DeFi Security: With So Many Hacks, Will It Ever Be Safe? - Ep.170

Unchained

Laura Shin

News, Business News, Tech News

4.6 • 1.3K Ratings

🗓️ 5 May 2020

⏱️ 76 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Dan Guido, cofounder and CEO of Trail of Bits, and Taylor Monahan, founder and CEO of MyCrypto, discuss all the recent hacks in DeFi, how it can be made more safely and who is responsible. We tackle: the Hegic security incident: whose responsibility it was to make sure the contract was secure — the auditor (Trail of Bits) or the team (Hegic) — what Trail of Bits was saying in its audit summary, and how to read between the lines of an audit summary how long an audit should be upgradeability: particularly around when more advanced technology and contracts interface with older technology/contracts centralization vs. decentralization: whether contracts can be made safely while maintaining adhering to the principle of decentralization, why Taylor would prioritize centralization and security, and how teams can create different levels of risk for users bug bounties: why asking what amount they should be is the wrong question the security threats posed by oracles and what a checklist for DeFi teams might look like Thank you to our sponsors! Crypto.com: https://crypto.com Kraken: https://www.kraken.com Stellar: https://www.stellar.org Episode links: Dan Guido: https://twitter.com/dguido Trail of Bits: https://www.trailofbits.com Taylor Monahan: https://twitter.com/tayvano_ MyCrypto: https://mycrypto.com Initial tweet by Hegic calling the security issue a typo: https://twitter.com/HegicOptions/status/1253937104666742787?s=20 Hegic tweet saying, “It’s not a security issue”: https://twitter.com/HegicOptions/status/1253954145113038849?s=20 Trail of Bits saying it will no longer work with Hegic: https://twitter.com/dguido/status/1254260725431894020?s=20 Taylor breaks down the audit summary: https://twitter.com/MyCrypto/status/1254058121342803968?s=20 Molly Wintermute’s Medium post on requesting a week audit vs. three-day review: https://medium.com/@molly.wintermute/post-mortem-hegic-unlock-function-bug-or-three-defi-development-mistakesthat-i-feel-sorry-about-5a23a7197bce Unconfirmed episode with Haseeb Qureshi on the Lendf.me attack: https://unchainedpodcast.com/haseeb-qureshi-on-the-unbelievable-story-of-the-25-million-lendf-me-hack/ Unchained interview showing Matt Luongo's approach to kill switches and upgradeability with tBTC: https://unchainedpodcast.com/tbtc-what-happens-when-the-most-liquid-crypto-asset-hits-defi/ Discussion of the bZx attacks on Unchained: https://unchainedpodcast.com/the-bzx-attacks-unethical-or-illegal-2-experts-weigh-in/ Issue with Curve contract: https://blog.curve.fi/vulnerability-disclosure/ Compound bug bounty program: https://compound.finance/docs/security#bug-bounty Taylor on “upgradeability makes things more insecure”: https://twitter.com/tayvano_/status/1222564979657723904?s=20 Synthetix oracle incident, allowing a bot to profit $1 billion: https://unchainedpodcast.com/how-synthetix-became-the-second-largest-defi-platform/ Taylor’s tips on how to get more ROI on an audit: https://twitter.com/MyCrypto/status/1254061500244713474?s=20 Tips to follow before getting an audit: https://blog.openzeppelin.com/follow-this-quality-checklist-before-an-audit-8cc6a0e44845/ Resources for security in DeFi: crytic/building-secure-contractsGuidelines and training material to write secure smart contracts - crytic/building-secure-contractsgithub.com https://consensys.github.io/smart-contract-best-practices/ https://forum.openzeppelin.com https://swcregistry.io https://diligence.consensys.net/blog/2020/03/new-offering-1-day-security-reviews/ Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	Hi everyone, welcome to Unchained, your no-hipe resource for all things crypto.
0:08.0	I'm your host, Laura Shin.
0:10.0	Twitter fights, medium post, scammers, fissures, and promotional content,
0:13.6	want to get through all the noise in crypto?
0:15.8	Sign up for my weekly newsletter at unchained podcast.com to get a quick and easy
0:20.6	summary of the top news stories every week.
0:23.0	The stellar network connects your business to the global financial infrastructure,
0:28.0	whether you're looking to power a payment application or issue digital assets like stable coins or digital dollars.
0:34.0	Stiller is easy to learn and fast to implement.
0:36.7	Start your journey today at stellar.org
0:39.2	slash unchained.
0:41.6	Krakkin is the best exchange in the world for buying and selling digital assets.
0:47.0	It has the tightest security, deep liquidity, and a great fee structure with no minimum or hidden fees.
0:54.0	Whether you're looking for a simple Fiat on-ramp or futures trading,
0:58.0	Cracken is the place for you.
1:01.0	In response to the challenging times, crypto.com is waiving the 3.5% credit card fee for all
1:08.2	crypto purchases for the next three months. Download the crypto.com app today.
1:14.0	Today's topic is security in Defi.
1:17.0	Here to discuss our Dan Guido, co-founder and CEO of Trail of Bits,
1:22.0	and Taylor Monaghan, founder and CEO of My crypto. and super excited to talk about this. Before we dive into the meat of today's discussion, can you each describe what you do in
1:36.7	crypto and how you came to be involved in Defi and or security?
1:41.7	Why don't we start with Dan?
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from Laura Shin, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of Laura Shin and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.