惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
CXSECURITY Database RSS Feed - CXSecurity.com
P
Proofpoint News Feed
Attack and Defense Labs
Attack and Defense Labs
Security Archives - TechRepublic
Security Archives - TechRepublic
Engineering at Meta
Engineering at Meta
WordPress大学
WordPress大学
H
Hackread – Cybersecurity News, Data Breaches, AI and More
MyScale Blog
MyScale Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
F
Full Disclosure
云风的 BLOG
云风的 BLOG
爱范儿
爱范儿
V2EX - 技术
V2EX - 技术
B
Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
M
MIT News - Artificial intelligence
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
W
WeLiveSecurity
Stack Overflow Blog
Stack Overflow Blog
TaoSecurity Blog
TaoSecurity Blog
T
Threatpost
小众软件
小众软件
T
The Blog of Author Tim Ferriss
Google Online Security Blog
Google Online Security Blog
MongoDB | Blog
MongoDB | Blog
T
Tenable Blog
P
Privacy International News Feed
S
Security @ Cisco Blogs
H
Heimdal Security Blog
大猫的无限游戏
大猫的无限游戏
B
Blog RSS Feed
H
Help Net Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
Cisco Blogs
酷 壳 – CoolShell
酷 壳 – CoolShell
P
Proofpoint News Feed
D
Darknet – Hacking Tools, Hacker News & Cyber Security
有赞技术团队
有赞技术团队
Application and Cybersecurity Blog
Application and Cybersecurity Blog
O
OpenAI News
Security Latest
Security Latest
S
Securelist
Cyberwarzone
Cyberwarzone
D
Docker
S
Schneier on Security
V
Vulnerabilities – Threatpost
The GitHub Blog
The GitHub Blog
P
Privacy & Cybersecurity Law Blog
T
Tailwind CSS Blog
Apple Machine Learning Research
Apple Machine Learning Research

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Wallet-Led Privacy Paymasters, GasLiteAA, Privacy Path for Frame Transactions, ETHGas & etherfi $3B Blockspace Deal
Alexandra · 2026-04-23 · via DEV Community

Welcome to our weekly digest, where we unpack the latest in account and chain abstraction, and the broader infrastructure shaping Ethereum.

This week: Wallet-led privacy paymasters, TEE-based gas sponsorship reduces ERC-4337 overhead, frame transactions evolve with stronger security and privacy paths, and a $3B Blockspace deal signals institutional demand for execution markets.

Please fasten your belts!

Draft ERC Proposes a Wallet-Led Privacy Paymaster Capability for Gas Payments

A new draft ERC on Ethereum Magicians proposes privacyPaymaster, a wallet capability that would let applications request privacy-preserving gas payment while keeping all funding logic under user and wallet control.

The proposal is built around EIP-5792 capabilities. Instead of letting a dapp choose an external paymaster service, the wallet would handle provider selection, gas estimation, authorization, and transaction assembly internally. The dapp would only signal intent through a capability request, while the wallet decides whether and how to use a configured privacy paymaster.

The draft argues that gas payment still acts as an identity leak even when users protect the value-transfer side of a transaction. Existing models such as paymasterService depend on application-selected external services, which can introduce metadata leakage, correlation risks, censorship, and liveness dependencies. In contrast, this design makes the wallet the sole authority over privacy-preserving gas funding.

The capability supports two modes. If optional is set to false, the wallet must use a privacy paymaster or reject the request. It cannot silently fall back to normal gas payment. If optional is true, the wallet should use a privacy paymaster when available, but may proceed with standard gas payment if the capability cannot be satisfied. An empty capability object is explicitly invalid and must be rejected.

The draft is execution-model agnostic. It describes how the same wallet-level behavior could map to ERC-4337, EIP-7702, or a future EIP-8141 flow, while keeping provider details, balances, and internal user state hidden from applications.

Draft ERC Proposes a Wallet-Led Privacy Paymaster Capability for Gas Payments

GasLiteAA Proposes TEE-Based Gas Sponsorship to Cut ERC-4337 Overhead

GasLiteAA presents a new approach to ERC-4337 paymaster validation by moving complex gas sponsorship logic off-chain into Trusted Execution Environments (TEE), while still anchoring correctness on Ethereum through lightweight cryptographic attestations. The paper argues that current ERC-4337 paymasters become expensive as validation logic grows, and positions GasLiteAA as a way to preserve compatibility with Ethereum L1 without adding a separate execution layer.

The design combines several components: deterministic routing so each userOp is assigned to a specific bundler, a Merkle-tree commitment for user state, a Bundler Manager with staking and slashing, and an on-chain verifier that checks TEE-generated proofs before state updates are finalized. A key part of the architecture is atomicity: if on-chain execution fails, the proposed off-chain state transition is invalidated, avoiding state drift between the off-chain paymaster logic and Ethereum mainnet. The workflow diagram on page 5 shows this split clearly, with the TEE handling state computation off-chain and the EntryPoint, Paymaster, and State Manager finalizing execution on-chain.

In testing, the authors report meaningful efficiency gains. At 1,000 userOps under the most complex rule set, GasLiteAA reduced total gas from 158.48M in the on-chain baseline to 82.15M, while keeping latency near 0.1 seconds. The paper also benchmarks a ZK alternative and finds that proof generation can exceed 937 seconds and 26 GB of memory, making the TEE route materially more practical for real-time, high-frequency account abstraction use cases.

