Olivia
Online
alcueca
@alcueca
Previously: @optimism - @yield - ERC4626 (Tokenized Vaults) - ERC3156 (Flash Loans) - ERC7266 (Oracles) - Judge @ Code4rena, Cantina
Portugal
Joined March 2020
170 Following
5K Followers
3.4K Posts
@cal_nix I was planning to have the LLM prepare the campaign, but not be the dungeon master
my pov:
-> security is cat and mouse game. always has been (check early internet days)
-> security holes were already there, it's just became cheaper to exploit
-> it will become cheaper to fix as well
-> security tools are going to catch up very soon
-> most recent hacks are opsec related not SC related ( @flipdazed pulled the numbers recently)
-> we need to level up on opsec :for sure:
-> we see noncustodiality and risk isolation has 2 key very important design choice to limit hack impacts
-> more LOC = larger attack vector so simplicity is paramount
-> i've never seen a more exciting time to build stuff than today
@PatrickAlphaC @GalloDaSballo @shealtielanzz I said that once as a judge, and C4 staff told me to not do that.
Of course, they were right. But still, fuck.
@code4rena Thank you for all your hard work. You had an enormous impact on blockchain security.
Who to follow
Odysseus | phylax.systems
@odysseas_eth
founder @phylaxsystems The society that separates its scholars from its warriors will have its thinking done by cowards and its fighting by fools
Facu ๐ก
@saltyfacu
๐ง The salt only comes from working hard on real tech | ๐ก Co-founder MOM @mom_agency_ | ๐ผ @daedalus_angels
Moody ๐ญ
@sendmoodz
dev @EkuboProtocol
@GalloDaSballo Sad, but I'm glad I was part of it
@hosseeb Word.
However, as CTO of a protocol that I myself wrote and that had a less-than-graceful shutdown, it's not so easy.
Graceful shutdown is a feature that needs to be planned from the very beginning, and it's difficult to prioritise when you are just trying to make it.
The team at @veda_labs are talented, ambitious, and pragmatic. We are building the future of finance, and we will all win.
So excited to welcome @alcueca as Head of Onchain Security at @veda_labs - a legend in DeFi security and co-inventor of ERC-4626, the standard that made DeFi vaults composable and legible. Not a bad person to have designing the security model for the next generation of onchain markets ๐
During my time at @Optimism, I led the development of the SaferSafes tools, a Liveness Module and Timelock Guard designed to provide deep security on Gnosis Safes.
This article provides the reasoning for developing precisely those two tools.
https://t.co/RoiGO5ucYX
https://t.co/51J2Jd9k2A
https://t.co/51J2Jd9k2A
This sounds like a worthy program to come out of a chain foundation, which would help setting security standards.
@ethereum, what's your take on this?
Solana was built for security. As the ecosystem scales, so does our investment in the tools, standards, and support.
Today that commitment deepens with a new security program, active monitoring, formal verification for top protocols, and a new crisis response network.
Learn more ๐
The level of sophistication on the Drift Protocol hack is truly next level. It's reasonable to think that many others are being targeted in the same way. For your own sake, if you run a successful crypto protocol, read on.
https://t.co/qYBMCup9i6
@metaproph3t Iโve been screaming this since before 2020 how are people still asking this question
A SMART CONTRACT AUDIT WONT SAVE YOU FROM THE BIGGEST, MOST PREVALENT RISKS IN THIS ECOSYSTEM.
THEY DONT EVEN TRY TO SAVE YOU!!!!!
I wrote an article on threat modelling after the Resolv hack, not very long ago. Yesterday, the biggest DEX in Solana gets again hacked through a multisig compromise.
It is possible to assess your risks and come up with targeted mitigations to avoid hacks like these.
Read this:
https://t.co/uIStqX2wjb
Drift Protocol on Solana just got drained. It's looking like a multisig member compromise -- and the story starts at least a 20 days before the attack. Here's the breakdown:
@jack__sanford Chainanalysis reported that "the attacker compromised Resolvโs cloud infrastructure to gain access to Resolvโs AWS Key Management Service (KMS) environment where the protocolโs privileged signing key was stored."
https://t.co/X30jnIkkCT
https://t.co/R5PRboLgsF
Those are all valid mitigations, but the question is how to prioritise those eight against the rest of the risks that a company faces. Manpower is not infinite, and a pre-product-market-fit company has different security needs from a $10B TVL protocol.
The point of the article is that instead of shooting a list of generic mitigations to implement, just because there is a permissioned account, you can look at the protocol with more detail, and tell which ones are critical right now, for this protocol, at this time, and which ones are best implemented later when some milestones are achieved.
Otherwise, all of them get ignored, as with Resolv. Or you get a random set implemented, which might not protect you the way you need.
https://t.co/uIStqX2wjb
Once again, a protocol is hacked in a completely avoidable way.
Everyone knows to audit their code, and to run a bug bounty, but beyond there, confusion is the norm.
Threat modelling protects your protocol as a whole: infrastructure, code, processes, people.
https://t.co/R5PRboLgsF
@0xRajeev That is because they don't get a clear view of the centralization risks, and what are the actions that they should take.
It's not enough to tell them that they have centralization risks, not everyone can build a permissionless protocol.
@devtooligan It's great to be back :)
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.7M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers