Hashing It Out
Hashing It Out

Episode 28 · 4 years ago

Hashing It Out #28: Panvala - Niran Babalola

ABOUT THIS EPISODE

So you have a decentralize app you want to use... how do you know its smart contracts are safe? That's where Panvala comes in! Using their system you can certify the security and authenticity of your smart contracts and obtain a mark in proof of this certification. On this episode we talk with its co-founder, Niran Babalola, about their smart contract registry and certification system. We learn of its process, development, and larger implications. We learn what it takes to get from zero to one in a project that requires community participation to improve the certification process.

Links https://www.panvala.com/ https://twitter.com/niran

And at work. Welcome to hashing it out, a podcast where we talked to the tech innovators behind blocked in infrastructure and decentralized networks. We dive into the weeds to get at why and how people build this technology the problems they face along the way. Come listen and learn from the best in the business so you can join their ranks. Welcome back episode twenty eight of Hashing it out. As always, I'm Dr Corey Petty here with Colin Cuche say. What's up, Colin? What's up, Colin? And today's episode we are can tell your start of pause, like man's forever, and every single one of them, every one of them. Today's episode we're going to talk with Pan Vala. We have Neuron Baba Loola from consisus diligence talking about a new product, or a product that they're offering called Pant Valla, not even a product, more like a I would call it decentralized call and put it as a decentralized vericide, as we were talking about this before you joined us, so welcome to the show. You want to give us a quick introduction as to kind of how you got started in the space and then also with Pan Vala and what it is awesome. Thanks for adving me, guys. Decentralized very assigned as a great analogy for what we're building. So for me personally, like I got involved in the theory and ECO system back in early two thousand and fifteen or so, I came across a project called Auger and I'd heard about prediction markets before. I had heard that if you let people bet on the outcomes of future events, the results of those bets, basically the ratio of them, could give you a good forecast of those future events. But those systems tended to get shut down or restricted because they're seeing as online gambling effectively. So if you could build a decentralized system that couldn't get shut down, then you could probably have more forecasts for more kinds of events, higher trading volume, you could have more information that people who would have available to be able to make decisions about what they wanted to do in the world. So that sounded pretty appealing to me. I domin and that's when it really became clear what a theorium was useful for to me. When I first heard about it Theoryu and I was like, Oh this is just another scam coin. They took a bitcoin and they stuck a programming language into it and they're telling people that that's going to make their token worth more. It turns out that you definitely want to programming language and your money. Like, if your money doesn't have a programming language, you should probably get a programming language and put it in your money. It's extremely useful. became clear to me that you can basically for any interaction between individuals or among groups of people, you could basically write a set of rules like a board game, and for any interaction that those people wanted to participate in, want to hand it over those rules to those people. As long as that interaction was producing effects that they enjoyed, there was more value coming out of it for them than they were putting in, they'd be able to continue to participate in that interaction for as long as they wanted to, without ever needing to rely on anybody else. They could just do it themselves, and that was kind of a mindblown moment for me. I was like, Oh, there's probably tons of things, tons of interactions people would like to participate in. The add value for everyone who's cooperating, but it's hard to end force rules, it's hard to get everybody together on the same page, and if we can build these systems, people would probably cooperate on a lot more things that they can't currently do. So I quit my job. I tried to find every company that was doing anything in there in space. was very early at that point. There weren't that many companies. Eventually I came across consensus and they had this vision page on their site and it was like we see, the technology is creating a new political, social and economic operating system for society, and I was like, Oh, these these are my people, this is a place I should probably work as I've Bang on the door for long enough and eventually they let me in and it's been pretty cool. I started working on Nosis, continuing the prediction market angle. Then I worked on a couple of prototypes for decentralized nonprofits. The first produce have been launched before death come to inching high, and those pretty interesting, I think. The second prototype I never actually got some launch. Like. One of the main reasons I was building these prototypes without any tokens involved. It's because I thought it would have reduced the legal issues that I would run into. I'd just be able to put it out there and let people use them without having a eight years for it things to be clarified. But with my second prototype by face those legal issues anyway. So I was like, okay, first of all, I need to put this on the shelf and find something productive to do and second of all, the next time I look at this thing I'm going to put some tokens in there and figure out how to use Tokens to coordinate a decentralize nonprofit.

