Recently, USDG came up as one of the topmost stablecoins in the Solana ecosystem, and it is equally gaining gradual adoption in the EVM. If you are a developer or security researcher, there are quite a lot of exciting things you will want to know about USDG. For instance, even though it’s an abstraction of legacy ERC20, it has a couple of modifications, it’s denylisting bit calculation is also one for the books. Do you want to build a similar product and wants to understand the nitty-gritty? Or you want to find criticals in the codebase and are looking for technical chops to start? Keep reading. The project has 3 components: Let’s take it one after the other. Diving into the ERC20Upgradeable_V2 The ERC20Upgradeable_V2 is a succession of the initial ERC20Upgradeable contract with a zero-day vulnerability; we will cover the details of this implementation flaw later on. By the way, we will only cover the functions that are necessary and jump over the overly straightforward ones. Imports and State Variables The contract uses some upgradeability imports from OpenZeppelin such as: You will get to know how these libraries are utilized in the contract, as in their specific purposes, as we move on. Of course, the created usual ERC20 mappings [like balances and allowances] and variables like _totalSupply, _name, and _symbol all of which are made private as anyone would expect. But this is where you need to pay attention: how the BALANCE_DENY_FLAG_SET_MASK and MAX_ALLOWED_SUPPLY are created. Put on your thinking caps. Explaining the BALANCE_DENY_FLAG_SET_MASK Design and Implementation For you to fully understand what’s going on here, I have to refresh your mind on some basics of Computer Science, particularly bits. Bits are the smallest unit of data processing and storage. Bit are always been 0 and 1. On the other hand, a byte is a bunch of 8 bits. In line with that, a storage slot in the EVM stores 256 bits, which is an equivalent of 32 bytes. Hold that on one hand, we digressed, now, let’s go back to the denylisting variable. Hope you understand it to this point. Moving forward, you definitely know that data fill storage slots linearly. However, in cases where we need to manipulate slots and have more control, we can use masks – this should ring a bell if you remember bitwise operations well. This is what the developers of USDG did here: In plain language, denylisted objects will be pushed to the last bit of the binary for easier identification. By the way, have you wondered why we shift to 255 instead of 256? The reason is simple: 0 is an actual value in binary, so our bit started from 0. If you count 0 to 255, we have 256 numbers. Hope you get it. Well, I’ll now explain the entire design with a story: Imagine you are in a barrack with 255 rooms, with a guardroom at the 255th room. So anytime a soldier messes up, they switch their room from say R6 to R255 where they will be locked there for a long time. Why this design decision? Left for me, I would have simply created a boolean variable where I can simply denylist by saying denylisted = true or something similar. This is quite what any dev would have done, it’s the easiest and most straightforward technique you can think of. However, the USDG smart contract architect noticed a huge problem circle was facing – denylisting with other methods are quite costly, unnecessarily so. According to Alex Kroeger’s research, the blacklist functionality of USDC eventually cost approximately $4 million in 2022. This was absurd and equally unsustainable. Hence, from the onset, USDG took a different approach with regards to implementing denylisting. In short, the reason they used bitmask was to make the contract more efficient. Explaining the MAX_ALLOWED_SUPPLY Design and Implementation The same bitmask technique used above was used here, albeit with slight modifications. Here is a breakdown of what the devs did here: You might want to ask, “why not shift the bit to 254, so there will be no need to reduce it by 1 slot?” That’s really a brilliant observation. Just that Bitwise operations don’t work that way, especially in line with the intended design. If we quickly pull it up to 255, that will be the arbitrary highest bit in the slot, and that will backstab our intended design of keeping denylisted objects at 255. ERC20 Initializations This is an upgradeable contract, meaning we can initialize it without or with constructors. Thus, the name and symbol variables above were initialized. In each cases, they both have the onlyInitializing modifier which will prevent reset from blackhats. You might wonder, what’s the different between these two initialization techniques. The full gist is on OpenZeppelin docs, but I’ll do a quick abstraction. The latter can be overridden in child contracts, while the former is specifically for this contract itself. Native OZ ERC20 Functions For proper customization, some functions must be modified in the contract. This includes name and symbol. Let’s zoom in a bit on how the balanceOf was implemented: return _balances[account] & ~BALANCE_DENY_FLAG_SET_MASK; The instruction in this function is the balances of accounts along with their status of denylisting, whether they are or not, should be returned. This line is quite a marriage of bits, let’s take some time to break it down: The transfer, allowance, transferFrom and approve functions work normally in accordance with usual ERC20 implementation of OZ. Allowance Incrementation and Decrementation One of the banes of approvals is that things can go south and you wouldn’t be able to decrease or increase your approved tokens as you wish. More particularly, if you give a maximum allowance or you were compromised, you cannot reduce your allowance. In the increaseAllowance function, the first control implemented is that only the sender can give it. Secondly, the logic adds new value to the existing given allowance. Moving to the decreaseAllowance function, it checks, first of all, that

