This site uses cookies. Browsing the site, you agree to the use of cookies. If you need more information, please visit the Cookies Policy page
Cryptocurrencies: 4190 / Markets: 34670
Market Cap: $ 1 510 457 323 476 / 24h Vol: $ 172 969 650 780 / BTC Dominance: 61.291272478166%

Н News

As faith in audits falter, the DeFi community ponders security alternatives

840_aHR0cHM6Ly9zMy5jb2ludGVsZWdyYXBoLmNvbS91cGxvYWRzLzIwMjEtMDIvMmZiYjc5ZmEtOTY1ZC00ZGIxLWI3MzUtMmNhOTk0ZDBhYzJmLmpwZw==.jpg

Can new code review models solve DeFi's audit problem?

As the attacks launched against popular decentralized finance (DeFi) protocols grow ever-more complex, the efficacy of audits from major security companies have in turn come under scrutiny — and some members of the DeFi community have already begun building homegrown alternatives.

“I think that now, after all the hacks we’ve had, we basically understand that if you have two audits, three audits, it doesn’t mean you’re safe,” said the co-founder of DeFi Italy Emiliano Bonassi in an interview with Cointelegraph. “This does not mean that audits have no value in this moment, but they are not silver bullets.”

This new reality is what pushed Bonassi to form ReviewsDAO. A simple forum for connecting security experts and projects looking for an extra set of eyes, in the three days since its launch ReviewsDAO has already attracted four volunteer reviewers (including Bonassi), and has matched two reviewers with a project.

Skin in the game it's one of the implicit rule of https://t.co/5y4MBhvNB7

Anon is allowed and protected but putting your face (virtual or not) it's a sign of trust

I am in, offering my time and my face for reviews https://t.co/CoVRSThymG

Don't be shy, help the community! pic.twitter.com/uq0KtV2pCV

— Emiliano Bonassi | emiliano.eth (@emilianobonassi) February 15, 2021

Bonassi and ReviewsDAO aren't alone, either. Code 423n4 is another project aiming to jumpstart a security movement within the ecosystem, leveraging an gamified, experimental twist on bug bounties. And likewise Immunefi, another DeFi bounty platform that launched in December last year, is overhauling the security disclosure model by pushing for upwards of 10% of vulnerable funds as a reward.

Immunefi’s model in particular has already made waves, successfully netting a whitehat a $1.5 million reward.

Three new projects emerging in just two months, and each with their own incentive model — it’s an industry-wide effort Stani Kulechov, the founder of DeFi lending platform Aave, believes will be key to the health and security of the space moving forward.

“Auditors are not here to guarantee the security of a protocol, merely they help to spot something that the team itself wasn't aware of. Eventually it's about peer review and we need to find as a community incentives to empower more security experts into the space.”

“No silver bullets”

Bonassi should be a familiar name to anyone who has kept up with the recent spate of exploits. The Italian developer is one of the half-dozen or so white-hat hackers who frequently convene in the wake of an attack in an effort to replicate the exploit and help projects patch the vulnerabilities.

Ask just about any DeFi founder about Bonassi and his fellow post-exploit “war room” whitehats, and they’ll be quick to sing their praises.

“The DeFi community is blessed to have whitehats such as Samczsun and Emiliano. Their efforts [...] makes the space not only more secure but also highlights the narrative that there is lot of people within our ecosystem that cares for the success of the space,” said Kulechov.

While the whitehats’ response skills are widely appreciated, ReviewsDAO is in some ways an effort to cut back the frequency with which projects need them.

In Bonassi’s view, tension between the needs of projects and the limited resources of auditing firms is weakening the security of the Defi space writ large: auditors are always busy, but teams in the thick of the DeFi innovation race need to remain agile. While a project might want an audit on a few small changes, availability and costs often necessitate a larger order, leading to code “chunking.”

“Since they are not available, you usually prepare a bunch of stuff you want reviewed and ship it to them. The interaction is really, let’s say ‘snapshot-based,’ rather than having a continuous collaboration,” said Bonassi.