So I've been doing smart contract outing for about a year and a half or so and while doing that we came across this idea as a team that would be very useful if there was some sort of registry of which contracts had been naudited, which contracts are safe enough to use. That became like an idea that was clearly valuable, but it didn't seem like enough to make a token system work necessarily. People have different opinions on tcrs, Token Curative Registries. It didn't feel like that alone would be extremely successful. But going back on what I'd thought through for decentralized nonprofits, if you could build a system that made atherium safer and basically coordinate contributions around that. That to me seemed like something that, combined with setting a standard and a decentralized way for smart contract security, like something that a lot of people would want to participate in. So that's effectively what pinball is. It's a basically consumer reports for smart contract security. We want to make sure that when people are interacting with smart contracts that it's not just some random address that they're seeing. They don't know who wrote it, they don't know who added it it, they don't know if the add it was any good, that they don't even know if the code that they're using this place gets poked. So it's kind of a disaster and if we could set a standard for what safe enough to use and make those recommendations, I think we would clear a lot of that up by having a standard for people who aspire towards. Combined with that, our system issues grants denominate in the tokens of the system itself. So if you can fund things that people want to see in our ecosystem that make atherium safer in general and then find the funders for that same stuff to make our system sustainable, we want the tokens going into the system to be the same as the tokens going out of the system. That's not grants based on some sort of speculative value. We actually want to find the funders for the things that were issuing these grants for and make a sustainable system that can fund all the things we want to see. So I would say you've either said that before or you had been wanting to say all of that before, because that was a good that was a really good kind of like. This is how I started, this is how I got to where I am, all in one bucket and I have a lot of questions from there. Awesome calling. Do you have anything particular? Exit? I'm trying to figure out where I want to start with this. So my understanding of Pin Alla is that people can certify the validity any the you know the amount of I don't know the level of veracity that the particular smart contract has been vetted. Is that an accurate understanding of what Panbala does? That's pretty accurate. So it's basically people who wrote the code, like the authors, the team that built this system. They're basically going to apply for a pen vollo mark. They're saying that we think our contractors are cure enough to meet the this community standard. So we want to get a mark so the world knows that we met those standards. To apply. First, they're going to seek a recommendation before they ever touch the block chain. They're seeking a recommendation for some group that the that the token holders already trust. So we're initializing the system with a pain Valla Mark Council, but we're just appointing some people and saying that these this group is going to issue recommendations that the token holders can overrule if they want to. They don't have to abide by the recommendations of this group, but that's the first place you go when you're trying to get a pen vollo mark. You'll ply the council gets your application and then they decide on their own whether or not to recommend to the token holders that should to get them mark. Once you have that recommendation from the council or whatever group gains respect and the ecosystem. From there you go to the black chain itself and you stake your tokens. You say I I'm basically I'm taking a Pinballa mark. Somebody stopped me. Here's my recommendation and that's why I'm trying to take a mark. I put my tokens down. These tokens are going to be there for the life of the mark. So if it ever becomes clear that I shouldn't have gotten a mark, I'm going to lose my money. And if the token holders decide that they don't support that recommendation and they want the council to stop making recommendations, I'm also going to lose my money. So if I just say, well, this counsel, I trust this counsel and the token holders actually don't, when I stake my tokens, I'm taking a risk and they you might lose those tokens if the council is an actually trusted. Yeah, so that's that's how you get the work. I was wondering about that in terms of like if there was like a time period in which your funds are at stake, and since it's the life of the mark, that makes a lot more sense, because I was imagining a scenario where people, basically who were flying under the radar apply for a mark, no one really pays attention to them, they get one and then they gain a lot of ground and people find potential issues with their smart contracts, because it seems as though it's a it's a system based on dissent and that you need people to actively go against the reasons for...

