September was a month of testing, refinement, and academic engagement for Cartesi. Our research challenged some of the brightest minds in the space, and the Cartesi Rollups Node advanced with an alpha release featuring improved configuration and a polished CLI. At the same time, groundwork was laid for JSON-RPC API enhancements and upcoming multi-DApp support in Cartesi Rollups 2.0.
In the meantime, the PRT Honeypot fulfilled its mission of surfacing bugs during infrastructure testing before real-world deployment, and work on the PRT fraud-proof system also progressed, including bonds integration and a new visualization tool for disputes. Across the ecosystem, students in Brazil began exploring blockchain education through a new course featuring Cartesi Rollups, while contributors amplified our impact through media and events. Let’s take a closer look at what happened this past month.
Tech
Cartesi Rollups Node v2.0.0-alpha.8 went live in September, building on a previous release featuring improvements to configuration, CLI, and JSON-RPC support. Highlights include stability fixes for empty output payloads and multi-step input execution. It comes after a series of improvements introduced earlier in the month, including enhanced authorization, secure secret handling, faster EVM Reader synchronization, and more flexible execution and query options. This release is intended for testing, with documentation updates currently in progress. Developers interested in exploring these features can check out the full release here.
In addition, the tech units have been actively developing version 3.0 of the Rollups Contracts, as tracked here. This upcoming release introduces significant enhancements to the smart contracts that facilitate settlement, consensus, and data availability within the Cartesi Rollups framework. These contracts are integral to the operation of our appchains, enabling applications to interact securely with the Ethereum base layer.
Cartesi’s PRT fraud-proof system has also made progress with the implementation of the new bond system designed to keep the fraud proof process secure and efficient. In simple terms, validators now post small “bonds” when making claims, which helps prevent spam and ensures only serious participants take part. Honest validators can recover their costs, while dishonest ones lose their bonds, which are fairly redistributed.
This system makes running everything smooth, keeps validation nearly free for good actors, and protects against delays or attacks. Testing and development are going well, and a release is expected soon. Dev-curious folks can follow along here and join our Discord, where all coordination happens publicly.
Research is another topic that made headlines this past month, with our Head of R&D, Gabriel Coutinho, sharing a piece about the trade-offs in non-interactive ZK fraud proofs and how the promise of the best of both worlds carries the risk of becoming the worst of all worlds. Gabriel’s analysis highlights the potential limitations and risks of this approach compared to traditional interactive fraud proofs. He emphasizes that this design can introduce liveness challenges, as regular users may struggle to defend the chain if attackers exploit transaction ordering or other edge cases. He also notes that, under certain conditions, a single unit of honest resources may not be sufficient to secure the Layer2, making careful economic and technical design critical. Overall, the research points out that while non-interactive fraud proofs offer promising simplifications in fraud-proof mechanics, they present unique attack surfaces and trade-offs that must be carefully considered before adoption. Keep an eye out for the scientific debate on the article published on ETHResearch, and for a quick roundup, check the X thread shared:
On the PRT Honeypot front, the team’s continued testing triggered a bug that caused a fail-stop state, invalidating this deployment and making the bounty of 20,042 CTSI tokens (around $1,420) unrecoverable. This highlights the value of honeypot mechanisms to stress-test components on mainnet, simulating real-world environments before being introduced to production applications. Read more here. While not new, honeypots have been around for over three decades, Cartesi’s PRT Honeypot introduced a novel way of community auditing in the blockchain space, embracing transparency and inviting developers, auditors, and hackers to push it to the limit with both educational and financial rewards. To dive deeper into this, our contributor, Chinonso Idogwu, published an article about the Honeypot’s on-chain and off-chain components, showing what’s under the hood. Check it out and stay tuned for a postmortem where contributors will detail how they caught the bug in discussion and reveal plans for another Honeypot deployment.
This past month we also explored the green “pizza” labels on L2BEAT, which highlighted Stage 2 Rollup projects on Ethereum, including Cartesi’s PRT Honeypot. Each slice of the green pie represents a specific Stage 2 requirement, such as having a proof system online, publishing all necessary data onchain, allowing anyone to participate in state validation, and enabling users to exit funds permissionlessly. In case you missed the explainer thread, give it a read here.
Beyond this, Cartesi has joined the L2BEAT Partnership Fund as a Supporter Tier partner, contributing to championing the research and oversight that L2BEAT provides for the L2 ecosystem, marking another step forward in supporting the broader Ethereum Rollups community:
Developer Tooling
Dev Advocacy has been busy this past month, and a new release of the documentation has just been published, redesigned and expanded to better support builders. Here’s what’s new: a streamlined developer journey, clearer and more readable guides, faster visual explanations, a brand-new Appchains page, a dedicated Fraud Proofs section, and an updated tabular design for easier navigation. See it for yourself.