EIP-8141 Update Simplifies Frame Transactions and Tightens Security

Pedro Gomes, Founder & Director at WalletConnect, highlighted a major update to EIP-8141, describing it as the proposal’s biggest revision so far, with changes aimed at simplifying the spec, tightening security, and making implementation details more explicit.

One of the main updates is a cleaner separation between mode and flags. Instead of packing execution mode, approval scope, and batching into one field, the proposal now keeps mode limited to execution type while a separate flags field handles scope and batching. The update also introduces a new FRAMEPARAM opcode (0xb3), separating frame-level queries from transaction-level queries and making the model easier to reason about. In parallel, MAX_FRAMES was cut from 1,000 to 64, paired with a new per-frame gas cost, reflecting a more conservative approach to journal depth and receipt overhead.

The revision also makes several protocol interactions more precise. EIP-7702 behavior is now explicitly defined, so frame transactions do not modify delegation indicators and delegated accounts follow delegated-code semantics instead of the default path. EIP-7997 is now a formal dependency as deploy frames are tied to the deterministic factory predeploy. Approval scopes have also been converted into named constants, improving readability across the proposal.

Security hardening is another major part of the update. The changes include high-s signature rejection for secp256k1, a domain separator for P256 addresses, and new sections covering deploy-frame frontrunning, sender state-read amplification DoS, and cross-frame data visibility during validation. The canonical paymaster is also now clearly limited to secp256k1 signers only, excluding ERC-1271 and contract-signature support for now.

For developers who want to see how the proposal could look in practice, a set of frame transaction examples has also been published in a dedicated examples repo, covering end-to-end usage patterns and helping make the updated design more concrete. In addition, developers can find further information at https://eip8141.io as well as a fully interactive EIP-8141 prototype here: https://alexanderchopan.github.io/grantr/prototype/grantr-prototype.html.

EIP-8141 Update Simplifies Frame Transactions and Tightens Security

Ethereum Research Maps a Privacy Path for Frame Transactions

Ethereum Research contributor Nero_eth argues that frame transactions could eliminate relayers for privacy withdrawals, but only if Ethereum’s mempool, FOCIL enforcement, and node validation rules are adjusted to support them. The post treats EIP-8141 as a given and focuses on how privacy-preserving transactions could pass through the network without depending on centralized sponsors or extra censorship surfaces.

The core idea is that a privacy withdrawal could validate itself inside a VERIFY frame, while the withdrawal flow itself covers execution costs. In that design, invalid proofs or replayed proofs would fail before payment approval, meaning no gas is charged and no external relayer is needed. The write-up uses Tornado Cash and Railgun-style withdrawals as the motivating example and argues this would let privacy protocols internalize gas payment instead of relying on off-chain relayer infrastructure.

The post then argues that privacy transactions currently fail three separate gates under default assumptions: public mempool admission, FOCIL eligibility, and node capability. The main blockers are the current VERIFY gas cap, FOCIL’s bounded validation budgets, and the fact that lighter node models such as VOPS and AA-VOPS do not track privacy-pool storage like roots and nullifiers. Under those defaults, privacy withdrawals are excluded from every standard path to censorship resistance.

To address that, the article proposes a canonical privacy pool model, recognized by code hash, plus higher VERIFY gas allowances for canonical contracts, a shift toward the validation-index FOCIL approach, and looser state-access rules for canonical privacy pools.

ETHGas and etherfi Announce $3B Blockspace Market Deal

ETHGas and ether.fi have announced a three-year commercial agreement that will commit $3 billion in ETH to ETHGas’ High Performance Staking service, with the stated goal of building more institutional-grade markets for Ethereum blockspace. The announcement frames the deal as infrastructure for forward pricing and execution guarantees, arguing that Ethereum still relies mostly on real-time blockspace auctions without tools for pre-purchase or predictable execution.

According to the release, ether.fi will allocate roughly 40% of its current ETH holdings to ETHGas’ HPS service and will use ETHGas’ preconfirmation platform exclusively during the term, subject to performance thresholds. ETHGas says this validator depth is needed to support a forward market where validators can pre-sell future block inclusion rights and buyers such as rollups, traders, solvers, and applications can secure execution in advance.

The companies position the deal around a broader institutional thesis. ETHGas argues that as more settlement activity moves on-chain, Ethereum needs instruments that look closer to commodity-style forward markets, with clearer pricing and risk management around its core resource: blockspace. ether.fi, for its part, presents the partnership as a way to expand yield opportunities for staked ETH while improving execution certainty for users.


Start exploring Account Abstraction with Etherspot!

  • Learn more about account abstraction here.
  • Head to our docs and read all about Etherspot Modular SDK.
  • Skandha — developer-friendly Typescript ERC4337 Bundler.
  • Arka — an open-source Paymaster Service for gasless & sponsored transactions.
  • Explore our TransactionKit, a React library for fast & simple Web3 development.
  • Follow us on X (Twitter) and join our Discord.

❓Is your dApp ready for Account Abstraction? Check it out here: https://eip1271.io/

Follow us

Etherspot Website | X | Discord | Telegram | Github | Developer Portal