...not giving a mark, versus people just saying, Hey, I want to mark, Hey I want to mark. And so if that's the case, then the mark is worth nothing and since the life of the token as you gain traction and ground, which may potentially be ill advised because you like, if you keep try to forget to say this, if people get a mark who don't deserve one. Right, yes, so the the the guard rails to prevent that from happening are the token holders themselves. Are The final say. They're the ones who control whether our markets issued. If if they let someone get a mark who doesn't deserve it, they've kind of failed to defend their system. It's reputation. If you issue marks to people who don't deserve it, that's probably going to reduce the number of people who want to apply for it, because less people are paying attention to it. So you've effectively reduced the demand for your token by issuing marks frivolously, frivolously. So they probably don't want to do that to requires active participation and your boost trapping that with a council. Is that correct? Yeah, so we view token curated registries a little bit differently than most people do. So it does require after participation in that you don't want marks to just be issued without any justification or based on a justification you don't agree with. But we think that with a council in place that it really becomes more of a question of do you trust this recommendation? And that's not a super high level of engagement that's required. You just when you see these pending applications and you see that these two are recommended by the council this one isn't, it becomes clear that if you don't want unrecommended applications to get a mark, you should just challenge it. You don't have to evaluate the details of the application itself. You know based on principle that you don't want unrecommended applications to get a mark, so you just challenge. You didn't have to spend your time doing research on smart contract security. You just used your limited knowledge as someone who's in the in that the room. Community knows what's going on, pays attention to know that hey, this, this isn't right. Like we want to make sure that our marks are getting recommended by somebody, not just being groubed by anybody who thinks they should get. If the Pinballa Mark, council steers away from what they should be doing, maybe they start issuing frivolous recommendations. Then then that's when you have to be an active participant and be like hey, guys, we need to coordinate a new process for issuing recommendations and stop these guys from making recommendations. Can you describe the the challenge process? Sure, so we're we're building the system based on quarterly voting. So the idea is that there's effectively one to two weeks every quarter where you need to be paying attention to what has been proposed over the last quarter. So once the this period arrives up, when challenges are open. So you can start challenging any application that you think is shouldn't make it if it wasn't recommended or if you don't like the group that's making recommendations. That's when you make your challenge. You stake the same number of tokens that the applicant did. If the the challenge initiate to vote of the token holders. One token, one vote, and then majority rules. So doesn't matter how many people turn out, whichever side is the majority, that's the side that's going to win. So if you support the recommendation, then the market is going to go through and the challenger loses their tokens. If you oppose the recommendation, the mark isn't going to go through, the applicant loses their tokens and the whoever recommended it knows that they need to either like just stop making recommendations, change their process, change the members of the council. They need to change something to regain the trust of the token holders. So you're using tokens as a value added voting mechanism so that people will want to be able to cash out and sell their tokens. But my question is how many people really will want to buy the tokens? So if you using the token economy to drive your certification system, there has to be enough people interested in certifying the applications that are on this system. To me, it seems like you would have a lot more people involved in the system than people who want to get into the system, which means that the fungibility of your tokens is reduced because a funge builds right where. But people might not want to purchase these tokens for that purpose. How do you incentivize people to want to buy pain Valla Tokens who are not so so in terms of the token holders that we see? We don't want people who are just trying to invest in Tokens to be holding our tokens. That's not what this tokens...

...really designed. We see the people who end up holding tokens as people who actually want to steer the direction of this ecosystem. So people who want to be active voters, who want to be choosing WHO's on the council, who want to be choosing which groups to support when they're making recommendations and which ones to not support. That's one group of participants that we see. Another group is people who intend to apply for penballa marks on their own. So if you already see yourself as a team that develop smart contracts, you think it's a good idea for a bar to be set for what safe enough to use, and you want to participate in that system as an applicant, then you're going to hold those tokens, so you have those tokens available when you're making your your application. And then we also see people who build Wallet Systems and block explorers that people are using to interact with arbitrary contracts. At the end of the day, they're the ones who are going to be displaying the mark in front of people where they're actually making their decisions about which smart contracts to use. So we want them to have an influence over whether or not a mark is going to be issued or whether it's not, because at the end of the day, they control we we don't think they'll wanted to play a mark that they don't have an influence over. We want them to have an influence over the mark. Those are the main groups that we see holding this token and using on a regular basis. There's one more group. So again, this is a system that issues grants and its own tokens. There's part of the token supply that's reserved for issuing grants at a decayin and rate over time, just like the bitcoin block re word and the people who are doing work in the ecosystem to make atherium safer, whether it's auditing common contracts that lots of people use building tools that make it easier for people make safe smart contracts, doing research that advances the state of the art, the best practices that we use to develop these systems. All those people, we want them to apply for grants and receive grants from the system and once they get those grants they're going to be token holders. They're going to have the ability to steer this, this ECO system. So how our Tokens distributed? Explain this grant process to me a little more. So that's a good question. So basically, Painvala is a fixed token supply system and doesn't inflate over time or anything. But what we do do is that a portion of the token supply, right now we're thinking about half, is reserved in a smart contract. We call the smart contract the token capacitor, and what it does is every quarter part of the token supply and that contract is released to people. Who is made available to to what's drop, any token hold or can propose a destination for those tokens, the same way that you propose a Panvalla mark, you steak or tokens, and if people don't like what you proposed, they can challenge it by staking the equal amount of tokens and then a vote occurs. So what we want to happen is that over time we're issuing less and must tokens because there's less and Muss Tokens available in this token capactor smart contract, and that's why I token capactors a little bit different from the way they cooin works. Instead of tokens just coming out of this system, tokens can also go back in. We want people who like the themes that we've been issuing grants to to basically fund those grants on the back end, to donate tokens to support the incentive to cooperate on our system. If we can find enough funders for the things that we're issuing grants for, then we can build up a flow of donations that's equal to the flow of grants that are coming out of the system and we can build a sustainable mechanism for funding the things that we all want to see in this community. So I imagine that the goal of the value of this token is going to be reflective of the man hours spent on trying to evaluate security of spark contracts. So to me it's really more about the so I have no particular opinions about the value of the token. But as far as what makes the token more useful, I think the more cooperation we can basically coordinate with our token system, basically the more work that's being done to earn token, to learn grants from the system, then the more utility that token will have. The more people who are actually trying to get those grants and applying for those, the more people who are donating their buying tokens on the open market to donate their tokens because they support what's being rewarded by the system. That's what makes it really useful. The more things that we can actually coordinate together in our community, as work that's happening for Penvali grants, the more useful the tokens. I understand that, but there's like there's a there's a time costs associated with with these types of things, especially if you're staking tokens. It needs to be you're staking with respect to a certain amount of value. That says that. That signals how much, I guess, worse you think something is, and and that's usually...

