Jeff Prestes - jeffprestes.eth

Explaining DeFi to your non-autistic friend is painful… until an anime girl does it. Welcome to the Ethereum DeFi Archipelago Tour with Yuki

AI KYC is here. New claude subscribers asked for gov ID & photo. Not even a regulatory requirement - Anthropic just doing it because they want to. But regulatory is coming Next up will be laws: No AI without gov-issued ID All AI use tracked to individual - no private AI

New Bank of Canada report on Aave is mostly favorable, they're basically saying yeah, this DeFi thing actually works, and we now have data to prove it. A central bank endorsing a bankless bank. We're getting there.

@frankencoinzchf @chain_security Gouda

Tonight, we'll have cheese with our friends from @chain_security. Want some as well? Comment about your favourite cheese as and win a spot for tonight!

Ethereum is going post quantum. pq.ethereum.org

Goldman Sachs CEO and former U.S. Treasury Secretary: Stablecoins will be “enormous” “You can use stablecoins to very effectively — particularly in small transactions; big transactions you use FedWire — to go from US dollar stablecoins to euros or yen or other things. I think it is enormous, and I think the stablecoin legislation is a big step in the right direction,” says former U.S. Secretary Treasury Steven Mnuchin. Goldman Sachs CEO David Solomon agrees: “Higher speed, less friction.” Both also agree that stablecoins are not a threat to the U.S. dollar, and will in fact strengthen it. Mnuchin explains: “If you have stablecoins that are backed by U.S. Treasuries, I don’t think the U.S. needs to issue its own stablecoin. I think you’re going to see enormous use cases for these.” “And enormous demand for the dollar over time,” Solomon adds. “To me, [stablecoins] strengthen the moat around the dollar and the dollar’s position as the global reserve currency.” Roughly 52% of all stablecoins live on Ethereum (~$163 billion). If you exclude Tron, Ethereum’s stablecoin dominance jumps to 71%. Source: @GoldmanSachs (Mar 2026)

Not sure I have ever been as productive in my life as in the last ~10 weeks: An extremely challenging yet worthwhile goal. The crazy progress of AI coding and heavy use of it. A very small team, world-class skills, and now the ability to multiply output thanks to AI. The result is @etheconomiczone — with a live devnet already: eez.dev. What is this? It will be: a) A new rollup that is fully composable with Ethereum. This means you can do either cheap transactions on this chain that only interact with contracts on this rollup, or more expensive transactions (similar to L1 costs) that can interact in a fully composable way between L1 and L2. So, for example, if you trade on this rollup, the routing can dynamically decide to use only L2 liquidity for a small trade, or for a larger trade — where the extra gas costs are worth it — to use both L2 and L1 liquidity. b) A whole framework that will allow new rollups, as well as existing L2s and sidechains (yes @gnosischain!!) to integrate into this “(Ethereum) economic zone.” Imagine: one could make a trade today simultaneously using Ethereum liquidity, but also Arbitrum, Base, or all the other L2s. This is what EEZ will allow. Now, let’s talk about the tech: Essentially, there are two core concepts that make all of this possible: 1) Proxy contracts 2) Real-time proving 1) Proxy contracts are basically a way to overcome the challenge that ~99% of all contracts are written in a way that only deals with addresses from a single chain. For example, a token or an NFT can be sent to an address, but not to an address on a specific other chain. Proxy contracts fix this. An address “A” on chain “n” will get a deterministic proxy representation, “A*”, on all other chains. So now, if, for example, A is a DAO on Ethereum and it should control, say, a fee switch in contract D (a DEX) on another chain, this can easily be done by setting A* as the owner of D. A (the DAO), on the other hand, can now call D* (the proxy representation of the DEX contract D) on Ethereum. All the cross-chain message passing in between is abstracted away — the contracts just call another contract and do not realize it is actually on another chain. 2) Real-time proving The proxy design already addresses the problem that there is no widely supported cross-chain message-passing standard in EVM land. So it alone would already be helpful for asynchronous calls, or better, calls that do not expect or require a return value. However, this would still not quite bring us to “synchronous composability.” Imagine a DEX trade: you do the first part of the trade on L1 and the second part on L2. You want to know the result of the second part — and if it did not get you the expected amount, you want to be able to revert the first part. This requires the call that triggers the DEX trade on L2 to have a return value. This was long assumed to be impossible - but with real-time proving, it no longer is. Basically, because Ethereum blocks are only produced every 12 seconds (and this would still work with, say, 6 seconds), that is now long enough to build and prove the L2 block that contains, for example, this L1→L2 DEX trade. If you want to learn more, don’t miss the talk by @tw_tter and @jbaylina on Tuesday at @EthCC! Let’s make Ethereum ONE again!

Aave V4 is now live on @ethereum.

Such big news for the entire web3 ecosystem : SEC sets what tokens types are NOT securities: sec.gov/newsroom/press…

@poapxyz you must sell your amazing platform to Luma and keep it running

POAP is going into maintenance mode as of March 16th. Existing issuers will continue to have access to POAP platform tools as usual, but new issuers will no longer be able to access the platform. Read more about what's happening 👇

an AI agent that can buy things on its own. not a bad idea @agentcardai agentcard.ai/?ref=jeffprest…

1/10 @SkyEcosystem's Core Allocator System looks complex until you break it into 4 pieces: Vault, Buffer, Oracle, and Dss Blow. This is the contract layer that generates USDS and routes capital into Prime Agents (“Stars”). Dewiz unpacks it through the Obex case study. 👇

Execution is becoming a commodity; vision is the premium. After months using #AI, it’s clear: you delegate the "how," but you must own the "what." Most people fail with AI not because the tool is lacking, but because their goals are blurry. Clarity is the new code. 🚀 #AI #SoftwareEngineering

Are you ready for this new kind of organization? x.com/VadimStrizheus…

Now, account abstraction. We have been talking about account abstraction ever since early 2016, see the original EIP-86: github.com/ethereum/EIPs/… Now, we finally have EIP-8141 ( eips.ethereum.org/EIPS/eip-8141 ), an omnibus that wraps up and solves every remaining problem that AA was intended to address (plus more). Let's talk again about what it does. The concept, "Frame Transactions", is about as simple as you can get while still being highly general purpose. A transaction is N calls, which can read each other's calldata, and which have the ability to authorize a sender and authorize a gas payer. At the protocol layer, *that's it*. Now, let's see how to use it. First, a "normal transaction from a normal account" (eg. a multisig, or an account with changeable keys, or with a quantum-resistant signature scheme). This would have two frames: * Validation (check the signature, and return using the ACCEPT opcode with flags set to signal approval of sender and of gas payment) * Execution You could have multiple execution frames, atomic operations (eg. approve then spend) become trivial now. If the account does not exist yet, then you prepend another frame, "Deployment", which calls a proxy to create the contract (EIP-7997 ethereum-magicians.org/t/eip-7997-det… is good for this, as it would also let the contract address reliably be consistent across chains). Now, suppose you want to pay gas in RAI. You use a paymaster contract, which is a special-purpose onchain DEX that provides the ETH in real time. The tx frames are: * Deployment [if needed] * Validation (ACCEPT approves sender only, not gas payment) * Paymaster validation (paymaster checks that the immediate next op sends enough RAI to the paymaster and that the final op exists) * Send RAI to the paymaster * Execution [can be multiple] * Paymaster refunds unused RAI, and converts to ETH Basically the same thing that is done in existing sponsored transactions mechanisms, but with no intermediaries required (!!!!). Intermediary minimization is a core principle of non-ugly cypherpunk ethereum: maximize what you can do even if all the world's infrastructure except the ethereum chain itself goes down. Now, privacy protocols. Two strategies here. First, we can have a paymaster contract, which checks for a valid ZK-SNARK and pays for gas if it sees one. Second, we could add 2D nonces (see docs.erc4337.io/core-standards… ), which allow an individual account to function as a privacy protocol, and receive txs in parallel from many users. Basically, the mechanism is extremely flexible, and solves for all the use cases. But is it safe? At the onchain level, yes, obviously so: a tx is only valid to include if it contains a validation frame that returns ACCEPT with the flag to pay gas. The more challenging question is at the mempool level. If a tx contains a first frame which calls into 10000 accounts and rejects if any of them have different values, this cannot be broadcasted safely. But all of the examples above can. There is a similar notion here to "standard transactions" in bitcoin, where the chain itself only enforces a very limited set of rules, but there are more rules at the mempool layer. There are specific rulesets (eg. "validation frame must come before execution frames, and cannot call out to outside contracts") that are known to be safe, but are limited. For paymasters, there has been deep thought about a staking mechanism to limit DoS attacks in a very general-purpose way. Realistically, when 8141 is rolled out, the mempool rules will be very conservative, and there will be a second optional more aggressive mempool. The former will expand over time. For privacy protocol users, this means that we can completely remove "public broadcasters" that are the source of massive UX pain in railgun/PP/TC, and replace them with a general-purpose public mempool. For quantum-resistant signatures, we also have to solve one more problem: efficiency. Here's are posts about the ideas we have for that: firefly.social/post/lens/1gfe… firefly.social/post/x/2027405… AA is also highly complementary with FOCIL: FOCIL ensures rapid inclusion guarantees for transactions, and AA ensures that all of the more complex operations people want to make actually can be made directly as first-class transactions. Another interesting topic is EOA compatibility in 8141. This is being discussed, in principle it is possible, so all accounts incl existing ones can be put into the same framework and gain the ability to do batch operations, transaction sponsorship, etc, all as first-class transactions that fully benefit from FOCIL. Finally, after over a decade of research and refinement of these techniques, this all looks possible to make happen within a year (Hegota fork). firefly.social/post/bsky/qmaj…