Over 101 web3 startups have raised nearly $1 billion in funding in the span of a year, yet many of them struggle to effectively communicate their value and retain users beyond the initial hype. That’s where Web3 marketing agencies step in. But is a marketing partnership the right step for your company or protocol? This is important because you need to assess your business stage and whether or not you want to outsource your marketing. After concluding that you need to build and scale your Web3 marketing with an agency, how do you choose the right one? In this guide, we’ll show you how to assess your needs, identify risks, and measure potential rewards to make an informed decision. What is a Web3 Marketing Agency? A Web3 marketing agency specializes in promoting blockchain-based companies, crypto projects, and NFTs. They leverage innovative marketing strategies to help clients effectively communicate their value proposition to users, developers, and crypto communities. Web3 marketing agencies provide a variety of services, including: Understanding Your Brand’s Web3 Marketing Needs Before deciding on a partnership, clearly define your brand’s specific Web3 objectives. Are you launching an NFT collection, a DeFi project, or a blockchain-focused service?  Perhaps you aim to build community trust, attract developer adoption, or position your brand as a thought leader in the Web3 space. Clearly defined objectives help simplify communication and set realistic expectations, as without clear objectives, brands risk confusion, wasted resources, and missed opportunities. Assessing In-House Capabilities vs. Agency Expertise Before partnering with an external agency, carefully evaluate whether your internal team possesses the necessary skills and resources to manage a successful Web3 marketing campaign.  Consider expertise in areas like: Technical Blockchain Integration Your marketing team needs to understand how blockchain technology works to communicate its value effectively. This includes grasping concepts like consensus mechanisms, tokenomics, smart contract functionality, and blockchain interoperability features. For instance, if you’re launching a layer-2 scaling solution, your marketing team should be able to explain how it reduces gas fees and improves transaction speeds in terms that both developers and end-users can understand.  Creating Clear, Educational Web3-Focused Content Curating Web3 content is harder than Web2 because you’re selling an ecosystem, not a product. This means creating tutorials, documentation, explainer videos, and guides that not only help users navigate your platform but also educate them about Web3 and the blockchain as a whole. Additionally, Web3 content must account for the fast-paced changes and frequent updates to most protocols. This requires writers who can quickly adapt and maintain accuracy across multiple platforms. Effective Community Management Building and maintaining an active, engaged Web3 community involves continuous interactions across platforms like Twitter, LinkedIn, and Discord. You not only need to maintain regular communication but also consistently produce and schedule content that resonates deeply with your community. An internal team lacking experience in managing these communities might overlook essential community feedback or fail to effectively convey your project message, risking the community’s trust and your project’s reputation. If your team consistently struggles in any of these areas or you consistently experience delays, it likely signals the need for external support. A Web3 marketing agency can quickly bridge these gaps by crafting precise messaging that resonates with your target audience, thereby effectively communicating your project’s value and building credibility for your brand. The Risks: What to Watch Out For As more companies look to get ahead by hiring Web3 agencies, careful founders should weigh a few key factors before committing to a partnership. Here are the most important ones: Technical Complexity Web3 marketing involves technical concepts like smart contracts and wallet integrations, which can be overwhelming if not handled properly, as they require skilled developers. For example, explaining how your DeFi wallet custody solution works or how users can interact with your API requires some level of technical understanding.  If your marketing team lacks this expertise, they might oversimplify complex features, leading to confusion or, even worse, misrepresenting your product’s capabilities. This technical gap can result in campaigns that fail to resonate with your target audience or inadvertently mislead potential users about your product’s functionality. Cost Web3 marketing can be expensive. Typically, you can expect to pay a Web3 marketing agency between $1,000 and $15,000 per month, depending on your brand’s requirements. Factors influencing these costs include campaign complexity, the level of technical expertise required, and other content creation costs.  ​​Let’s say you’re running a campaign and you need to create educational content about your project or develop technical documentation. This requires experienced writers who command premium rates, and many startups tend to underestimate these cumulative costs, but they can quickly add up in the long run. Niche Expertise Effective Web3 marketing requires specialized knowledge, which calls for experienced consultants whose expertise comes at a premium. Traditional marketing tactics rarely prove effective with Web3 communities. ​​An agency without proper Web3 experience might apply traditional marketing playbooks that fall flat in crypto communities, thereby wasting both time and resources while potentially damaging your brand’s reputation. Regulatory Uncertainty The crypto and blockchain sectors still operate within regulatory gray areas. Poorly managed campaigns could inadvertently breach regulatory guidelines, leading to lawsuits, fines, or reputational damage. For instance, in cases where promotional content unintentionally promises financial returns, projects might face investigations by regulatory bodies like the SEC or other financial authorities. Analytics & Tracking Measuring success in Web3 marketing can be difficult due to blockchain anonymity and the limitations of traditional analytics tools. Setting clear goals proves all the more important in web3 marketing. Traditional metrics like Google Analytics, email open rates or website conversions don’t capture the full picture of Web3 user engagement. Furthermore, activities such as wallet-based user interactions or smart contract interactions require specialized blockchain analytics tools that are often expensive and technically complex. Without proper measurement capabilities, you may struggle to optimize campaigns or demonstrate ROI to stakeholders. Assessing Your Needs: Do You Need a Web3 Marketing Partner? Not every business needs a Web3 marketing partner. Here are a few questions to ask

If you are set to found a protocol in this industry, you must have had to ask yourself this question during your research face, “How come many protocols similar to what I want to build are no longer around today?”

