Dan Guido, cofounder and CEO of Trail of Bits, and Taylor Monahan, founder and CEO of MyCrypto, discuss all the recent hacks in DeFi, how it can be made more safely and who is responsible.
We tackle:
Thank you to our sponsors!
Crypto.com): https://crypto.com)
Kraken: https://www.kraken.com)
Stellar: https://www.stellar.org)
Episode links:
Dan Guido: https://twitter.com/dguido)
Trail of Bits: https://www.trailofbits.com)
Taylor Monahan: https://twitter.com/tayvano_)
MyCrypto: https://mycrypto.com)
Initial tweet by Hegic calling the security issue a typo: https://twitter.com/HegicOptions/status/1253937104666742787?s=20)
Hegic tweet saying, “It’s not a security issue”: https://twitter.com/HegicOptions/status/1253954145113038849?s=20)
Trail of Bits saying it will no longer work with Hegic: https://twitter.com/dguido/status/1254260725431894020?s=20)
Taylor breaks down the audit summary: https://twitter.com/MyCrypto/status/1254058121342803968?s=20)
Molly Wintermute’s Medium post on requesting a week audit vs. three-day review: https://medium.com/@molly.wintermute/post-mortem-hegic-unlock-function-bug-or-three-defi-development-mistakesthat-i-feel-sorry-about-5a23a7197bce)
Unconfirmed episode with Haseeb Qureshi on the Lendf.me) attack: https://unchainedpodcast.com/haseeb-qureshi-on-the-unbelievable-story-of-the-25-million-lendf-me-hack/)
Unchained interview showing Matt Luongo's approach to kill switches and upgradeability with tBTC: https://unchainedpodcast.com/tbtc-what-happens-when-the-most-liquid-crypto-asset-hits-defi/)
Discussion of the bZx attacks on Unchained: https://unchainedpodcast.com/the-bzx-attacks-unethical-or-illegal-2-experts-weigh-in/)
Issue with Curve contract: https://blog.curve.fi/vulnerability-disclosure/)
Compound bug bounty program: https://compound.finance/docs/security#bug-bounty)
Taylor on “upgradeability makes things more insecure”: https://twitter.com/tayvano_/status/1222564979657723904?s=20)
Synthetix oracle incident, allowing a bot to profit $1 billion: https://unchainedpodcast.com/how-synthetix-became-the-second-largest-defi-platform/)
Taylor’s tips on how to get more ROI on an audit: https://twitter.com/MyCrypto/status/1254061500244713474?s=20)
Tips to follow before getting an audit: https://blog.openzeppelin.com/follow-this-quality-checklist-before-an-audit-8cc6a0e44845/)
Resources for security in DeFi:
crytic/building-secure-contractsGuidelines and training material to write secure smart contracts - crytic/)building-secure-contractsgithub.com)
https://consensys.github.io/smart-contract-best-practices/)
https://forum.openzeppelin.com)
https://diligence.consensys.net/blog/2020/03/new-offering-1-day-security-reviews/)
Learn more about your ad choices. Visit megaphone.fm/adchoices)