Hashing It Out
Hashing It Out

Episode 20 · 3 years ago

Hashing It Out #20: Quantstamp - Kacper Bak

ABOUT THIS EPISODE

In this episode, we interview Kacper Bak, Research Engineer at Quanstamp. Quantstamp has created a system for auditing smart contracts automatically, testing for known exploits. They verify the more common attack vectors, and provide a report to the user about the potential threat. We go into how their product is built, the future of their product, and how it can benefit and drive future innovation.

Links: – smart contract security alliancesecureth communityquantstamp website

Owinjurynwelcome to hashing it out aPOTGASP or retock to the ATTECH innevators behind blocked inintrastructure and decentralized networks. We dive into the weeds togetat why and how people filled this technology, the problems they facealong the way I'me, Listeng and learn from the best in the business. You canjoin their recks, O Hello episode, Twenty Hashing it outtoday has always my cohost Colin is with me say: Hello, Colin, hello, goingand o guess today is Casper from Quantstan Catherine. Won't you give usa brief introduction as to who you are Hav. You got int space. What concent isand what you're selling I this is gasper. I'm a SNEAR researchengineer work at Quanstam. Here I work on the PROOCOL orperforming to sentralized othes for smart contracts. I also help with Umdoing in depth oters of smart contracts, which meansthat besides Mene tools, we also manually revew. The colde h before that I was working at Mothworkis the company that makes Malav en singaling. I did my phd so in Software Engineering. I I have a lot ofbackground, a lot of experties in m softwarerivication for modeling Um and I've been interested in Cripto l Kefor many years, but I never really got into it professionally. Um. A year agoI pulled t a trigger ecause. My former colleagues from th Universityof Lao started working on constant, and I wantto be part of this team. It's interesting. I have friends that workin the Um Quan computing section of a University of Waterlo Small World Yeah and GT friends, all ovte Crio. We probably know a few people. I also used to work I thought aboutworking for for Mathematica, so I I' ther, like my first language, I thinkwas- was Mathematica. You want to call that lash right and then I moved intoother type of stuff, an my my my previous uh distertation type work butUH. Let's, let's start with like what is decentralized smart contractauditing. So so the Proe we are building wants to dicentralize ateting in thesense that we like to have an etwork of computers which run our note software and thenEno, the theyan Um analyzers that do certain checks on smartcontracts. Right now, we are focusing on preefined properties. Ao Can, forexample, check for reentrancy or for transaction ordering dependency, and soon. So the the idea is that m. If you have essentialize network? Basically,you mate a single point of failure of ofdoing an audit. Now, when we are talking about these additsor assessments, they're, not exactly the same as doing a manual cold review,because if you check for a prettyfine set of properties, then obviously youcan end up with false positives right. So something may be an issue, but itdoesn't mean that it is an issue in the context that your smart contract runsand the reason is that often Um. Besides having just your contract, youhave other contracts that that you're interiting with and well by doingpurely Um, automated othits for pretty fineproperties. You don't have all the YEU, don't have all the contects and that'swhy Yo like the state of the Ar Right now is that automated odits are good incense, thatthey give you a quicker raview of the code, but theyare not perfect. ARAGO isto improveon that to eliminate folse positives and also to have a networkthat can run others that can take long time to compute cause Andernee,...