So, how to enable more frequent security reviews that better met the needs of projects? Bonassi says he initially considered a Gitcoin grant for a whitehat group as a solution, but ultimately determined that such a model would be overly-centralized and wouldn’t be able to scale. None of his whitehat peers had insight on how to solve the problem, either, so he opted for simplicity.

The definitive guide on how scaling bug bounties will boost DeFi and smart contract security, from our CEO @MitchellAmador:

- Smart contracts are hard to protect
- Bug bounties are incentive game changers
- Scaling bug bounties will protect the communityhttps://t.co/szvOn2JQu7

— Immunefi (@immunefi) February 18, 2021
“If you don’t have any sort of idea, start from the basics: start a forum, let’s say a ‘market,’ where people can ask for reviews big or little, and also offer their expertise.”

He’s not aiming to replace audits and auditing companies entirely, Bonassi notes, and instead envisions the DAO as one that can help younger projects better prepare for an audit by providing “continuous review” and “liquid auditing.”

It’s a model that security expert Maurelian at OptimismPBC thinks leaves space for big auditing firms, while also acknowledging that there needs to be other security solutions as well.

“IMO there is real value to an audit by a high quality firm, and nothing else really serves as an 'alternative', but I also think there is an issue of over-reliance on audits to provide security,” he said.

Bonassi also believes ReviewsDAO could eventually become a kind of auditing “University,” where people with specialized knowledge can branch into other areas and young developers can grow into fully-fledged auditors — both taking stock of and bolstering the developer resources across DeFi.

“My goal is also to map people and projects — having a transparent place where people can exchange information, help us to understand how many people who are, basically, from a security perspective good enough, are present in the ecosystem.”

Skin in the game

While it meets a clear market need, Bonassi says there are no current plans for monetization or a ReviewsDAO token.

“I think that initiatives like this one should be community goods,” he argues.

This effort to avoid capital incentives is more than just idealism. These new auditing projects are arising because the current model isn’t fully sustainable, says Bonassi — a model that is “transactional,” meaning auditors don’t have as skin in the game that a more fully-engaged partner might. As a result the entire DeFi landscape (one which the auditors should ostensibly be securing) is suffering.

“They’re not a relationship. It’s not a partnership,” Bonassi says.

Nonetheless, even public good often have public funding, and it’s an open question whether developers — who are often overworked to begin with — will be willing to donate time at what Andre Cronje calls the “Emiliano Bonassi Rate”: for no reward other than the recognition.

Bonsai notes that multiple major DeFi protocol founders have offered grants, which thusfar have been turned down. He’s stubborn to see if developers are willing to give back to the space that’s often given them so much, even when there’s other, potentially lucrative options available.

“What we really need in this ecosystem is more people who work on it — let’s say, someone may hate me but, less forks if they’re not adding value [...] I don’t want to end up in the ICO era. I don’t want to go back to 2017.”

THE INTRO POST.

If you want to get involved, join the discord and tell me how you want to be involved.https://t.co/7AZSlMDKS9https://t.co/3YyPmKqs6I

— Code 423n4 (@code423n4) February 15, 2021

Early returns on the effort are promising. Coverage/insurance protocol Cover was the first project to be matched with a reviewer via ReviewsDAO.

“It was great,” says Pumpkin, a core dev for Cover Protocol and Ruler Protocol. “I was one of the few Emiliano shared the idea with right before release. I loved it immediately as it is what I have been looking for (to get external code reviews and more easily and quickly) [...] I am not sure what will come out from the review, but the forum is certainly working well as intended.”

Maurelian also believes there’s hope for the perhaps-idealistic model — and that it may be more transactional than it seems at first blush.

“You get what you give. So participating in a project like this is probably a good idea if you're planning to be in the space for the long haul,” he said.

Even if some developers donate time to curry future favors, Emiliano remains resolute is his vision that efforts secure the ecosystem should come from a place of altruism and love.

“That’s the ideal we should push. And since we have a lot of money, and this industry has a lot of money, you’re not supposed to need bounties, you’re supposed to do it because you love this industry. This is a call-out to all the people that want to grow the ecosystem.”

