USTR Preregistration Dapp Adds Mobile Wallet Support for BSC and TerraClassic

The **CL8Y Bridge** has launched on mainnet with testing underway at [bridge.cl8y.com](http://bridge.cl8y.com). **Key Updates:** - Faucet now live - users can access test tokens through Settings → FAUCET (requires minimal gas) - First successful mainnet transfer completed ([verify here](http://bridge.cl8y.com/verify?hash=0x25a81e5d294d90c54a2ebc37b423f5b1087596f2565f24c8bfe1f1cc23f093663)) - New verification feature added for token configurations under Settings → Tokens **Current Status:** Developer CF reports the core infrastructure (smart contracts, operator, and canceler) is running smoothly with only minor updates needed. UX improvements and configuration auditability are being refined during the one-week testing period. The team is monitoring onchain data for any unexpected issues before full deployment.

A developer discovered a critical security vulnerability in a cross-chain bridge during deployment testing. The bug involved **decimal correction code** that could have allowed fund theft through incorrect decimal inputs. **The Issue:** - Token registry was one-directional (destinations mapped only to source) - Decimal correction between chains (e.g., 6 decimals vs 18 decimals) used user-provided counts - Could enable fund theft by entering wrong decimals While rate limiting would have reduced impact, the developer notes it "would have been a serious security incident involving loss of bridge funds." The fix—implementing bidirectional mapping—has been completed. **Additional mainnet testing revealed more issues:** - Improper cw20 token validation - Missing decimal bounds checks - Lack of enumeration for auditability - Silent fallbacks that should error The developer emphasizes why thorough testing cycles matter: "often its only once things go onto the full mainnet setup that certain issues become apparent." On a lighter note: dark & light mode color schemes are now working and live on devnet.

**TidalDex has launched conversational swaps** on their Telegram broker bot, allowing users to execute trades through natural language commands. **Key Features:** - Use `/llm_app` command to start chatting with the trading bot - Execute swaps through conversational interface - Currently has limited functionality but operational **What's Coming:** - Support for preregistration USTC app on BSC - Enhanced trading capabilities The bot represents a step toward **more intuitive DeFi interactions**, removing technical barriers for users who prefer conversational interfaces over traditional trading UIs. *Try the bot on Telegram to experience AI-powered trading firsthand.*

**CL8Y's Guardian Protocol** has upgraded its AccessManager to **AccessManagerEnumerable** for improved security auditing. **Key Changes:** - Additional blockchain storage of account roles and target permissions - Enhanced reliability over event-based data access - Minimal gas cost increase (pennies) for significantly better auditability **Recent Security Improvements:** - **60 roles revoked** from inactive contracts and old admin wallets - Annual key rotation completed - Legacy permissions system audit finished **What's Next:** - Two remaining security tasks before resuming CL8Y bridge development - Potential dashboard upgrade for auditing newer AccessManager systems - Initial CMM version may cause brief development pause The upgrade prioritizes **security and auditability** over gas optimization, reflecting best practices for protocol management.