...associated with the amount of time or security you're willing to put behind whatever you're staking against. And if it hopefully the amount, because this is going to be a lot of attention. People have to pay attention to a lot of these things to then, so that they can either say something against them and put up a rebuttal or stake things themselves based on what they see in the ecosystem. And and I don't if the if the actual utility doesn't work properly, than people will gain the system or people won't look at it. It's going to be one of the two. If it does work, then it could be a really good like a kind of centralizing factor for a lot of security industry to figure out what's working and what doesn't and for those outside of that industry to look and see what they should be looking at or trusting. If it has this mark at the standardization of this system ends up working, people will have a better idea or better amount of trust associated with the things that they're interacting with. But it's going to be hard because I imagine trying to get people to spend a lot of time on systems that aren't directly beneficial to them is going to be very difficult, especially because the security industry and blockchain is is relatively small right now, although it's growing fast and so a lot of people are competing for these people's attention and time, and it seems almost as though, considering that you don't want people to really value the token outside of the ecosystem very much, instantiization model for doing the work necessary to validate doesn't seem very strong to me right now. Could you tell me why I'm wrong? So I do think that people will be incentiviized to participate because they see that the more people that are actually paying attention to this mark, the higher quality bar that we set for this mark, the the more applications are coming through. So I do think that the people who hold tokens will either seldom or they'll hold them because they believe that they can shape the direction of the SECO system and they'll pay attention to do that. I go ahead, I'll say I imagine like mean you could you kind of have this wonderful engine to bootstrap it if you can get everyone in consensus to participate, because there's a tremendous amount of projects within consensus that would submit applications for this type of thing and since it's a part of consisus diligence, you can try and maybe push that a little bit. But then you have this other side of the coin of like does that didn't become a bias, of is this a consensus driven mechanism? And then you have this massive percentage of people associated the consensus and not a lot of people outside of it. That's a very good question. Within the consensus, there's no way to force people to do anything. I know I y'all. I mean I work for status. It's a similar type organization in terms of how its structured, and I it's hard to understand even what's going on within your organization, much less get people to do things and a unified manner, just the way the way the way it's structured and organized, which is interesting and we're trying to figure that out ourselves. Like, but what do you see associated with consensus, how this is playing out? So I do think that it's like generally useful to be part of consensus, like that's why, that's why I work at consensus, but I do think that part of the success of the system depends on being a broad based system. If we only have participation from products within consensus, I don't think that's success. Luckily, I think there's a lot of people outside of consensus who see the value in setting a standard for what's safe enough to use. We have a demo of our of the process of issuing a Panbala mark that's happening in this week on Thursday. That'll probably be after that'll probably be before a lot of people actually hear this episode, but they'll be able to watch the video of what we did during that Demo. But basically we've based, we've appointed a Demo Panvalla Mark Council with people across the theorem ecosystem. So for this particular demo we have Mark Dalen from the bounties network, we have a mean Soulmani from spank chain, we have Alex Chapman from Auger, Chris Smith from a Ridio, we have Jonathan George from coin mercenary and Joe Ergo from district zero x. So we're trying to get people from across the ecosystem to who are interested in figuring out new ways to run TCRS. We're interested in figuring out whether or not we can set of our for smart contract security to participate in this process and see if it works. If we can't get people across the ecosystem to agree that this is a good way to do this, then yes, you're right, it won't take off, but I'm confident that both by the governance mechanism that we put in place and then sent...