This is a valid question and introspection; it shows you want to build something that lasts, which is commendable.

There has been a paradigm shift in the history of technology. Web3, a new evolution of the web, is challenging the old pattern of one entity ruling everywhere and everyone. The industry has witnessed exponential growth over the last couple of years. We have seen many Web3 companies like Aave, Consensys, and Chainlink making the numbers. This has also inspired many other people to provide solutions to other problems of humanity with Web3. After weeks—or even months—of building from the engineering standpoint, new or early-stage Web3 companies often have problems with visibility, sales, and conversion. This posits a technical marketing problem, and some Web3 companies underperform due to this reason. This is the truth: Web3 has a lot of innovative solutions, but the target audience can find it overwhelming or unnecessary when they do not understand the technological underpinnings. From another angle, many brilliant technical Web3 companies do not often have enough PR for their target audience to even know they exist. Nonetheless, Web3 currently has over 50 unicorns. That means these top companies have hacked how to break Web3 solutions to their audience in a way that they find interesting. If you plan to build an incredible company in Web3, this is a must-read! What is Web3 technical content marketing? Web3 technical content marketing refers to the overall strategy that Web3 companies can use to communicate with their users, make them understand the importance of their products, and make them recurring customers or users. As against popular belief, Web3 technical content marketing is beyond technical tutorials and guides. It also involves leveraging podcasts, videos, newsletters, documentation, social media,  courses, and reports. In practice, Web3 technical content marketing is similar to pure content marketing as we know it. But there is a big difference: Web3 technical content marketing targets one or more of these people: Those who are; In essence, the peculiarities of the industry and her audience is what shape Web3 technical content marketing. Web3 companies engage—or should engage—in technical content marketing for three major reasons: To; By the way, “companies” in this piece is a blanket term for protocols, projects, and startups. That said, another major subtle difference exists between the general form of content marketing and Web3 technical content marketing. Peep into the next subheading. Technical Marketing in Web3 is Subtle, Not Blatant The general idea of marketing is, “Hey folks, we are the best thing after sliced bread. Come swipe your card for our products.” I have been in Web3 for quite some years now as a developer and a marketer, and I can say that the above method doesn’t work. It doesn’t. The more you shill your project, the more Web3 devs and users doubt everything about it. Marketing here is subtle, not blatant. The ones who know this ensure the subtlety idea informs their overall technical content marketing. How do you do this in practice? Educate and inform your prospective users or customers. The quality of your education will influence them to check out your platform and be a paid user. With this ethos in mind, let’s look further into how some top Web3 companies run their technical content marketing. Examples of Web3 Companies That Do Marketing Right While some Web3 companies have serious issues using technical content marketing to generate visibility and conversion, others do it seamlessly. You can learn from these top companies—some of which are even unicorns—to up your Web3 technical content marketing game. Alchemy – Technical Blog Content Creation Alchemy is an infrastructure provider in Web3. They mainly provide RPC and APIs for the developers. They have facilitated around $100 billion in on-chain transaction volume. The Alchemy marketing team has always been heavy on publishing tutorials and guides for their audience. Going through their blog, one can notice a consistent pattern of publishing developer-focused content. I worked at Alchemy last year and have insights into how they structure their Web3 technical blog content marketing. They have two categories: conceptual content and tutorials. Conceptual content is focused on breaking down terminologies or popular concepts. For instance, they can explain metamorphic contracts to Solidity developers. Conversely, tutorials involve a step-by-step guide for developers to build smart contracts or dApps. The Alchemy content team will use Alchemy endpoints within the tutorials while building. Subtly, the readers following the tutorial will use and get accustomed to using Alchemy endpoints. No wonder they have about 4 million developers using their infrastructure. Thirdweb – YouTube Content Creation Thirdweb is one of the most remarkable dev-tool and no-code companies in Web3. Their recent acquisition of Paper makes them more robust. The company currently boasts of over 100k developers using its products. First of all, Thirdweb ships market-fit products that developers want. Their infrastructure spans across UI components, SDK, Auth, and so on. Apart from technical blog content, another form of marketing channel Thirdweb mans well is YouTube content creation. Most of the content spans around building projects using Thirdweb tools. In addition, they maintain a pattern of 1 video per week, and none of their videos have less than 1k views. This sends a message: 1 quality video per week is enough for your Web3 company. Consistency matters more than intensity. Magic Eden – Social Media Marketing Many companies are fighting for their users with only their blog page while neglecting social media as a less important channel. This is not true, and I can say that as a marketer. Developers and prospective users spend an average of 4 hours on Twitter or similar social media platforms daily. What a perfect platform to meet them! Magic Eden is a wallet in the Solana ecosystem, and their social media management team is doing wonders. They use their Twitter to communicate with their users and share updates. Recall that this is Web3, and their audience are degens, so they share memes occasionally and a little shitpost here and there — on a lighter note. In addition to the above, you can use your social media as a platform