Enterprise adoption of smart contracts on public blockchains is blocked by a privacy problem: all transactions are visible by default. Zero-knowledge (ZK) cryptography solves this but requires PhD-level math expertise most engineering teams lack. EY has released the Blockchain Privacy Sandbox, a web-based tool built on its open-source Starlight ZK compiler, that lets developers take an existing Solidity contract, annotate private fields, and generate a privacy-preserving version with API endpoints in under an hour — no ZK expertise required. The sandbox is positioned as a POC validation tool, not a production environment. EY's Nightfall ZK rollup handles private token transfers on Ethereum but still has throughput limitations (6–20 minute block times). Tokenization is the most mature use case today; supply chain and financial workflows are further out. The ZK proof market is projected to grow from $1.3B in 2024 to $7.6B by 2033.
Nguồn: https://devops.com/enterprise-smart-contracts-have-a-cryptography-problem-ey-just-built-a-way-around-it. 8sync News chỉ tóm tắt và dẫn link; bản quyền nội dung thuộc tác giả và nguồn gốc.
Brave công bố lộ trình BAT 4.0 với những cải tiến quan trọng như hỗ trợ x402 và Machine Payments Protocol (MPP) cho thanh toán tự động, ví Brave Wallet mới tích hợp đa phương thức, giao thức BravePay cho giao dịch ổn định, thẻ Brave Rewards (ảo và vật lý) tích điểm BAT, cùng giao thức đóng góp cho nhà sáng tạo khi AI sử dụng nội dung. Doanh thu từ các tính năng này sẽ tài trợ mua lại BAT để duy trì phần thưởng cho người dùng và nhà sáng tạo.
Lập trình viên nên đọc bài này để khám phá cách Brave Wallet và BravePay không chỉ mở rộng khả năng tích hợp giao dịch số, mà còn cung cấp SDK mở rộng cho các ứng dụng web3, từ thanh toán tự động cho AI đến tích hợp với hệ sinh thái Creator Contribution Protocol.
Eli Ben-Sasson, co-inventor of STARK proofs and CEO of StarkWare, argues that prediction markets like Polymarket face a real quantum computing threat. Because these platforms rely on conventional elliptic-curve cryptography (Polygon PoS), a sufficiently powerful quantum computer could derive private keys from exposed public keys, allowing attackers to forge signatures, steal positions, and manipulate markets without any traditional hack. He explains that hash-based proof systems like STARKs are inherently quantum-resistant and already deployed at scale on Starknet, proving the engineering path exists. He credits Ethereum for prioritizing quantum safety on its roadmap but criticizes the timeline as too slow, and calls out Bitcoin for lacking a protocol-wide migration plan. The core message: the industry must begin post-quantum migration now, before quantum computers make the threat obvious.
Smart contracts are blind — they rely entirely on external price oracles to make financial decisions. This creates a critical attack vector: oracle manipulation. By combining flash loans with spot-price oracle reads, an attacker can borrow millions, artificially inflate a token's price in an AMM pool within a single atomic transaction, drain a lending protocol's treasury using the fake price as collateral, then repay the flash loan — all without breaking any rules. The contract robs itself. TWAP oracles slow this attack but don't eliminate it on low-liquidity tokens. Real defenses require decentralized oracle networks aggregating many sources, circuit breakers that halt on abnormal price deviations, and cross-checking two independent oracles so an attacker must corrupt multiple data sources simultaneously.
A comparison of five Ethereum payment gateways for businesses in 2026: NOWPayments, Coinbase, CoinGate, BitPay, and Coinremitter. Each is evaluated on ETH and ERC-20 stablecoin support, fee structures, settlement speed, and business-focused features like mass payouts and e-commerce integrations. NOWPayments is ranked first for high-volume merchants needing a full-stack crypto operations platform, while Coinbase suits simple non-custodial setups, CoinGate targets EU merchants needing MiCA compliance, BitPay serves enterprise fiat settlement needs, and Coinremitter appeals to small businesses seeking low fees.
When an AI agent can submit state-changing blockchain transactions without per-action human approval, the critical question shifts from capability to authority. The post argues that DAO governance provides the right framework for defining, enforcing, and revoking agent permissions when multiple parties share economic risk. It outlines a minimal authorization layer composed of four elements: explicit machine-readable permission scopes ratified by governance, hard contract-enforced limits that reject out-of-scope actions, fast-path multisig revocation bypassing governance timelocks, and a public on-chain authorization record with action logs. Real-world asset (RWA) tokenization exposes the boundary clearly — a DAO can govern on-chain exposure but cannot control off-chain issuer redemption. Existing standards (ERC-4337, EIP-7702, ERC-7579, ERC-8004) provide infrastructure pieces but no complete mandate. Major protocols like Aave, Arbitrum, and Uniswap have governance machinery that could be extended, but none currently publish a complete agent authorization process. The authorization record can prove what was permitted and logged, but cannot validate oracle integrity, custodian reserves, or legal compliance.
Web3 is examined as a potential next evolution of the internet, built on blockchain technology that promises user ownership of digital assets and data without reliance on centralized platforms. The piece traces the progression from Web1 (read-only) through Web2 (read/write, platform-dominated) to Web3's 'read, write, own' model. Potential applications include decentralized identity, cross-border payments, tokenized assets, DeFi, and creator economies. Skeptics point to poor usability, regulatory uncertainty, scalability issues, and the reality that many 'Web3' services remain centralized in practice. The author concludes that Web3 is neither proven fact nor empty hype, but a live experiment that may result in a hybrid model combining centralized convenience with decentralized ownership.
A bug in the Solidity compiler (versions 0.8.29–0.8.35) causes the C3-linearized list of base contracts to be permanently reversed in memory when Warning 3495 (storage layout too close to end of storage) is emitted. The root cause is use of ranges::actions::reverse instead of ranges::views::reverse from the ranges-v3 library, which mutates the underlying container in place. This reversal corrupts inheritance-dependent behavior including constructor invocation order, state-variable initialization, super and virtual function resolution, and can cause silent miscompilations or internal compiler errors. The bug only affects contracts using a custom storage layout placed within the last 2^64 slots of storage AND using inheritance. A Sourcify scan found no deployed contracts meeting these conditions. The fix is available in Solidity 0.8.36, which replaces the mutating call with a non-mutating view.
Máy tính lượng tử sắp ra đời có thể phá vỡ bảo mật của blockchain, đặc biệt là Bitcoin, khi chúng tấn công được elliptic-curve cryptography. Hiện chưa blockchain top-20 nào triển khai post-quantum cryptography, nhưng Ethereum và Algorand đang nỗ lực chuẩn bị.
Lập trình viên nên đọc bài này để hiểu cách bảo vệ hệ thống blockchain của mình trước nguy cơ mất an toàn do máy tính lượng tử, đặc biệt khi biết rằng nhiều dự án vẫn chưa chuẩn bị sẵn sàng và thời gian đến của công nghệ này gần hơn nhiều so với dự đoán trước.