1/ Today I’m releasing an open-source book in collaboration with @FrankResearcher that I wish existed when I started in crypto. It’s split into 15 chapters covering everything that matters - from BTC to DeFi, MEV, Hyperliquid, quantum resistance, etc. github.com/lawmaster10/ho…

Now, the quantum resistance roadmap. Today, four things in Ethereum are quantum-vulnerable: * consensus-layer BLS signatures * data availability (KZG commitments+proofs) * EOA signatures (ECDSA) * Application-layer ZK proofs (KZG or groth16) We can tackle these step by step: ## Consensus-layer signatures Lean consensus includes fully replacing BLS signatures with hash-based signatures (some variant of Winternitz), and using STARKs to do aggregation. Before lean finality, we stand a good chance of getting the Lean available chain. This also involves hash-based signatures, but there are much fewer signatures (eg. 256-1024 per slot), so we do not need STARKs for aggregation. One important thing upstream of this is choosing the hash function. This may be "Ethereum's last hash function", so it's important to choose wisely. Conventional hashes are too slow, and the most aggressive forms of Poseidon have taken hits on their security analysis recently. Likely options are: * Poseidon2 plus extra rounds, potentially non-arithmetic layers (eg. Monolith) mixed in * Poseidon1 (the older version of Poseidon, not vulnerable to any of the recent attacks on Poseidon2, but 2x slower) * BLAKE3 or similar (take the most efficient conventional hash we know) ## Data availability Today, we rely pretty heavily on KZG for erasure coding. We could move to STARKs, but this has two problems: 1. If we want to do 2D DAS, then our current setup for this relies on the "linearity" property of KZG commitments; with STARKs we don't have that. However, our current thinking is that it should be sufficient given our scale targets to just max out 1D DAS (ie. PeerDAS). Ethereum is taking a more conservative posture, it's not trying to be a high-scale data layer for the world. 2. We need proofs that erasure coded blobs are correctly constructed. KZG does this "for free". STARKs can substitute, but a STARK is ... bigger than a blob. So you need recursive starks (though there's also alternative techniques, that have their own tradeoffs). This is okay, but the logistics of this get harder if you want to support distributed blob selection. Summary: it's manageable, but there's a lot of engineering work to do. ## EOA signatures Here, the answer is clear: we add native AA (see eips.ethereum.org/EIPS/eip-8141 ), so that we get first-class accounts that can use any signature algorithm. However, to make this work, we also need quantum-resistant signature algorithms to actually be viable. ECDSA signature verification costs 3000 gas. Quantum-resistant signatures are ... much much larger and heavier to verify. We know of quantum-resistant hash-based signatures that are in the ~200k gas range to verify. We also know of lattice-based quantum-resistant signatures. Today, these are extremely inefficient to verify. However, there is work on vectorized math precompiles, that let you perform operations (+, *, %, dot product, also NTT / butterfly permutations) that are at the core of lattice math, and also STARKs. This could greatly reduce the gas cost of lattice-based signatures to a similar range, and potentially go even lower. The long-term fix is protocol-layer recursive signature and proof aggregation, which could reduce these gas overheads to near-zero. ## Proofs Today, a ZK-SNARK costs ~300-500k gas. A quantum-resistant STARK is more like 10m gas. The latter is unacceptable for privacy protocols, L2s, and other users of proofs. The solution again is protocol-layer recursive signature and proof aggregation. So let's talk about what this is. In EIP-8141, transactions have the ability to include a "validation frame", during which signature verifications and similar operations are supposed to happen. Validation frames cannot access the outside world, they can only look at their calldata and return a value, and nothing else can look at their calldata. This is designed so that it's possible to replace any validation frame (and its calldata) with a STARK that verifies it (potentially a single STARK for all the validation frames in a block). This way, a block could "contain" a thousand validation frames, each of which contains either a 3 kB signature or even a 256 kB proof, but that 3-256 MB (and the computation needed to verify it) would never come onchain. Instead, it would all get replaced by a proof verifying that the computation is correct. Potentially, this proving does not even need to be done by the block builder. Instead, I envision that it happens at mempool layer: every 500ms, each node could pass along the new valid transactions that it has seen, along with a proof verifying that they are all valid (including having validation frames that match their stated effects). The overhead is static: only one proof per 500ms. Here's a post where I talk about this: ethresear.ch/t/recursive-st… firefly.social/post/farcaster…