EON, sibers and NBASICALLY dlisoling ragical Mmutamotical problems and Tas a decary all right man. That's that's a likethat. A Lin. I think when I the phone, I'm trying to recapture that if syou're using this, this platform is a tool set to give you a ighlevel view ofthings that everyone, typically Canli e, that things that are easy to do withina smart count, contranting world and showing you, then no, Oh, here's aproblem here, look into it further as well as I then you can. Of course,there is no automated tooling. That does everything in terms of security.We don't have a push too secure button across the Security Community R in anyaspect, whether itd be decentralization world or or succentralized world, andwhat you're doing is providing tooling for people to go in and look spend moretime. Looking at things that are going to be issues versus wondering whetheror not they have simple things that happen to everybody, that of maybeesent way to put it yeah Tis correct- and I also I like one thing: You just mentioned: Sounlike push button, prrification tools, so actually what we are building rightnow is pushbutton in the sense that we have these predefine poverties that wecheck for now. You know there is. There is adifference between Gerrification and validation so like we can do the checksfor the properties. Now there is the results, the question where the smartcontract Taes exactly what the developer intended it to do, which isthe validation step, and unfortunately this part cannot be automated unlessyou have a formel specification of of your requirements, Andso. So, to bevery precise here we are doing verification for the pretty fineproperties that you can tell you that all there are potential issues withthis smart contract. Does that mean you're looking at thebike coat or you looking at the like the asolidity version of the bike, O yeah, so the tools undernead the workwith the bite cod, however, source code is also usefulbecause if you work with Tha Bicle, you want to report back your findings totha developer and the developer doesn't work with the BIPUTERI. They they workwith source goe. So Yo want to point to a Specife, cline or lines ofcold where the issue maybe eeright they do, they do work with theBIE. They do analyze the bide code. Does it matter sa you so because you'reworking with the bike code, you don't really care wbut version of compilerthey're using so particular exploit exists in you know a particular person, O sal see Um. Youknow it compiles this incorrect, this vulnerability into the into the bitecode. Um. Will you be able to make recomendations based off fof? That anddo you be able to attack something like that? Well, so Um, it's so compelere does have dusk Av, animpact in Asovin right because you still need to be compatible withcertain Bersions, like so like any breaking change that a bitcle level isdefinitely not desirable when you do an analysis. Okay and so can you can you repeat your aquestion now yeah certain certain M vonorabilitiesexist in compilers as a result of the SOLCECA piler having compiling to bitecode, which is got Yo. The way it compiles m enables of honorability, andso th future version would fix tat unerability. So you might want to beable to do KINDOF like testing to make sure your old contracts are stillworking in the new the new you know so that take arts susceptible to thevonorability. That was in the context of the Um, the compiler which they wereposted onto the baching with some excess. I see what you are saying: Yes,so basically now you're concerned with issues in the compileris themselves, so we we are not doing with verificationof compilers. We are just doing with with the bitecoat itself, so if thereis an issue with the compiler H, it may slip through. You know, but it's no different thanwondering about issues with Vm. There, maybe issues you know and theimplementation versus the assumptions that were specified in the the whitepaper or whatnot. But this as my Relis, do you give recommendations on whatcaused the issue Sayfors Lafer Instance? There's a Y, you find a problem with inthe Biko when you're doing your analysis or using you're using tool setto do analysis, and if you were able to see what created that bite code wouldbe the source code, an he compiler used...

...to then canpile it down into by code.Can you give recommendations based on things you see from your analysis, tohow actually got to Bi ot m so right now we are not doing that Il.I would love to see that now, when you talk aboutrecommendations, do you mea some like quick fixes in, for example, eclips?You know where you have your source code and then you know the Twein candetact some airin the sor SCO and then provide their recommendation. How to fix it. I thinkcolins question was moreon lines like say I find a problem with the bi codeand I see that you're use this source code file in this version of Sol S,Otin epile down to bike ot, you say: Oh, this version has this particular issue.I should have switched to something else or move up to update this, and youwon't have that type of ition when you ware, based on what that compirlor usedto do you ave, IOU Hof, that kind of resolution, or is it something that youcan even see from what you do? I see so cross yeah and, to be honest, I neverconsidered this Ada M. However, I know that there are someissues that are detected by the tooling and these issues ere relevant in theold versions and in the current versions. They are not relevant H, butas of now H, we simply don't report some of theissues that are no longer relevant, but I do like this recommendation that thatyou just mentione that you know n a inte ed a base on em yeah. So you needa Bain you ne Basialy say this is where Qua stamp is starting. You know eventhe non roabilities prior to this version of Solse we're starting on thisbaseline and then regomendations can't happen until after that baseline, sotat's totally fine is if it's a feature of the roadmap. That makes perfectsense to me. It's just something that I know as adeveloper like if a new, if a bonebillios spotted in in Sulsi version,Wferson weon now point two four is Hal Right: Whatever Huh yeah, it's twenpoint twenty four! So like let's say: Qut Til five comes out and itintroduces the vulnerability. Your baseside's at twenty four, theVoterbilli Spottd in twenty five, its Passon twenty six, somebody Campis ontwenty five and then releases and then or even just twenty four- has a vonerbilly that we haven't spotted yet, and I would like to know that hey this com,this code, that I ave already deployed to the network is potentiallyvulnerable as a result of the compilor that I chose to use, M and and t to meis extremely useful information to get an alert on and m you know and to havesomebody's monitoring. That would be like a great service for it. For mepersonally, you know, but I I understand the needfor a baseline on that Um, so yeah no, I was just kindof curious. If that'sthat's where you guys were headed 'cause. This is the thing about thesesmart contracts, s that they exist forever, once they're in the Blocksha,people start interacting with them forever and if you use an unknownvulnerability in any particular piece of software which generates the bitecode for these smart contracts and you deploy it and people start using itthat vulnerability exists forever. So you need to find a way to migrate orget Ers or get your. You know your contracts H, Um PACs, somehow, which I'm not reallysure how you do right now I mean certain certain paradims elp me canenable that enough, Wol fully enavl, it Um. So it's it's! It's just aninteresting problem that I'm constantly struggling with is that when you have aregular software development life cycle, if you, if you've posted like windows, doestis all thetime when it does it all the time, Ove Mak, does it they? If there's avulnerability in your software, you can poste a patch et with these sportcontracts. There's Nogh real cipil way of doing that and um a lot of thesetools are common. So if, if a problem, IIST onle tool set itself, there is nosolid way to to even recognize that issue and some clever little hacker outthere to go out. There write a script which detects that issue and thenexploit your contracts, so um the kind of tools I'm really looking formaintenance level tools, theyre KINDOF, like upkeep tools, they're Kindo, likeM alearning tools and the verification tools once so that they, when I, when I get an onboarded. I knowthat is working at this baseline on this compiler and it goes to thenetwork and ' in this state and then from thenforward. I want to know ifthat particular state I've uploaded has any sort of issue that that that Ishould be aware of as as a dsetilize application, developer M, and then thisis. This is the kind of stuff that...