Source

  • 14.09.20 17:35 Анастасия

    Давайте биткоин по 20к

  • 14.09.20 17:40 Лысый Боб

    Подарите книгу)))

  • 14.09.20 17:41 Светлана П

    Hello

  • 14.09.20 17:48 Николаев

    Понеслась

  • 14.09.20 17:53 Щука А

    Слава эфиру

  • 14.09.20 17:58 Захар Трофимов

    Надо изучать Defi , интересно

  • 14.09.20 18:01 Попко Колян

    Давайте биткоин по 20к

  • 14.09.20 18:08 Попков С.А.

    Круто

  • 14.09.20 18:13 Алексей С.

    ​гуд

  • 14.09.20 18:18 Попков С.А.

    Как успехи?

  • 14.09.20 18:24 Попко Колян

    👍👍👍👍👍

  • 14.09.20 18:26 Егор Шетюк

    Понеслась

  • 14.09.20 18:26 Захар Трофимов

    15$. Тюмень рулит😁

  • 14.09.20 18:35 Константин В.В

    Биток и эфир держу до лучших времён)

  • 14.09.20 18:38 Попко Колян

    ​ДОБРОГО

  • 14.09.20 18:43 Даниил

    Рига смотрит

  • 14.09.20 18:46 Вадим Никулин

    Всегда смотрю Вас!

  • 14.09.20 18:55 Захар Трофимов

    Минск на проводе

  • 14.09.20 18:56 Щука А

    Спасибо за ваш труд

  • 14.09.20 19:01 Никита

    Хай

  • 14.09.20 19:06 Вячеслав Левков

    Отложил биток на пенсию

  • 14.09.20 19:13 Попков С.А.

    Отличные эфиры у вас

  • 14.09.20 19:20 Щука А

    Привет из Москвы

  • 14.09.20 19:25 Алексей С.

    Всем РЕСПЕКТ

  • 14.09.20 19:27 Николай

    Вперед криптаны

  • 14.09.20 19:34 КРИПТАН

    Слышно гуд

  • 14.09.20 19:36 Егор Шетюк

    Подарите книгу)))

  • 14.09.20 19:44 Светлана П

    миллионерам привет

  • 14.09.20 19:48 Вячеслав Левков

    Крипта скам=)

  • 14.09.20 19:53 Тоха

    Понеслась

  • 14.09.20 19:57 Носов А.А

    Рига смотрит

  • 14.09.20 20:04 Прокоп

    Донаты принемаете?

  • 14.09.20 20:06 Носов А.А

    спасибо

  • 14.09.20 20:12 Юрий Ник

    Тюмень рулит😁

  • 14.09.20 20:18 Даниил

    миллионерам привет

  • 14.09.20 20:18 Нина

    17$. Биток и эфир держу до лучших времён)

  • 14.09.20 20:24 Никита

    18$. Задонатю вам баблишка)

  • 14.09.20 20:25 Вячеслав Левков

    Поможем парням лайками, я уже свой поставил

  • 14.09.20 20:26 Павел Скоровойтов

    Слава эфиру

  • 14.09.20 20:35 Носов А.А

    Привет, пацаны. Слышно, видно хорошо

  • 14.09.20 20:36 Тоха

    Шалом

  • 14.09.20 20:44 Лена

    Биток и эфир держу до лучших времён)

  • 14.09.20 20:47 Нина

    ​ку-ку)

  • 14.09.20 20:53 Попков С.А.

    Все good. Ростем потихоньку и падаем, как всегда

  • 14.09.20 20:58 Санек

    Всем РЕСПЕКТ

  • 14.09.20 21:01 Славка Орехов

    Спасибо за ваш труд

  • 14.09.20 21:10 Ваня А,

    Привет, пацаны. Слышно, видно хорошо

  • 14.09.20 21:13 Нина

    ​ДОБРОГО

  • 14.09.20 21:20 Никита

    Привет парни!

  • 14.09.20 21:25 Егор Шетюк

    Hello

  • 14.09.20 21:27 Вячеслав Левков

    ​ку-ку)

  • 14.09.20 21:33 Попков С.А.

    Тамбов с вами братва

  • 14.09.20 21:37 Серега Бумер

    Слава эфиру

  • 14.09.20 21:42 Ваня А,

    Подарите книгу)))

  • 14.09.20 21:50 Павел Скоровойтов

    Поможем парням лайками, я уже свой поставил

  • 14.09.20 21:54 Захар Трофимов

    Привет парни!