...a mechanism of the tokens itself, that people are one to are going to want to be a part of the system. I think it's something that's been widely needed for a long time, and I think also being able to fund the things that we want to produce on a regular basis. It's just a huge problem. There's lots of there's lots of work within the ecosystem that everyone's like, who pays for this? Like, how do we get this thing to happen? And if we can organize under one better, I think we can figure out it's so I don't want to bring up this sounds a lot like the Doo, the original down a lot of ways, in that people are kind of directing where value should go or where it is. But in this case you're just certifying the validity of a particular thing, and that sounds great and all, but what's kind of concerning me, and again, my concerns are probably not valid. It's just me trying to understand is can somebody a mass enough tokens to be a trump card player in this and basically streamline certification? So if the mark itself has value, this is one particular application by same Microsoft. Microsoft wants to streamline the process. They go directly to some guy who says, Hey, I can directly get this mark approved because I have a mass enough tokens by buying them outside of the ecosystem in which everything's being certified, to use them to get your applications directly certified immediately. Is that even possible? And I misunderstanding how how this works. I know you say voting, so I don't really know what that voting mechanism looks like. Maybe that would help me understand if I understood kind of what voting looks like and what it qualification looks like and that kind of thing. So that's a very good question and it's concerned that we fought through a lot. So it is definitely possible to buy enough tokens, like if you buy fifty one percent of the tokens, you can do whatever you want, no one can challenge you. What makes this different than a lot of other systems is that, since it's subjective, since the place where people put their attention is totally under their control, it's very easy to fork the system. Like if you decide that somebody is attacking it effectively because they've found a way to get enough tokens to do whatever they want, all you have to do is exclude them and then carry on on your own, like it's the the with subjective systems, it's very easy to it's very easy to mitigate attack scenarios because you can just look somewhere else. I. Just don't look at what the attacker is doing and exclude them. When you create a new system, with without them. What do you mean by excluding them? So I mean yet say, say you see, let's just talking more concrete example. So you see somebody who's attempting this, okay, and they do that, that voting to certify a particular thing. They spend their tokens. So this is not one account for well, even if it were one account per per her token, per vote, and can still throw up infinitely many accounts that they need to kind of bypass the validity of the system. Each of those accounts would look equally the same as any other account. How would you identify that kind of behavior. Giving given the, you know, sort of anonymity behind particular accounts and the lack of KYC and, you know, the ability to have identity associated with these, how do you prevent people from essentially spreading their tokens across several hundred accounts and then using that clout to pay to get companies like Microsoft to pay it? It does doesn't seem very easily identifiable to me. They wouldn't have to have fifty one percent in one account, they would have to have fifty one percent in their personal possession, which is a totally different thing. That is very that's very true. So basically, the at the blockchain level, the blockchain is really just the court for whatever has happened in the social sphere. So let's look at what happens in the social sphere and that example, we have a process of built up. That is the way you get a pen vallamer and if somebody bypasses that, that's a clear signal to the entire community that something is wrong. Somebody did something different and now we have to figure out if the token holders actually support that different way. Let's say there's this expedited Panvalla Mark Path that somebody has created for their own application and we don't know that they did this. Well, we, well, we we know that they did this because they're saying that this is the recommendation for Microsoft smart contracts. When it goes to the actual smart contracts, you're right,...