...a lot of people are kind of Strungliwith, and I feel like this is the kind of errors that we're seeing are youknow known bugs that people don't know that we're in their code, and you knowbusiness level. People can't necessarily one hundred percent evendepend on one particular developer n oir organization to know all this stuff.So having that hub of information that Hu that sets a baseline for your work,that's been posted is, is super useful, so I was kind of seeing what yourRodknak was in that direction a thin yeah. So this is great h. let me giveyou a bit of contexts: U Like where we are at right now. So whatyou are talking about is Qui Calli monitoring service, so we just startedworking on that um a but this this piece of work was separated from ourPROCOL 'cause. When comes to our PROC development, the main usecase we arefocusing on right now is pre a predeployment analysis of the contract.So this is this one thing now: The montoringservice is another is another thing, so we even startd montoring some of the contracts for certain properties like,for example, that the supply is more or less stable or tthat somebody doesn't mean. You know like a huge number of of Tokens uh, butoverall yeah. I do like horsuggestion a lot and I think it is an importantusecase that we should look more into arage. You know, I think it will bridgethis montoring service with with the network or, if you prefer this. Thispretpoint analysis, though, on their life contract. A lot of wet Callin, just referred tois a lot of things that the Li, a security community of the centralizedtechnology or trying to figure out and build Um like a part of that endeavoris like. I know. QUASANP is also part of their im too the ET security orsecure af community Um and we're having a kind of workshop meeting get together in Berlinbefore f Berlin of trying to come together with you know, resources,tools, m practices and protocols of what is security in this space, becauseit's its kind of different in terms of what security is across liketraditional architecture and and how we approach these things andwhat we need to look for. The types of tooling that collen just referred toand what you use right now is, is all necessary as t e as the I guess, security expert in the spacemakes himself useful and I think that's just a time like a signof the times and that it's legitiate, like the space, has become legitimateenough. Where security people are like. Oh Shit, we need to figure out how tomake sure we maintain this wealth and people have good practices on both deploying things correctly, whichis what you're working on looking at the analysis of well, things aredeployed from these smart contract level and then all the tooling abovethat to make sure that that information coming from the blockchain to theactual d user is secure. And then you know monitoring services to make surethat, as we upgrade things in terms of smarl cracks or whatever, we do that ina good way, or we even know that we need to do it in the first place. Andso there's like a there's, a whole landscape of things that Colin justbasialy explained decently. On what he'd like to see as a developer and you'R E, what UANSTAP is is a part ofthat of like a very important part of that of making sure that you have ahigh level of confidence when you put something out there in the first place, Yeah Yeah. I think I agree with that. So we want to provide tools for developers,but you know tootes are important, but I darn that what is also important or best practices, Ri Naturo, guys who areFamithar with H, smart contract security allies, socicently t it was Mosl in Constam we publish on the website some practices and they are in not lowlevel practices that tell you. You know how to organize your functions and soon, but they mos. They mostly talk about the whole process of Um, developing a smart contract andfocusing on security from the beginning and Um. The reason why it is so is thatyou know, as weare doing my o others to learn more about the cold and toimprove Oour tooing. We often get get requests. You know like one or twodays before deployment to somebody comes to us with a big smart contractand like a guys, can you audit this...