  • 14.09.20 21:56 Санек

    Отложил биток на пенсию

  • 14.09.20 22:03 Носов А.А

    Привет, пацаны. Слышно, видно хорошо

  • 14.09.20 22:03 Попков С.А.

    14$. Надо изучать Defi , интересно

  • 14.09.20 22:09 Николай

    Поможем парням лайками, я уже свой поставил

  • 14.09.20 22:14 Вадим Никулин

    Я из РБ слежу за вами давно💰

  • 14.09.20 22:17 Николай

    Поможем парням лайками, я уже свой поставил

  • 14.09.20 22:24 Лена

    ​Я снова с вами)))

  • 14.09.20 22:28 Носов А.А

    Отложил биток на пенсию

  • 14.09.20 22:31 Серега Бумер

    Тюмень рулит😁

  • 14.09.20 22:40 Светлана П

    Сморгонь 👍

  • 14.09.20 22:43 Вадим Никулин

    Отложил биток на пенсию

  • 14.09.20 22:46 Николаев

    Круто

  • 14.09.20 22:53 Ваня А,

    Люблю ваши трансляции, вы крутые!

  • 14.09.20 22:58 Вячеслав Левков

    Биток вперед!!!

  • 14.09.20 23:05 Носов А.А

    ​Привет всем с Украины!

  • 14.09.20 23:06 Носов А.А

    12$. ​здарова бандиты

  • 14.09.20 23:09 Константин В.В

    Отложил биток на пенсию

  • 14.09.20 23:14 Прокоп

    Екатеринбург на связи

  • 14.09.20 23:18 Николаев

    Круто

  • 14.09.20 23:25 Тоха

    ​здарова бандиты

  • 14.09.20 23:27 Попков С.А.

    Отличные эфиры у вас

  • 14.09.20 23:33 Лена

    Поможем парням лайками, я уже свой поставил

  • 14.09.20 23:39 Николаев

    Доброе утречко

  • 14.09.20 23:45 Лена

    Как успехи?

  • 14.09.20 23:49 Павел Скоровойтов

    ​ку-ку)

  • 14.09.20 23:51 Ваня А,

    Привет, пацаны. Слышно, видно хорошо

  • 14.09.20 23:57 Попков С.А.

    Хомяки тут

  • 15.09.20 00:01 Лысый Боб

    Привет, пацаны. Слышно, видно хорошо

  • 15.09.20 00:07 Санек

    Слава эфиру

  • 15.09.20 00:12 Щука А

    Екатеринбург на связи

  • 15.09.20 00:14 Нина

    23$. Лайк

  • 15.09.20 00:16 Юрий Ник

    Вперед криптаны

  • 15.09.20 00:25 Лена

    Биток и эфир держу до лучших времён)

  • 15.09.20 00:26 Попков С.А.

    Как успехи?

  • 15.09.20 00:33 Попко Колян

    Я из РБ слежу за вами давно💰

  • 15.09.20 00:40 Даниил

    миллионерам привет

  • 15.09.20 00:50 Константин В.В

    11$. Круто

  • 17.09.20 15:31 Trident

    купил билет на семинар который изначально планировался в субботу.... в пятницу не смогу послушать, гле посмотреть запись?

  • 24.09.20 12:08 Серго1985

    Как бабло зарабатывается??

  • 15.10.20 09:16 Vyacheslav

    отлично зарабатывается !)

  • 15.10.20 09:16 Vyacheslav

    у вас как?

  • 09.02.21 10:40 ave2510

    всем привет! кто то заходил в ю8д...?

  • 10.02.21 12:52 [email protected]

    почему я на юнисвоп не вижу токен NTFI

  • 16.02.21 18:27 Jessikagylu

    Всем привет. А какой интернет вы используете для майнинга? Прочла интересную статью https://hashalot.io/blog/vyjdet-li-majning-za-limit-trafika-kakaya-skorost-interneta-nuzhna-dlya-majninga/ и задумалась над этим. Какие характеристики сети у вашего провайдера?

To join the Chat, you need a free pro-blockchain.com account. Enter Registration