-
OP Kona rollup node release.
-
ChainLink introduces State Pricing.
-
Lido discloses a CSM vulnerability.
-
Privacy Pools supports wstETH.
OP Labs released Kona Node, a Rust-based rollup node implementation for the OP Stack. It handles L2 derivation, execution integration, networking, and syncing. Based on Rust, it offers memory safety and a minimal resource footprint. Its modular design makes it suitable as both a library and a standalone node application. Kona Node supports multiple fault-proof backends, including FPVM, SP1, and Risc0, and includes built-in fault-proof capabilities for enhanced security. Kona serves as a spec-compliant, efficient, and customizable alternative to the original Go-based op-node. Kona Node adds to the client diversity on the OP Stack.
Chainlink introduced State Pricing, a new onchain pricing method designed for long-tail crypto assets and tokenized real-world assets (RWAs) that primarily trade on DEXs. State Pricing improves price accuracy, market resilience, and liquidity analysis for assets that have deep onchain liquidity but limited trading volume. State Pricing derives asset prices from token reserves in high-liquidity DEX pools, enabling real-time, continuous pricing without requiring trades. The system uses data aggregation, anomaly filtering, and end-of-block updates to protect against flash loan attacks and MEV. Pricing is always available, reflects real onchain liquidity, and is ideal for infrequently traded assets.
Lido Finance disclosed and patched a vulnerability in its Community Staking Module (CSM) affecting validator withdrawal verification. On June 26, 2025, a whitehat researcher reported the issue via Lido’s Immunefi bug bounty. The bug stemmed from the Historical Withdrawal Proof method in the CSVerifier contract, which lacked proper validation for user-supplied historical block roots. Following the Pectra upgrade, which introduced EIP-7685, attackers could exploited the bug to inject false data, potentially forging fake withdrawals for validators with balances under 32 ETH. However, the vulnerability was never exploited. Lido mitigated the risk by rotating to a new CSVerifier contract that removed the vulnerable method. A permanent fix is scheduled with the launch of CSM v2 in September 2025.
Privacy Pools, an onchain privacy protocol, now supports wstETH and WBTC deposits as part of its multi-asset expansion strategy. Users can now deposit a minimum of 0.1 wstETH or 0.002 WBTC to privatize their holdings. Privacy Pools enables users to their withdraw funds to an unlinked address, provided they pass a compliance check. The protocol also supports EIP-7702 for batching approve and deposit transactions for ERC-20s.
Disclaimer: Content is for informational purposes only, not endorsement or investment advice. The accuracy of information is not guaranteed.