And the mission of producing valuable content around developer tooling has continued. Contributor Chinonso’s latest video in his series breaks down how the PRT fraud proof system uses Merkle trees, whose hashing structure makes discrepancies easy to identify and verify:
By the way, progress on the visualization tool mentioned in the previous ecosystem updates blog, which tracks both past and ongoing disputes handled by PRT, has been smooth. It is currently being tested with synthetic data and will be released soon. Take a sneak peek here.The Cartesi Command Line Interface (CLI) has also received updates, with new application templates now closely tied to it. Developers can use the CLI to scaffold projects and quickly spin up applications in languages such as C++, Go, Java, JavaScript, Lua, Python, Rust, and TypeScript. The templates are aligned with the upcoming SDK 12 release, making it easier for builders to get started while adopting the latest patterns and best practices.
On another vertical, developer advocate Henrique Marlon shared insights into Multi-dApp Node support, one of the upcoming features for the next Cartesi Rollups 2.0 release. This feature introduces a Multi-DApp node architecture that allows a single node to run and manage multiple applications simultaneously.
This approach improves cost efficiency, resource utilization, and operational simplicity, while laying the groundwork for a future where nodes can serve as flexible, third-party service providers for multiple applications. Dive into the article to explore the technical components behind this feature, its benefits, and how it represents a broader shift in how Cartesi nodes and applications operate:
Meanwhile, Shaheen published a piece exploring DeFi use cases enabled by the Cartesi stack, highlighting practical opportunities for builders who want to leverage our appchains framework, including use cases that can benefit from this architecture, even with a week-long withdrawal delay. While finality delays might seem like a limitation, certain applications, such as staking, yield farming, reputation-based lending, and dollar-cost averaging, naturally fit these timelines.
By using Cartesi’s fraud-proof systems and flexible execution environment, developers can build complex, customizable, and secure DeFi applications that enjoy Ethereum’s security without being limited by immediate withdrawal requirements. Give it a read to see how the trade-off between security and usability is manageable and why developers are encouraged to experiment with optimistic rollups to build creative DeFi applications:
Ecosystem
Brazil remained a key focus for Cartesi adoption in September. A new class at UFBA, organized by Tomorrow UFBA and taught by Professor Antonio Rocha from UFF, started the course Blockchain, Web3, and Cartesi Rollups, providing students with both theoretical knowledge and hands-on experience in decentralized infrastructure.
The curriculum covers an introduction and basic concepts, fundamental technology principles, additional blockchain concepts, dApps and smart contracts, scalability in public blockchains, Cartesi technology and Rollups, and culminates in a fully practical Cartesi dApp project, with a mix of theoretical and hands-on sessions throughout.
Meanwhile, the previous course featuring Cartesi, organized by RNP (Brazilian network for education and research) and Escola Superior de Redes (ESR) as part of the ILIADA project concluded, with all practical project submissions now completed.
Cartesi’s role in the Brazilian ecosystem also received local media attention, with features in Cointelegraph BR, ACripto, and Revista TI (NE) highlighting these educational initiatives and expansion efforts.
Community & Events
Contributors Carlo Fragni and Augusto Teixeira were quoted in Bitcoin.com News discussing the recent JavaScript Node Package Manager (NPM) attack, providing insights on security and blockchain reliability.
A second edition gathered commentaries on the challenges at the intersection of AI and blockchain, triggered by the recent Ethereum Foundation announcement of a new AI team, where Carlo shared his insights.
He also joined an X Space hosted by ETHGas, where discussions unpacked gas fees, Ethereum scaling, and Cartesi’s contributions to an onchain world of predictable fees. Catch up with the recording here.Online and offline presence remained strong. Bruno Maia spoke on Web3 Global Media’s X Space about yield and token value sustainability and is preparing to take the stage for a new series of GTM alpha and insights. Stay tuned for it!
Meanwhile, our Korean ambassador Jay represented Cartesi on the ground at Korea Blockchain Week:
And speaking of ambassadors, for a steady dose of Cartesi visuals and AI-powered animations featuring penguins, bees, and even pengubees, follow our creative ambassador Bubbalex:
That’s a Wrap
September strengthened Cartesi’s position as a research-oriented, developer-friendly, and academically integrated ecosystem. From new Node releases, CLI improvements, or fraud proof advancements, to PRT Honeypot stress testing, university courses in Brazil, and making headlines in the research community, the ecosystem continues to develop across technical, educational, and social fronts.
Hope we get to see a few of you at the European Blockchain Convention in Barcelona soon (the CARTESI15 code provides a discount for our community, so take advantage if you plan to get your ticket), and let’s assemble for Devconnect in Argentina next. Until then, keep building, stay engaged, and join the conversation on Discord, X, Telegram, and beyond.
As October installs in, we look forward to continuing to deliver on our mission of bringing battle-tested Web2 software on-chain and allowing anyone to build with any code and Ethereum’s security.