...'cause Haing owt tomorrow, yeah, you know his is not the right way ofthinking about security, h, so H. I think that you know this this this whole. This whole collection of Tostprocessies best practices. This is what we need to to have secure smartcontrast, but then, like you mentioned, we also need some services to monitoropose deployment, health of the smart contract and maybe even insurance. Youknow 'cause, even if the contract was checked. Maybe thereare still some some bugs nd. You know you can deal with it through theinsurance, where you bet that the contract is safe or you bet it isunsafe, to some degree an youare willing to stake your own funds on this.Oh Wow, that's a really interesting concept B. You just perk my ears upwith that, because I mean this applies. This is like one one of the things Ikind of straight out of radical markets that book that we keep kindoflietalking about every once. In a while posheris this greatbook called radicalmarkets, he talks about different ways of handling a more decentralized, lesscentral planning sort of way of dealing with things Insuranceis, one of the oneof the more centralized central planning kind of things, Thaut thatmonolythically you kno. It would be pretty awesome if people could pay forinsurance to guarantee that basically, have auditors literally bet on thesecurity of their contract, exact. They would pay those auditors h from anescrow a regular amount as long as it lives through the lifetime that theauditor bets that would be correck. I bet this contract will be fine for ever.For I I will put a Stak on it for twelve months, I'll put a steak on itfor six months. You knowholda a multiple auditors doing this, and that enables like proactiveauditing communities, which coan be a marketplace for par contract auditingbased around this insurance model, and they can take up. They cal take up Um. You know you know a certain budget of ofinsurance capital that is held an escro until it's Ittil, it's used up and thenKe that to me is just extetnly interesting and it really ties in alittle bit more with the Getcoin bounty system we just had on last this week.It was released Um in that M. it's sort of a mechanism for assuring qualitythrough m through markets and for having features there, there'sjust to have features developut. This is a boundy for Quality Assurance,which is just superinteresting like I love that you brought that up. That'sfantastic idea: Um Hell I'd start getting into auditing it Thatte caseyeah and O that, but if they could stak their own skin in the games that theyactually lose their own bed, if there is a bog like that thatincentivises the the insurance backwrp, so you have bilateral skin in the game.On this, that's fantastic like it insentivizes both sides of the equation,yeah that'd, be super cool yeah and I think that's neat. So I guess my question next is like howdo you differentia qual Sta from things like Mithral? So metra is a tool. Metro is not anetwork. Metro is at old that tlly. As of now,you ran locally the difference between Metro and an ournetwork. Is that Conso like to be open to multhipoletools Etecoy? Basically, we take the tools and the RAK and theyarerun andseparate docarit containers and then the notes of recollects, the utcos fromthetol O ow. The thing is that I don't know towhat degree Ou is a metral or Oriente, but declete these tools, if you analyzeit a Seco contract, they finish within seconds. However, if you have a complexcontract, may take minutes, or maybe ten of minutes or maybe longer, ofcourse, depending on the harbor you're running the toon. So by having thenetwork we'd like to provide computational resources to do these analysis efficiently for ACCOMPLA smart contracts, 'cause H,our hypotheses is that complexiy smart contracts will be growing with time. LE in a similar way, as we've seen that with you know any other software ou.The more time passes the more complex the suftur becomes thbut in servceofDEEUC ICVALITI network, or is each note independently doing its own sort ofwork, and can people just join this...