...we can't identify who's voting for what. But at the social level everybody knows what happened. If they don't want that expedited path to exist, they just openly oppose it and they find the people who agree with them and they create a new system with only those people. That that's how you account for attacks in these token based systems. You fork, you leave, because effectively they're just the court for Social Systems. If something went wrong at the social level, if you don't support what happened at the social level, the what happens at the blockchain level doesn't matter. You just take your contracts and go home. So then their issue to mark Microsoft out their mark. How do we know that Microsoft had their mark basically revoked in a sense through social means? What and what does it mark look like? Actually, it's start with, everyday it's a register on a blockchain. It's that's would be obvious if you fork, is because people who are going to refer to the registry associated with the one that they're they have both confidence in. If you fork, then that just that just changes where you're pointing to to reference who has what or who has what marks on what contracts exactly that. So in in a fork situation, it's basically the people who build the user interfaces, the people who build the websites that are telling people what's going on with Panvala. They're the ones who have kind of the first choice of which fork to point to. Now, once you choose a fork to point to, that might lose some of your audience. If your audience is part of the other camp, then maybe they stopped looking at your site because you pointed to a different fork. It's a lot like what happens in bitcoin forks and things like that, and then coin base has to decide way which one is the real bitcoin. which ones are you going which one are we going to point to? Like a lot they have a lot of clout in that scenario and it's defining what Bitcoin is and our ecosystems. Whoever runs the sites that people are looking at, they really have a lot of clout and defining what Pan Vala is, so if fork happens, they choose which one they're going to point to and their audience either goes with them or starts looking somewhere else. As far as what the mark looks like, to begin with, it's a site that we control. That's a registry of the contract systems that have been issued to mark over time. We want wallets and block exports to integrate this into there, you are, as an aid for their users to make safer decisions when they're transacting on that there. So ideally, when you said a transaction, there's a Pinballa mark that appears as a badge in that Ui, just like that secure badge appears in your location bar in your browser. I see what you mean. I'm curious to see if the level of participation needs to be large for those who are just trying to provide a service like that. I want to know, like how much people can use and trust the token but not necessarily participate in it, because they're the ones that are most affected by forks like that. Because, like you said, like it thinks that happen in the social layer are understood if the social layer, but for those who were just like outsiders looking in trying to extract as much value out of the system without participating in it will be affected the most because they're not a part of that social layer. That's a good point and I think that will be interesting to launch play out over time. I think it's going to end up being a lot more stable than people think, like since there are ways to mitigate for various attacks that happen, then sentence actually carry out those attacks becomes a lot lower. But we always have to have those plans and place to be able to account for them if and when they do happen, because it's always a possibility, but I think good plan and makes it less likely in the first place. Yeah, he just working relatively well for a long period of time and becoming somewhat of a standard for people to kind of refer to in terms of overall safety and smart contracts. Mean eventually I can see that happening because if we talk about the social level again, it's all good willing, active people in the a very small, niche passionate group, but as it gains value you have a lot more onlookers and potentials and value in the system to try and extract value without following the rules, and so you won't really figure out some of these pain points until, I don't want to say to you, already have a modicum of success. And that's kind of like that set, that narrative I see across almost everything in this entire industry, not security, but blockchain in general or technology in general. Is that like if you have a leaky bucket but the whole in that bucket is closer to the top, you really don't know it's leaking until you fill it up. Yeah, and and that's kind of what we're doing here, is we're trying to see if with all this token economics and Token Curative Registries and whatever the Hell we're doing, we don't know if they break until we fill them up.

And we're still trying to fill a lot of these things up, but I can see like this being useful across the entire space for a while. I definitely hope so. Like I think at the end of the day, like token economics to consistence, are really just to back up what we do as people, what we do as communities, that I know that there's so many people out there who actually want to make it there m safer. So the fact that we're using a token to coordinate our activities is is, I think, a very effective way to organize people. I think it's the most powerful tool for organizing people that we've ever seen. But at the end of the day, it's people working together to accomplish the goals that they have. And when, when the bucket starts to leak, I think we're going to cooperate to patch the bucket. No one can plan ahead for every potential outcome and these contract the systems, we don't know what's going to happen. We don't know what works, we don't know what doesn't. We have theories, but my theory is that as a community where in we're capable of incredible things, and I think we're going to, once we get organized, to actually accomplish our goals. It doesn't matter what system is underneath, doesn't matter how many bugs that had on day one, because we're going to cooperate to fix it and move forward together. I hope so, although I will say I've seen counter examples to that, about a hundred of them maybe in this space as well, where people just fight, bicker go their own way, which kind of brings me to like another question. Do you care if somebody copies your contract, redeploys it and creates their their own Panvala with, you know, hookers in Black Jack? Is that? Is that something that you're even concerned about? Like, like, it seems to me that the value that is in your system is the value of the people that are participating in your system. Fragmenting that value is not good for anybody. But other people could maybe not see it that way. So we could add a parody driven Pan Vala. We could have a a, you know, the etherium foundation creates their own kind of Pan Vala and then consensus has got theirs and then suddenly, who knows, very assigned to see what you're doing and go, Yep, we're going to use that too, an integrated into our product, sweeten and and market it to enterprise customers. How do you feel about that potential and are you even concerned about that's a good question. So, on the one hand, for the code, I encourage people to copy the code and do whatever they want with it. For the brand, like I encourage people to not to copy the Panvala brand. Like, if you want to do something similar, come up with their own name. But when it comes to various systems competing for particularly what's safe enough to use when it comes to smart contracts. I think for people to decide to compete rather than to cooperate, I think those people just don't understand the world that we live in now. They don't understand what tokens are, what there for, what they do in this ecosystem. Far More values generated by cooperating than it is by computing. You can compete if you want, but I think you're going to end up being a lot more successful if you find all the people who want to cooperate with you and find a way to cooperate under the same banner. That's the principle that Pan Vala. It's built on the the idea that if we get enough cooperation happening, for our grants in particular, that that's a if getting all that to happen under one banner is what makes a system more and more useful. I think that's true for issuing the marks as well, and if people decide to do it separately, more power to them, but at the end of the day I've been trying to find every single person in this ecosystem who wants to have anything to do with any sort of system like this and finding a way to have them be a part of it, because the more people we get to work together to make this happen, the more useful the system is. If people want to go laugh and build something that compete with that, I wish them the best of black. Like that answer because it reinforces what you're saying but also give them the ultimate freedom to do it's basically made the argument of Hey, just plain nice. It's going to work. So I whole it's the whole concept of this state. I mean it's like every each of these tokens is supposed to be some type of coordinate, coordination tool for people who are interested in whatever the hell that tokens used for. This is finding out what, I guess signaling what Smart Contract Security is, and then you can use this as a tool to do that, and so it should be useful to anyone who's interested in smart contract security, and the same thing for all tokens. It's just I've some, like most of the tokens that are going to fail, don't have a clear message on what it's supposed to be useful for. So what you're coordinating around and the underlying idea of any blockchain system is the network, not the actual blockchain, and that's associated with the people who are involved with using whatever assets that blockchain tracks. That's interesting to me, the way, the way you phrase that, because something...

