@angela_walch Glad you asked! I have devoted the entire 4 years of my career to solving these problems, every since the day of the 2nd Parity msig hack in 2017 when I realized there was an extreme lack of software security processes like the ones I was used to at the companies I've worked for.
@angela_walch #1: Improving transparency and security processes of development teams through open source, common sense process checklists - @DefiSafety
#2: We created a TG and Discord community for Security engineers to communicate and learn from each other in 2018 #ETHSecurity
#2: We created a TG and Discord community for Security engineers to communicate and learn from each other in 2018 #ETHSecurity
@angela_walch @DefiSafety #3: Since 2017, the entire industry has been working on increasing the state of the art of smart contract tooling, often increasing the state of art of software security on the bleeding edge in academia!
@angela_walch @DefiSafety #4: Ethereum's security culture has only improved. The hacks we see today are 100000x more complex than in 2017
#5: At this point, only the most venerable projects are in the Top 10 DeFi projects by listed by TVL, that is not a coincidence
#5: At this point, only the most venerable projects are in the Top 10 DeFi projects by listed by TVL, that is not a coincidence
@angela_walch @DefiSafety I have way more thoughts, but anyways this is the *current* state of things in Ethereum smart contract security. You asked how we can improve things.
Well, honestly, just keep doing what we're doing! This s/w is frankly the most difficult s/w I have ever personally worked on.
Well, honestly, just keep doing what we're doing! This s/w is frankly the most difficult s/w I have ever personally worked on.
@angela_walch @DefiSafety It will probably not ever be entirely "safe" for public use by billions of people. No software is. The best we can do with software is increase our collective skillsets and raise the bar on dev, as well as overall project-level transparency, so people get what they paid for.
@angela_walch @DefiSafety Planes still crash, elevators kill someone almost every day, but the overall number of these incidents goes down with time, as the state of the technology gets more mature, and people get more comfortable using it. As we explore the boundaries of what's possible, that's natural.
@angela_walch @DefiSafety The most specific part of this that I am responding to is that smart contracts are *global* and operate simultaneously in 192 different jurisdictions. It would be *impossible* to make a set of rules and regs that all of those places can all agree on. Also, not really helpful!
@angela_walch @DefiSafety Regulations don't even work all that well today! The FAA basically has to rely on manufacturers to self-police, because the talent necessary to build aircraft is so scarce and in-demand, the gov't can't really employ them. It might have been iffy at first, but it largely works.
@angela_walch @DefiSafety This technology is several orders of magnitude more complex and hard to find people with the right knowledge and skillsets to regulate the industry. I don't think we ever will. And I think that's okay, because the way I've seen the industry grow up has been frankly encouraging.
@angela_walch @DefiSafety Now this hack today is super unfortunate, but a good portion of twitter followers and defi friends had simply never heard of this protocol and had no idea how it got so much TVL to lose. Came out of nowhere, probably written by inexperienced, anon devs copying a bunch of other...
@angela_walch @DefiSafety ...code that other people wrote (idk), and got themselves into trouble. The state of the audit industry I think is particularly to blame, people often rely on audits as a signal of quality, but audits vary so drastically in quality that unless you know the reputation of the firm
@angela_walch @DefiSafety They're basically useless and should be ignored. This is why I push people to @DefiSafety as a solution that is about objective metrics of transparency and quality, where the average outcome is much better with projects that score highly than those that don't.
@angela_walch @DefiSafety Alright, I could totally talk your ear off all freaking day, this has literally been my life for 4+ years now. I have a very keen understanding of what works and what doesn't, and really all that takes is experience and skill, which is hard to represent to other people.
@angela_walch @DefiSafety Any regulatory solution that I wish to see would help distill the risks and information required to make sound investment decisions by being transparent as possible, instead of thinking that the government is somehow gonna save us from ourselves through licensing reqs.
/fin
/fin
@angela_walch *4 years of my crypto career, I'm older than that 😬
@angela_walch @DefiSafety We kind of continued the conversation here
https://twitter.com/angela_walch/status/1425278669316976640?s=20
• • •
Missing some Tweet in this thread? You can try to
force a refresh