...network right? So I can tell you how itis as of now 'cause right now we are finishing our second iteration of thenetwork. We started at beginning of the year, so in the current iteration wewill have wide listed notes that are assemed to to be non malicious. Now inthe next ituration that was star around September would like to precisely lookinto the issue. You just brought up 'cause in that essentialized network.Of course you cannot trust te nose, thoes t a whole point of centralization and there r multiple approaches to making sure that that the report is iscorrect and it was notit was not change on purpose or manipulated onpurpose. So we will be looking into MARTLapproaches. N, you know a lot of them. They have certain. There are certainTrad ofs to to all of these approaches. Some of the approaches I like S, er SOMSilar to troobut, not sure if you 're familiar with it yea we gi you them andI was actually going to suggest say: If you're got to do it, he setralized haveyou looked into trubit. So that's great ye h. The true Ti is pretty cool as as a proocal, becauseyou need only one note to to provide a good result. Ecause then you allowevery other note to challenge this result and then prove on Chan who is right and who iswrong. So H, Ou know at least theortically it's. I think it's verycool. Of course, Trubet is Niqait, moreresearch to figure out the incentive structure and also gerificationof. Theresults on chain is not exa efficient and the Reston assumptions about youknow being termnistic and so on. I think it is a step in the rightdirection. We defi definitely want to more into it, but therare also atter approaches. So,as of today, we are not yo k. We haven't picked any single approach. Wewill see we'll rech research them and we'll see which one we pick, but theidea is to have you know these dist distributed to centralized computationsand then making sure that the developer or our user will get woll get thecorrect report. So so I got something going on Ye all ambishos on me, so a part ofscaling Um as if right now, I'm assuming that you'R your network is relegated to a single smart contractexarso right now we have a bunch of notes and we have our ownsmart contract on th through a network, and at I mean I mean like when you're,when you're doing an analysis, you're you're analyzing a single smartcontract, a single set of BICO. Oh yes, yes, that'sw. Yes, art ofcomplexity in this space, especially if we're looking into the far future sgoing to be a series of smart contracts that interact with each other. Do youhave any type of Rod Map it can start to handle that type of thing 'cause? Iknow the tooling automated tooling, for this type of stuff is obviously it works better. If it's selfcontained within a single set of Bi cod, you can you can look at that type ofthing better, but as as we scale out, especially in termsof like mojularity practices and keeping things sinct and simple, thecomplexity or the vulnerabilities may exist in the connections between smartcontracts that talk to each other. You have a plan on trying to like deal withthat attack tax, surface een, asking even more so sink than thatwould it have caught the paroty bug from the parody multisignature, whatever theyre smart contract, likethat's t t's, that's an example of what core's talking about so existing to I can find. Can detectocantabug of party like thesame one of having Wi party. Now when comes to Nlos malliple smart contracts,we can let's be study more precise here 'cause. We definitely want to deal withthis problem, but is everything we do? We want to do in iterations, so firstyou can imagine somelike having a travel project with which has mach ofsmart contracts. You have all the code available H, so I do hope we can. Wecan address this one in the you know in the next ituration and another thing that can that is alsorelated to Anagimanto smart contract contract. Is that let's say you haveyour travel project, but you may be interacting with some other contractsthat are already deployed on the chain...

...and Wnot, so protowards. What whatyou're saying? Sorry, you bro a couple mine. Did yousay you Y it does that now or you're working towards it? No we're we, we will be working towards it, anthe interation that was stared in September, yeah 'cause a lot of theselot of these contracts that were hit by the paridy multisignature, but weredependent on a library that was deployed as a Singleton, Ligrasare, technically singleton on theon t e on the network already Um. So you know there's a couple of couple ofthings here. You need to check that contractif that hasn't already beenchecked, and if it's alreay been checkes, you need to alert them. Heythis contract that we know is bad, is being used in your code. Um N, thatthat kind of stuff is like also extremely useful, as, as things becomemore complex, so I'm glad you'e work in that direction. He saysthat's one ofthe things we need yeah yeah and you know thereis thisCole business of dealing with DEPENDENCI and some days. Perhaps you want toavoid recomputing. You know the same analysis and you know and optimizingyou know: L Ke Therei. There is still a lot ofwork to do there, but it's definitely some that W we do want to address. Obviously two things then kind of help that success is. I meanfirst off people need to understand that these tools are available, Sei,Seno education that one that they need to use them and then that they'reavailable to use. And then you have like the useability aspect of like howdifficult is it to incorporate these types of things into my workflow sothat I can get stuff done and I'm t spending all of my time trying to getthings done while never doing anything. You haw like how easy I to use this andthen what type of things are you doing in terms of like to educate people thatthey need to use things like this? I agree with you. I think thatusability is one of the major concerns like okay. First of all, I'm not surewhether there is enough education and whether developers are familiar withthese scools second thing. Basically, if you want to use thesetools, what Wout d o You do you go to get help en you need to clonb theposter you have to compile it, you have to build it. Of course things don't work out dos thereality NSUVIRORIES whatever, but let's say you build it tool. Let'ssay you can even run it and then you want to analyze your travels. We sweetwell turns out that you cannot analyze one country that has some dependancy.Maybe you need to run flattener that flattens the source coat into one file,and then you can you can analyze it? Okay, that's great! So then you finallydo the analysis. But's say it finishes on time, a s unreasonable, and then youget the report. You look at the report and h. You Olso need to know how to interpretthe results. You need to know that a lot of a lot of the the potential bogs or vulnerabilitiesthat are reported, theyre, really F, false, positives, H and that that's ereality right now, because these toos they don't make assumptions about H,your environment or the other contracts that you're interacting with they. Theyalways assume the worst. For example. Often you see so likereentancy or asseartion failure with reg W th the relation to the safe mathlibrary, which is pretty standard. So we need to know how to interpret theresults and also relate them to the code. Also, what you get from thesetools right now is not exactly related to your source Gol that may be shiftedby eighteen or twelve lines, whatever UH. So usability is definitely aconcern 'cause a lot of these tools. They were created by experts and, ofcourse, authors of these stools. They know all the queriks and althenationalissues, so they know how to how to use them. But if you're, let's say you're a newcomer to smartcontracts solidity, I believe that the experience is pretty frustrating h. So we h is the county. What we do right now o.So we do talk about the tools, but we also created this damnal version wherewe have well interface to that was running one of the tols spacicicallyOIENTE and you would get results on the on the web page and the report wouldtell you what the issue is, would provide a description and sevurity. So that was you know our first attempt toslightly improve usitibility of these of thes tores 'cause. The only thingyou had to do was to actually submict...

