## When Title: The Blockchain Guardians: Safeguarding the Future of Ethereum Smart Contract Security - Friday 7 July - Max: 20 minutes - 17:20 - 17:40 ## DRIVE CON COSAS: https://docs.google.com/presentation/d/1T6N3K57t6q1m1NYMztzWhpfO9u3mzd6W/edit?usp=sharing&ouid=103083562722676049066&rtpof=true&sd=true ## Topics - independent auditors. Incentives: - economic - reputational - audit platforms: - contests - Code4rena - Sherlock - bug bounties - Immunefi - marketplaces - Cantina.xyz - audit firms (guilds) - Spearbit - OpenZeppelin - SigmaPrime - Trail of Bits - Consensys Diligence - players - black hats - lazarus NATION STATE - White hacks - Monsters of the Dark forest - The dark forest itself - tooling - mention different types of tools - certora provet - vulnerability classes - technical vulnerabilities - economic attacks - overview of the security space - full security stack? - initiatives - Education: Secureum - Security: Cantina.xyz ### Agenda - Hacks. Money lost - web3 stack. Where do you think security is important? Let's understand the security space: actors, tools... - Actors: audit platforms: - audit firms (guilds) - Spearbit - OpenZeppelin - SigmaPrime - Trail of Bits - Consensys Diligence - contests - Code4rena - Sherlock - bug bounties - Immunefi - marketplaces - Cantina.xyz - independent auditors. Incentives: - economic - reputational - tooling - mention different types of tools - certora prover - vulnerability classes: [EL TOP 5 DE LA TELEVISIÓN!!XD](https://rekt.news/leaderboard/) - technical vulnerabilities - examples. TVLost - economic attacks - examples. TVLost - initiatives: mass education and product - Education: Secureum - Security: Cantina.xyz ## Links and resources - [chainalysis: biggest-year-ever-for-crypto-hacking](https://blog.chainalysis.com/reports/2022-biggest-year-ever-for-crypto-hacking/#:~:text=2022%20Biggest%20Year%20Ever%20For%20Crypto%20Hacking%20with%20%243.8%20Billion,by%20North%20Korea%2Dlinked%20Attackers) - [rekt leaderboard](https://rekt.news/leaderboard/) - [The web3 stack](https://alchemy.com/blog/web3-stack) - [SoK: Decentralized Finance (DeFi) Attacks](https://arxiv.org/abs/2208.13035) - [web3-and-crypto-global-survey-2023](https://consensys.io/insight-report/web3-and-crypto-global-survey-2023) - [@samczun: mev-boost-relay validator attack](https://twitter.com/samczsun/status/1642848556590723075) - [@punk3155:mev-boost-relay validator attack ](https://twitter.com/punk3155/status/1642771856758546434) - [mev-boost-relay post mortem](https://collective.flashbots.net/t/post-mortem-april-3rd-2023-mev-boost-relay-incident-and-related-timing-issue/1540) - [how-did-a-malicious-validator-steal](https://eigenphi.substack.com/p/how-did-a-malicious-validator-steal) - [fbi lazarus](https://www.fbi.gov/news/press-releases/fbi-confirms-lazarus-group-cyber-actors-responsible-for-harmonys-horizon-bridge-currency-theft) - [@zachxbt: french police investigation](https://twitter.com/zachxbt/status/1672032219156688897) - [Open Standard Web3 Attack Reference ](https://www.oswar.org) <br> <hr>
Last changed by  
cbym
139

Read more

Spearbook: Audit Process

This document is meant to serve as a guide for auditors engaging in Spearbit audits. Note that client and project team will be used interchangeably.

5/1/2024
Issue style guide

that is, check that

7/11/2023
Venus Proposal Spearbit Review

TLDR The Venus engineering team has approached Spearbit to review Isolated Pools, Staking gated yield boosting, a stable rate borrow replacing the comptroller with a diamond proxy and two other features yet to be decided. Based on the risk and complexity of this review as well as high demand for the reserachers with the specific skillset required to ensure a high quality coverage of the codebase, we proceed to offer a discounted quote for the amount of $664,125 for a review spanning 10,5 weeks (~2.5 months). Read Spearbit and the proposal below! Background The Venus engineering team demonstred a proactive commitment to security by approaching Spearbit with a request to perform an audit of their contracts.

6/12/2023
Venus Proposal Cantina Managed

TLDR The Venus engineering team has approached Spearbit to review Isolated Pools, Staking gated yield boosting, a stable rate borrow replacing the comptroller with a diamond proxy and two other features yet to be decided. This proposal is a cost efficient and lower coverage alternative to a full Spearbit engagement, where a reduced security team from Spearbit is hired on the Cantina application to review the target scope. The full cost for a Cantina Managed review, targeting the code in scope and lasting for 10,5 weeks (~2.5 months) amounts to a discounted rate of $422,625. Background This proposal is presented to the Venus community as an alternative to a full, high coverage Spearbit security review. The Venus engineering team has requested cmichel to be part of the engagement, who we shall bring onto the team as a Lead Security Reseracher.

6/12/2023
Read more from cbym
Published on HackMD