Try   HackMD

When

Title: The Blockchain Guardians: Safeguarding the Future of Ethereum Smart Contract Security

  • Friday 7 July
    • Max: 20 minutes
    • 17:20 - 17:40

DRIVE CON COSAS:

https://docs.google.com/presentation/d/1T6N3K57t6q1m1NYMztzWhpfO9u3mzd6W/edit?usp=sharing&ouid=103083562722676049066&rtpof=true&sd=true

Topics

  • independent auditors. Incentives:

    • economic
    • reputational

  • audit platforms:

    • contests
      • Code4rena
      • Sherlock
    • bug bounties
      • Immunefi
    • marketplaces
      • Cantina.xyz
    • audit firms (guilds)
      • Spearbit
      • OpenZeppelin
      • SigmaPrime
      • Trail of Bits
      • Consensys Diligence

  • players

    • black hats
    • lazarus NATION STATE
    • White hacks
    • Monsters of the Dark forest
    • The dark forest itself

  • tooling

    • mention different types of tools
    • certora provet

  • vulnerability classes

    • technical vulnerabilities
    • economic attacks

  • overview of the security space

    • full security stack?

  • initiatives

    • Education: Secureum
    • Security: Cantina.xyz

Agenda

  • Hacks. Money lost

  • web3 stack. Where do you think security is important? Let's understand the security space: actors, tools

  • Actors: audit platforms:

    • audit firms (guilds)
      • Spearbit
      • OpenZeppelin
      • SigmaPrime
      • Trail of Bits
      • Consensys Diligence
    • contests
      • Code4rena
      • Sherlock
    • bug bounties
      • Immunefi
    • marketplaces
      • Cantina.xyz

  • independent auditors. Incentives:

    • economic
    • reputational

  • tooling

    • mention different types of tools
    • certora prover

  • vulnerability classes: EL TOP 5 DE LA TELEVISIÓN!!XD

    • technical vulnerabilities
      • examples. TVLost
    • economic attacks
      • examples. TVLost

  • initiatives: mass education and product

    • Education: Secureum
    • Security: Cantina.xyz

Last changed by 
cbym
0
278

Read more

Spearbook: Audit Process

This document is meant to serve as a guide for auditors engaging in Spearbit audits. Note that client and project team will be used interchangeably.

Aug 27, 2024
Issue style guide

that is, check that

Jul 11, 2023
Venus Proposal Spearbit Review

TLDR The Venus engineering team has approached Spearbit to review Isolated Pools, Staking gated yield boosting, a stable rate borrow replacing the comptroller with a diamond proxy and two other features yet to be decided. Based on the risk and complexity of this review as well as high demand for the reserachers with the specific skillset required to ensure a high quality coverage of the codebase, we proceed to offer a discounted quote for the amount of $664,125 for a review spanning 10,5 weeks (~2.5 months). Read Spearbit and the proposal below! Background The Venus engineering team demonstred a proactive commitment to security by approaching Spearbit with a request to perform an audit of their contracts.

Jun 12, 2023
Venus Proposal Cantina Managed

TLDR The Venus engineering team has approached Spearbit to review Isolated Pools, Staking gated yield boosting, a stable rate borrow replacing the comptroller with a diamond proxy and two other features yet to be decided. This proposal is a cost efficient and lower coverage alternative to a full Spearbit engagement, where a reduced security team from Spearbit is hired on the Cantina application to review the target scope. The full cost for a Cantina Managed review, targeting the code in scope and lasting for 10,5 weeks (~2.5 months) amounts to a discounted rate of $422,625. Background This proposal is presented to the Venus community as an alternative to a full, high coverage Spearbit security review. The Venus engineering team has requested cmichel to be part of the engagement, who we shall bring onto the team as a Lead Security Reseracher.

Jun 12, 2023
Read more from cbym
Published on HackMD