, like the ZKVM or a non-trivial hash function. We put a huge effort into making sure that the material is both easy to understand and correct without any important omissions. We'd like to thank @ChainLight_io, @VeridiseInc, @PrivacyScaling, and @zksecurityXYZ for allocating time to review this work and provide suggestions. We are particularly grateful to @marcobesier from @zksecurityXYZ for working through several revisions to really get the chapters into a polished state. Special shoutout to @cal_nix for coauthoring the first seven chapters in this new part of the book! The topics we cover here are extremely fundamental. If you don't understand the materials here, learning the internals of more modern ZKVM or ZK L2 client will be quite challenging. Up until now, the absence of newcomer-oriented explanations for such foundational concepts has held the ZK space back. This new body of work isn't simply a "better explanation" of existing materials, but the first explanation at all -- outside of academic papers. We use Circom as the language of instruction since we consider it the most beginner-friendly. However, what you learn here generalizes to other frameworks like Plonky3, Halo2, o1js, and Gnark. The new articles now make the ZK Book over 38,000 words longer. You do not have to know how a ZK-SNARK works to read this section of the book, but there are a few prerequisites. These are listed in the "Introduction to Circom" chapter. As usual, the material is completely free with no login required.

Thank you for reading. To stay up-to-date with the latest report and research from our award-winning security researchers: 👉 Subscribe Newsletter: mailchi.mp/chainlight/new… 👉 Join Discord: discord.com/invite/chainli… (12/12)

9️⃣ A security engineer exposed as a DPRK scammer • Further investigations of @tanuki42_ revealed his activities: @aqualoan_io, which he contributed to, rugged and deleted its GitHub. • Nick Franklin initially denied the allegations but has now deleted his X and TG. (11/12)

Which rug pulls, exploits, and security breaches happened this week? Read this 2-minute weekly summary to stay in the loop 🧵👇 (1/12)