...most thinking early on, but I just decided it's probably not the timing to ask that question. I guess the time is now. Do you see pain Vala branching outside of just certifying APPs DPS, because it seems to me that this kind of mark, this kind of you know scheme of verifying information, could be categorized and it has applications that are way broader than simply you know, smart contract auditing or decentralized application auditing or you know, you know. It just seems to me like this is this is something that could apply to any sort of class of tokenizable asset as well. Anything that could be basically hashed and stored in a blockchain could also have some sort of certification mark associated with it. Do you see a market place, or now I guess market place with me the word. Do you see branching different versions of pain Bala or maybe extending Pinballa to operate outside of the scope of, you know, Smart Contract Auditing. So that's a very good question. Thought a lot about this. I think in particular, both of the things that pinball it does are things that can be expanded, whether it comes to issuing a mark for things that are stay enough to use for smart contracts in particular. If we get really good at doing that, there's no reason for us to not get really good at other kinds of certifications when it comes to issuing grants for things that people want to fund for whatever mission that they've organized around. That's something where we started with a small category of things that we're trying to fund. We're trying to make a theorium safer. But if we get good at that, the the more cooperation we can coordinate under one banner, the more useful our systems going to be. So there's no reason to stop there. If this system ends up being successful, I think we're going to look back at this time as a time when security started to really level up in our space and if it again to end up growing beyond that, then maybe it's when we really started to learn how to cooperate, when we started to figure out how to get all the things we wanted to do together done. Maybe we look back on this time as the time that the ocean started to slow their rise. I know a lot of people have heard that thing before, but maybe now it's actually true, like as much cooperation as we can get done under one banner, the better. We're starting with making a theorium safer, but if this theme actually works like there's really no limit to what we can do together as society. Earlier, there's the the systems that we've built to get cooperation done can only get so much done and a lot of them aren't working really well right now. We have governments where if you can get fifty one percent other people to agree that something should be done, maybe that thing happened. If not, it's really hard to coordinate. You have non profits where somebody who isn't giving too much off of the donations. Besides that, they can get your funds on the door and spend it on what you wanted to do, then it happens. But there's so many other things that we want to do that we're willing to contribute to, that we just can't find the way to get everybody on the same page, to decide who spends what for what, decide what gets spent on what I think if we build effective systems, we can radically increase the amount of cooperation that happens as a society. Absolutely, but just focusing on the mark for a minute, I mean this can apply this just the mark itself can apply to things it don't. So let's just give a wacky use case that is probably not really going to be reasonable anytime and in the nearest future. But I could totally see something a system like this for meat certification, you know, food product certification of the the you know, is this USDA grade a quality beef? Well, right now we trust a particular organization called the USDA to go around and do the inspections and make sure that things are adhering to the quality standards set. Are that are that are there? There's no reason why that needs to be a government organization if we could decentralize this and there's consequences and reputations surrounding somebody auditing particular materials and the real world as well. Um, and to me I really like the security play that you're doing, because it is an extremely adversarial environment, meaning that you're the contracts that you certify will be put to the test and this also is a good, you know, Chinic record keeper of how things are going and a good measuring stick for how the community is leveling up in security as well. It's a good way to test this, this sort of model that you've built, but it's also a good way of kind of measuring the validity of group, think auditability and certification, as well as a measuring stick for how well the security security community is kind of doing...