...the CON drug and and for for the result, I believe I'm not o hundred percent sure, but Ithink that e Smart Security Alliance Standards Either Day already mentionedDu, like some of the tools, maybe not explocitly by NAM, but I think theymationed that it is a good practice to to run the stools or, if not, then weshould incorporate a paragraph like that. Yeah definitely definitely be workingon that suff in thecoming workshop to see like what is currently like T, Iguess the Golden Standard across the entire community who hod to do thistype of stuff and then how to put it n a Spoto Mok, an access it and learnfrom it so that they can. You can start with best practices, as opposed to likelearning shity practices having fun and then have to unlearn all the bad thingsyou learn to get to a point where you can actually Topul a smart contract onmad network and not worry about its funds. Getting stolen is a better route.In order to do that, you need to educate people the best way to do itfrom the stark, as opposed to like. Let's make a token all right, don'tever use that token. Let's make a better token now right, yeahbut, you know what so let me addlobit to to what ot just said. So I wull say that running these tols andunderstandiging. The results require certain expertise: Um, maybe some rigar familiarity press withsoffre engineering and maybe verrification Um like someting. Thatgoes EAH. We H dypically, do when you develop software, because when youdiveup soffer, maybe you have the peck. You write the code and you have tests, I'm just regularlessv web to point overMHM H and there are a lot of people. Ithink that who came from that background to to smart contracts. There are also a lot of new people whomaybe they don't have even SFT engineering background. Maybe theydon't know that much about programming and all these you K developers, theyattempt to create tokens and believe it or not. We do getrequest where we get a cold of the smart contract and even that COK hasnothing to do with even the reasonable practices in regular selfo engineering.So you know like when I see a cold like that. I don't even think that thisperson would ever imagine the tools like Orente or Metro Eis, an te you can dosome analysis. So it's definitely. You know this part I think, can be addressed byeducation. But if some just comes to this new domain, I don't think thatthey are even aware of thes tools and I don't think that they could effectivelyuse them. That's kind of a part of I don't know:permissionless dcentralization the there would be people who try to dothings that they never should, but projects that are serious, we'll hire the people and requisiteauditing to that. That's like commensurate with theamount of value they're trying to put into these things, and let me I io fect that projects like that. We we you know cod.That has nothing to do with even the reasonable practicees. Oh ma'am, that'sthat's! That's! The scary part is like it's. It's still, I guess, maybe a signof times it's the wild, less and people are excited about doing something andthey think if they deployed a contract on on the mainnet that it's securedbecause they'd to play a contract on this ultrasecure platform, and that'sby no means the case, like so who's. The demographic of thesetools. Is it the auditors that are trying to make sure people are doing things appropriately?Is that the is that the you know smart contract as working for these ICOS anddesecentralized companies that are in charge of deploying these things? Is it? Who Do we go after to educate di? Wetry and educate the masses so that people are like hey. I want to try somestuff on a theorum. I want to learn how to build t a token they get the toolsto build at least like decent level practiced contracts, I'm trying to figure out 'cause. Wecan't reach everybody, but we don't want to be so seclusive that we onlyreach the select few and then we charge a shit lot of money. T T to render ourservices like who do we go after and how do we do it so INOTEC Youre reallyquick like one of the things I'm envisioning, and I know that I'm sorryto cyone one of the things envisioning when I hear this stuff is that even in web two point o practices.There are security experts. There are people who who specifically deal withlike database security, who should specifically deal with network securityand in Web Three Point: Oh we're just adding people who are specifically dealwith smart contract and desentialization desucize networksecurity...

