Welcome to The Protocol, CoinDesk's weekly wrap of the most important stories in cryptocurrency tech development. I’m Margaux Nijkerk, a reporter at CoinDesk. In this issue: New React bug that can drain all your tokens is impacting 'thousands' of websites Ripple Expands $1.3B RLUSD Stablecoin to Ethereum L2s via Wormhole in Multichain Push Aave DAO Pushes Back as Interface Fees Shift Away From Treasury NFT Project Pudgy Penguins Takes Over Las Vegas Sphere in Holiday Campaign Unknown block typ ...

Core Insights - Cloudflare experienced a significant outage affecting 28% of global websites due to internal errors rather than external attacks, marking the second incident in two weeks [2][3] Group 1: Incident Details - The outage on December 5 was caused by Cloudflare's attempts to address a serious vulnerability in React Server Components, leading to HTTP 500 errors [2] - The issue stemmed from a combination of expanding the WAF buffer and disabling an internal testing tool, which inadvertently triggered a long-dormant Lua bug in the old FL1 proxy [2][3] - The affected clients were those using the old proxy with managed rule sets, which accounted for a significant portion of traffic [3] Group 2: Systemic Issues - The incident highlighted the risks associated with legacy code, as the Lua code, established in 2009, could not be fully replaced, allowing bugs to resurface years later [3] - Cloudflare's new FL2 version, rewritten in Rust, does not have these issues, indicating a need for modernization [3] - The company has committed to freezing all network changes and prioritizing improvements in its release processes and emergency response capabilities [3] Group 3: Broader Implications - The repeated incidents underscore a critical challenge in internet infrastructure: preventing updates from causing system failures, which is becoming more urgent than merely defending against attacks [3]