A very important document. Let's walk through this one "goal" at a time. We'll start with fast slots and fast finality. I expect that we'll reduce slot time in an incremental fashion, eg. I like the "sqrt(2) at a time" formula (12 -> 8 -> 6 -> 4 -> 3 -> 2, though the last two steps are more speculative and depend on heavy research). It is possible to go faster or slower here; but the high level is that we'll view the slot time as a parameter that we adjust down when we're confident it's safe to, similar to the blob target. Fast slots are off in their own lane at the top of the roadmap, and do not really seem to connect to anything. This is because the rest of the roadmap is pretty independent of the slot time: we would need to do roughly the same things whether the slot time is 2 seconds or 32 seconds There are a few intersection areas though. One is p2p improvements. @raulvk has recently been working on an optimized p2p layer for Ethereum, which uses erasure coding to greatly improve on the bandwidth/latency tradeoff frontier. Roughly speaking: in today's design, each node receives a full block body from several peers, and is able to accept and rebroadcast it as soon as it receives the first one. If the "width" (number of peers sending you the block) is low, then one bad peer can greatly delay when you receive the block. If width is high, there is a lot of unneeded data overhead. With erasure coding, you can choose a k-of-n setup, eg: split each block into 8 pieces so that with any 4 of them you can reconstruct the full block. This gives you much of the redundancy benefits of high width, without the overhead. We have stats that show that this architecture can greatly reduce 95th percentile block propagation time, making shorter slots viable with no security tradeoffs (except increased protocol complexity, though here the performance-gain-to-lines-of-code ratio is quite favorable) Another intersection area is the more complex slot structure that comes with ePBS, FOCIL, and the fast confirmation rule. These have important benefits, but they decrease the safe latency maximum from slot/3 to slot/5. There's ongoing research to try to pipeline things better to minimize losses (also note: the slot time is lower-bounded not just by slot latency, but also by the fixed-cost part of ZK prover latency), but there are some tradeoffs here. One way we are exploring to compensate for this is to change to an architecture where only ~256-1024 randomly selected attesters sign on each slot. For a fork choice (non-finalizing) function, this is totally sufficient. The smaller number of signatures lets us remove the aggregation phase, shortening the slots. Fast finality is more complex (the ultimate protocol is IMO simpler than status quo Gasper, but the change path is complex). Today, finality takes 16 minutes (12s slots * 32 slot epochs * 2.5 epochs) on average. The goal is to decouple slots and finality, so allow us to reason about both separately, and we are aiming to use a one-round-finality BFT algorithm (a Minimmit variant) to finalize. So endgame finality time might be eg. 6-16 sec. Because this is a very invasive set of changes, the plan is to bundle the largest step in each change with a switch of the cryptography, notably to post-quantum hash-based signatures, and to a maximally STARK-friendly hash (there are three possible responses to the recent Poseidon2 attacks: (i) increase round count or introduce other countermeasures such as a Monolith layer, (ii) go back to Poseidon1, which is even more lindy than Poseidon2 and has not seen flaws, (iii) use BLAKE3 or other maximally-cheap "conventional" hash. All are being researched). Additionally, there is a plan to introduce many of these changes piece-by-piece, eg. "1-epoch finality" means we adjust the current consensus to change from FFG-style finalization to Minimmit-style finalization. One possible finality time trajectory is: 16 min (today) -> 10m40s (8s slots) -> 6m24s (one-epoch finality) -> 1m12s (8-slot epochs, 6s slots) -> 48s (4s slots) -> 16s (minimmit) -> 8s (minimmit with more aggressive parameters) One interesting consequence of the incremental approach is that there is a pathway to making the slots quantum-resistant much sooner than making the finality quantum-resistant, so we may well quite quickly get to a regime where, if quantum computers suddenly appear, we lose the finality guarantee, but the chain keeps chugging along. Summary: expect to see progressive decreases of both slot time and finality time, and expect to see these changes to be intertwined with a "ship of Theseus" style component-by-component replacement of Ethereum's slot structure and consensus with a cleaner, simpler, quantum-resistant, prover-friendly, end-to-end formally-verified alternative.