Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
github.com/blockstack/stacks
Stacks is a Bitcoin layer for smart contracts; it enables smart contracts and decentralized applications to trustlessly use Bitcoin as an asset and settle transactions on the Bitcoin blockchain.
➡️ Read the Stacks whitepaper html pdf
➡️ Read the sBTC whitepaper html pdf
>> See the Stacks overview slides (slightly outdated).
The initial version of Stacks, launched in early 2021, introduced Bitcoin settlement of transactions, the Clarity language for safe contracts that can respond to Bitcoin transactions, and atomic swaps of assets with BTC. The next major proposed upgrade of Stacks, the Nakamoto release (see SIP-021), adds important capabilities that will enhance the power of Stacks as a Bitcoin layer: (a) a trustless, two-way Bitcoin peg to move BTC in/out of the layer and write to Bitcoin, (b) transactions secured by Bitcoin finality, and (c) fast transactions in between Bitcoin blocks. The resulting Stacks layer makes Bitcoin a fully programmable asset in a trustless manner. This can make hundreds of billions of dollars of passive Bitcoin capital productive, and make Bitcoin the backbone of a more secure web3.
The Stacks layer for smart contracts has the following innovations that make it unique:
S – Secured by the entire hash power of Bitcoin (Bitcoin finality).
T – Trustless Bitcoin peg mechanism; write to Bitcoin.
A – Atomic BTC swaps and assets owned by BTC addresses.
C – Clarity language for safe, decidable contracts.
K – Knowledge of full Bitcoin state; read from Bitcoin.
S – Scalable, fast transactions that settle on Bitcoin.
Why Bitcoin? Bitcoin is the most durable and secure blockchain. Bitcoin is minimal by design and is meant to not change. Stacks layer brings more functionality to Bitcoin without modifying Bitcoin L1. Thousands of transactions at the Stacks layer result in a settlement at the Bitcoin L1, and Stacks microblocks offer fast confirmations of streaming transactions. Bitcoin is used as a settlement layer and fast transactions in-between two Bitcoin blocks are proposed for the Nakamoto release (SIP-21). Further, scalability is enabled as subnets, amongst other scalability solutions (like appchains).
Bitcoin's Stacks layer makes BTC productive in two ways:
You can see some applications built using Stacks here.
Stacks asset (STX) is used for mining incentives (block subsidy for miners) of the Stacks layer and for incentives for sBTC peg-out signing. These miners secure the global ledger of the Stacks layer. This data cannot be stored at the Bitcoin main chain and needs to be stored outside Bitcoin. STX is also used as gas for smart contract execution. STX is a unique crypto asset that can be locked by STX holders to earn Bitcoin rewards from the protocol. More details on earning Bitcoin rewards are at stacking.club.
STX was distributed to the general public through the first-ever SEC qualified token offering in US history. The project decentralized before the mainnet launch in Jan 2021. There are 30+ independent companies that work in the ecosystem.
Clarity is a new language for smart contracts that focuses on safety. Clarity is a decidable language, meaning you can know, with certainty, from the code itself what the program will do. Clarity is interpreted (not compiled) and the source code is published on the blockchain (see this deployed code for the PoX contract).
For details, see the Clarity book and Clarity website.
PoX consensus is a new algorithm that spans consensus between the Bitcoin blockchain and the Stacks layer. Unlike burning electricity in proof-of-work, miners bid by spending BTC and get a random probability for becoming a leader. Leader election happens on Bitcoin and new blocks are written on the Stacks layer. Miners use BTC to mine newly minted STX. PoX recyles proof-of-work energy to provide Nakamoto-style consensus for the Stacks layer.
See this post on PoX for more details.
Some resources for further details:
Check out the latest docs for the easiest way to get started!
If you're just starting with Stacks, here are the main software repositories you should checkout:
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.