JJS

Manuel's tweet sparked a lot of conversation, but the full picture is more nuanced. DeFi security has matured significantly: - AI + Formal verification, combined with manual audits - Better protocol architecture - Automated monitoring And many more protection layers… We're fighting fire with fire. The same AI capabilities attackers use are increasingly being deployed by security researchers and whitehats to strengthen protocols.

Fun fact about the Canton model is that state is never modified. Unlike EVM or Solana where state is stored and can be modified; on Canton this never happens. Here is an example: EVM: Alice sends Bob 10 tokens → Alice's balance: -10, Bob's balance: +10. The state was mutated. Canton: Alice sends Bob 10 tokens → Alice's contract (10 tokens) is archived. A new contract is created for Bob (10 tokens). Nothing was modified. A new fact was written.

I think the notion of doing security as a checkbox is an issue. Thinking that doing an audit means you’re safe is no longer valid. BBPs are great because it means continuous security but just not guaranteed as you don’t actually know if people are looking at your code or not. So integrating security at any point and on as many layers as possible (smart contracts, opsec, monitoring etc)

How would the KelpDAO x Aave incident operated in a market integrated with Cork's risk infrastructure? Example: aETH was assumed fully liquid, but the exploit made it illiquid. A live Cork aETH pool would have let holders pay a premium upfront to guarantee exit liquidity at NAV, with that guarantee locked in a smart contract. Priced vs. unpriced risk

7/ Then why BFT / Super Validators? Because even if the synchroniser cannot read the transaction, it still controls important public facts: 1. What got sequenced? 2. In what order? 3. Before what deadline? 4. Was the final result commit or abort? Those facts need decentralised trust.