Spearbit

@spearbit

Private team

Joined on Nov 20, 2021

  • Spearbit uses a markdown based template to collaboratively write the final report for security reviews. This markdown file is then converted to a PDF with minimal additional modifications. Use hackmd.io to collaborate on reports. Example of the markdown file: Brink security review (engagement 2). Example of a rendered pdf. An example issue can be found in Appendix. General suggestions The issue description should be detailed. Ideally, someone who is outside of the project and the security review team should be able to understand the issues, merely by reading the issue description. Sort by highest to lowest severity. For example, a critical bug that steals all the funds should appear before a generic suggestion such as floating pragma.
     Like 3 Bookmark
  • Spearbit Spearbit is a decentralized network of expert Web3 security engineers. Together, we help secure the Web3 ecosystem. We offer security reviews and related services to Web3 projects. Our network has experience at every part of the stack, including protocol design, smart contracts, and the Solidity compiler itself. Spearbit brings in untapped security talent: expert freelance auditors want flexibility to work on interesting projects together. Learn more about us at https://spearbit.com. Introduction The Brink protocol is designed for automating conditional orders on EVM compatible chains. For an introduction to the basic mechanics, one can consult the report from Spearbit's first security review of Brink. This follow up specialized review by Spearbit focussed on a unique extension of "EIP-1167: Minimal Proxy Contract". The Brink protocol designed a gas efficient proxy implementation, based on EIP-1167 that also stores the address of the owner in the proxy. Details can be found in the section: "custom proxy code". In short, the address of the owner is appended at the end of the runtime code, and read using a extcodecopy of the relevant bytes in code; let's call this the data section. The focus of the security review was on the following:
     Like 2 Bookmark
  • About Us The Role If your Chief Information Security Officer (CISO) role is vacant or you need a project-based executive expertise then our community of vCISO's is the solution for you. Our vCISO's serve as a technology leader responsible for advising on high-level technical guidance, smart contract best pracitces, architectural review and development/testing framework during your software development lifecycle by directly reporting to the CTO, CEO, and Founders. By embedding this individual or pairing of vCISO's onto your team this allows you to prepare for external reviews, execute on technical development and reduce risk. World Class Leaders Spearbit has to date built one of the largest communities of security personel in the blockchain space.
     Like  Bookmark
  • Spearbit is a DAO for web3 security researchers. Web3 projects often have to decide between waiting months for a security review or shipping unaudited code to keep up with the competition. Spearbit fixes this through a freelance marketplace of vetted security researchers who pair on collaborative teams. We’re looking for an Account Manager to assist with our audit marketplace. This person will assist with the matching of qualified security researchers to prospective clients that want to engage with our community. Once the security review begins, the Account Manager will be responsible for ensuring quality service delivery through effective project management. During the security review, the account manager will utilize their high level knowledge of developer security to flag process errors and breakdowns in communication between clients and security researchers. This position isn’t technical in the sense that you won’t be engaging in manual code review, but does require a knowledge of DevSecOps best practices and how to effectively integrate security researchers into the development lifecycle of clients. A background that would prepare you for this role could include having a project management role at a major web3 security auditing firm or a PM role at a major crypto protocol who has worked with security audit firms. Benefits Competitive compensation: $150-200K/yearly salary + equity or $150/hr on contract basis (dependent on your preference, we're fine with this being a contract job or a salaried position) Option of getting paid in digital currency Our Values
     Like  Bookmark
  • Spearbit is a DAO for web3 security researchers. Web3 projects often have to decide between waiting months for a security review or shipping unaudited code to keep up with the competition. Spearbit fixes this through a freelance marketplace of vetted security researchers who pair on collaborative teams. Spearbit is growing and needs a talented technical copywriter to help write our audit reports as well as content for our community. This person will work with our security researchers to copy edit and format our audit reports. Benefits Competitive compensation: This is a contract position at $100/hr Option of getting paid in digital currency Our Values
     Like 1 Bookmark