...and to me it seems like this is like amarriage maide in heaven for something like a bounty network where Youre we anliterally I'm done with my smare contracts, I throw it over the wallover to your network. I don't care how long it takes. I let it run overnight,but I put out I automatically allocate bouty assets to this and I could wakeup in the morning with all of my problems with proposed solutions and which, which I could te integrateback into my my software tools like I feel like. I feel like the target audience for security isalways everyone in that everyone needs to be aware of it, but there will onlybe so many experts and Um. You know interpreting all of the security rules.All the time is just UNs, reasonable expectation and inefficient use ofinternal company resources when developing something, especiallysomething that's handling highly secure financial transactions and people.Current financial systems have experts in financial transaction security codesstandards. You know legal aspects of it. PCI. Compliance like these are allthings that there are people who specifically get certified for that andWEA millions of not potentially billions of dollars flowing throughthese smart contracts. I think it's it's gon to have to go the way wherethere are experts in the field now you're cool is awesome in my mind, because I am notan expert in the field and IAM andesentralized, I'm a productdeveloper. I develop products, and you know I can. I can understand, likeninety percent, of the the M, the security votabilities that exist, butthat lasts ten percent's, the one that always gets you right so itwuld begreat for me to just code up the ninety ninety percent and throw it over thewall and get the ten percent back mm yeah. So I toal y agree with you. Ofcourse, we are not here to solve all of the problems of the world. Our missionis to NB WERFA of standard. What developers can get yeah? Let's not be naive, anthing thatwe will solve all the problems B'cause, it's not going to happen, and now uh UH geting back to bug bounties. It issomething that we are looking into as there are other projects that arelooking into that as well, but, right now it is this on the parking lot for us 'cause.You know our resources are limited. Now going back to coris question aboutthe target audience so right now, right now, I think thetarget audience of all of these toos are or auditories or companies that doassessment like security assessments. So I think this is how it is right now, when the USABILITY get improved. Um Disability is o veus and perhaps there es better education. I dohope that some of these stools, specically fush button verrificationtools, will find their way into the developers workfol. Now when, when I mean push button,prification toos, I mean the tools were just a medical and you get a report,you don't have to specify anything Um, I kind of sand. This is like, as likean extension to something like traflor embark. ORS is like you K. Ow, you makeyour contracts and n through the bills flashed eployment process its ches. Heright right. Exactly and again you g you get some results.It's not perfect, it's very better than what what we have right now Um. If youwant to go once the further, you can start antating your code with certaininvarients or porerties that you'd like to to check, and so on. Youknow it's all great. In theory, we've seen the e regulars of engineering. Youknow being discussing of literature for decades H, but in practice, devulpersdid no specify these invariencint properities. First of all, it isdifficult, so you need to have certain expertiseto, because often these specifications are mathematical in their nature. Also,they don't play very well with cold evolution Um. So whenever you haveolvethe call, you also have to change the properties. Well, nice thing and maybe whoe forsmart contract is that fortunately they are not meant to evolve. Veryoften like the current workflow is that you write a smart contract you deployand it should be running h. So you know I would love developers to write thesethese properties to check an environce, but I'm sceptical about widespread adoption,AF dhese techniques. I think that for these techniques still the other tinbusinesses and an expert will be de at...

...the target audience so does't make sense, ao perfect sense,absolutely D, it it really primes a lot with a lot of the things you've beendiscussing on this program in the past. One of the things we discussed in theprogram in the past is a language called pact um which, by removing Um de's Cadina right. Yes, Byremovingi an UH, uh, recursion and infinite loops, uriable Bake, formal verification intothe language itself. Um, do you see quat stamp, supporting otherlanguages or even inmenting their own kind of like language policy, for someof the stuff that you check, or do you still see it as being mostly just forEtheoryn Bik, ite co? You know by code. How do you see the future of this goingas more languages are developing, which chillenge soliditys dominants, H,yeah, so h, hape, you mentioned mention Packin C. I was really impressed. Ispoke with them. A few times was really impressed with with their work, and Ireally like their approach that in that specic project they take securityseriously, so they started to thinkng about it from from the beginning, firstby restracting the language and then providing some support for verificationUm. I think this is definitely the rightway to go another nice things that they require you to publish the code, the source cod, not the bitecoad on onthe block chain than anybody can can see what what your software is doing.Uh Getting back to your question, we definitely want to support multle blockchains as of now we're working with Itrum 'cause. This is where most of thebusinesses thiwere O porsed contra our tools to some degree, abstract away right nowand will abstract the way, the different block chains and executionenvironments and Analysis Uh. So definitely when I don't know inthe future, but I I cannot be more specific right now. 'cause A as youknow, there are so many different blockchain and distributical legerprojects, it's hard to say, which oneis worth putting ffort into 'cause. It'shard, O say which one would be successful and or a business. You know, you're, not acharity, so unfortunately not yeah yeah. So one ofthe things I keep bringing up is the need for more packaged manager likesystem and and the way that we deal with with these codes of this code. So you know I shouldn't have to wonderwhere the what packages are being used to even build the the code itself, Umand it seems to be like really redundant to post the same, virtuallythe same bike code. Every time onto the block chain, when you know it's reallythe same code, it's just e. This is my ICO. I using this exact copy of thissmart contract and a lot of people are just posting tha mart contract over andover and over again an it it's it's it's shame to me, because the blockchain is permanent, Torage and grows forever so yeah. That's nothing thatalso kindof interested me about Um pact. Is that it's getting closer tothat kind of vision that I have of like a reference to a package manager ratherthan m the full bite code itself, Um. One other thing that I think isinteresting. That could actually benefit from a network like yours. Atsome point. Um is the idea of letting the network compile your good for youMHMM. In other words, you set the standard of compilers being used. Youset the standard on what N, what is an acceptable thing to be posted and thenthat compilation all you do is put us to source codes like maybe you ight bereference to the source code, and then the network picks that up. Does thecompilation for you, along with the security assessment, bundles his thingstogether and post out on the chain? I mean not even Puson Chane it justgives it gives it to use that you could post that on the chain. Right now Imean eventually, I would like o rather to see that that its Poston chainnetwork does the compiling 'cause. I don't see any point in like having myown internal compiler other than for testing purposes. When really I I justwant a reference ton, my code and a reference to the bicout, if bi gouds,NU ser for the VM, so everybody has the same thing, but that could all bestored as a reference in one idfs file and so like the artifact for a contractcould essentially be part of the SA the same one and the same as the actualcontract code as the actual bike code.

These are just things I'menvisioningthat would improve your system if we could kind of move the talk in thedirection of how like the EBM is handled or e Aston goes on in e, thefuture Um in how ethereum treats code differently, but yeah. Sorry me going eachoer. This is a good remark and I think it's good that you know we mention pactearlier 'cause from what I remember they posed theactual code and the cold is not compiled itis interpreted whenever youexecute the contract, so I think that it plays very well what you justmentioned: Ati, it's Jeez e, like the source cutse Zift Onder, the sort under the blockchain. I I would like to Um okay. So if the exiteration of yournetwork will be permissionless, I am assuming that involves some type oftoken ecause. You need to incentovize people to act with good behavioramongst the networks, so that an then you need to have checks ovarivicationsthat someone act acted poorly. How does that work? Is there a token? Why do youneed it so on so forth right? So we do have a token. Even now,in the permission network, the HE IDI Kno th, they will be rewardedwith tokens Um and the developers who submite thesmart contract to analyze. They submit the payment. Each note can set up theirown minimum payment that they're willing to accept. Also, there is acertain time out for analysis. 'cause. We don't want to get the net wor ddosUm, so even right now, H, developer is basically pay the the OTInotes for doing the hard word of doing the computations and producing thereport. So now that's the function of thetalking. If we go into openingup the network to making it permissionless,one of the ideas we are considering is having a staking mechanism for the oitnose. Perhaps very fire notes, if, if we have them so that nobody is really incentivized to domalitious things to the network but they're incentivie to do correct, computations and earn somerewards. The specifics of of that will be. Wewant to figure out in the in the next turation or two OL. So is there anything that we shouldhave asked at this point that you you're, really excited about with yourproject that we might have issed H, wellntonishinadit about is that we arelaunching this. We call it batonet netswork. We are lolaunching it re like w week. Ret Wheat, hushing and first want to open up the network forour university partners and then, of course, depending ow E aturallyoperates. We would lave to openup to to other actors. SOTATR will still bepermissioned, but we all try to incorporate as many notes as as we can. It's very cool awesome. How do peoplereach you in terms of like say they want to learn more, so they wouldn'tlike to participate in this. If they're, if they're, you know, have the rightskill set to do so like where do they? Where do they go? Certainly there is, we do have a website, and then I thinkthat most of the interaction with the community happens through telegram. Ibelieve H I'm guilty of not participating enough, but we have otherpeople like jared who are very active on on the telegram chat and that'sPhowtthe Frich capeople in in the network Grat, so whistners. If you enjoy thisclick, the link with the like button, not the lank, you already clicked thelink 'ause you're lizerding, now share it. Tell your friends to your family.Toyour dog, subscribe to us on spotify itunes.Whatever were you can find a loth in the big corn potcast that work firehose,which has all their shows in the big quinpacus that work as well as e ourown? So you can just on list ove OS. You can describe to that doing it allthe great constient, an the big coint pocas scribed that Um, I guess that'sit. You could find me a Corpetti on Tar, Cor Pett Y and calling unto ther an atColin Tuche at coll, incus c Thaksvery, nice et you.

In-Stream Audio Search

NEW

Search across all episodes within this podcast

Episodes (108)