...on a whole. So it provides some side services as well that I really like. Yeah, you have to be, I think it's to be careful with with trying to use this book. It shouldn't be Pan Vala his job to try and make this system work outside of the scope of what they're trying to do. It should show how well this system works in the micro community that is spark contract security. Then people can refer to it with that metric of efficiency to see if they could be used elsewhere. It shouldn't be this system becomes the way, like the Pan Vala network itself becomes the way in which we assess validity of all things. It's no stick to this particular use case because that's the network that you're trying to build. The people associated with smart contract security to using this token and those who would like to do something similar should copy the code and do it elsewhere for that community or micro community or whatever it is, or government. And we had Gwen while on last episode to talked about radical markets and a lot of the markets that he proposes will work for a lot of could particilarly work for a lot of things, but it's not one market to rule them all. It's it's the it's the mechanism design associated with the market that makes that particular community operate and interact with each other appropriately. I definitely agree that having one system to do everything is bad. I think separate systems, especially like really competing systems, is really healthy. But I do hope that the pen volid community does decide that expanding as their ability to cooperate increases is a good idea. The getting more done, like trying to organize a new group of people in a new way to get some other kind of thing done, as a lot harder than using the organized people that you've already brought together to accomplish the next task, in the next task, in the next tasks. I think. I think trying to organize everybody under one banner is a bad idea and that I don't want that to happen. But I do think that expanding is healthy. Yeah, I guess appropriate expansion, you know what I mean. Not like, you know, you're going to start assessing the US the ability of meat from smart contracts. I don't think that's the avenue in which you see yourself going. Maybe there's some weird emergent avenue that happens far off in the distance with has becomes super efficient, but right, that's not the immediate go to write. It could be the security layers on top of the smart contracts for decentralized applications. You can start assessing those types of things and just the token to do that. That makes sense, right, and that that's the expansion that you see over time. That's definitely more of the way I see it. If we get to meet, then this has been wildly successful. Achieve Your model there. It's shipt your model. Your many many, many, many years out. But yeah, I think, I think, I think this is a test case, is what I was trying to get at, and that it's the perfect test case because it's so adversarial and you know, it's a good way to see. You know, people need to have this happen. They need to have their their contracts, you know, audited. They need this kind of ability to know what is good and what is not good when from a consumer standpoint. So it's a really good early test case because it's an adversarial market. There's a subfimization models built in everything that people are doing. There's skin in the game on all sides and it's a good way to know if your system is optimal or not and to optimize it before it gets to the case. So Usda me, you know what I mean, like it's a really good early start. So I think go ahead. I agree with that, and that's really why I encourage everyone who's, like I'm, moderately interested in what's going on with the system to come be a part of this community. Like when we saw that ICOS or a thing that started to work with heavy quotes on work, there was this huge boom and I see those lots of people started doing them and they worked for a really long time. Maybe not so much anymore, but there was a boom, and I think if Hanabala works, like if we actually achieve the thing that we set out to do. I think the next boom in our community is going to be people who just like rent and repeat on the Panabala model over and over and over again, and I don't think that's a bad thing. Like it's competition, but it's a healthy competition and if that's what you see for yourself as being one of the next kinds of systems that get built, you should be a part of this first system, learn how it works and go create more. If you work with other other companies or other projects trying to like flesh out how to can curated markets work. Yeah, we've been. We've been talking to various teams in the ecosystem, talking heavily to the teams that built...

...the first TCR, the AD chain registry, talking to teams who are doing other work in security, etc. I think there's a lot of room for cooperation and making sure that the information from all the experiments that people are doing end up getting spread far and wide. There's it's so hard to get to a point where we know how to build systems that work and it's really from people sharing what they've learned so far making sure that that information spreads far and wide. That let us all be able to do better work together and at the end of the day, that, to me, that's what it's really about. It's not about like having the biggest token sale, making the most money, like something is fundamentially change in society with the introduction of this new technology and we should all be trying to find out how to harness that user productively and prevent the bad things that I could create from actually happening. And for us to achieve that we really have to work together. So I we have to wrap up in it here in a second, but I noticed something while going through your material again that we haven't really touched on quite yet, and that's the rating system. And there's several layers to this. What are the criteria for meeting this rating system? So good? So for the rating system, it's really designed on the Michelin Star Model, where you can you can't, like, start off getting three Michelin Stars. You can't start off getting three pain Valla marks, but the ideas that you earn your way up. Once you've proven that you've met the bar for one pain vall mark, then you can apply and try to get your second pen Valla mark or when you've demonstrated that your contract checks of that you use security practices that are so much better than most of the ones that have one mark that you deserve a second mark to set yourself aside. Similarly for a third mark, the idea there's just to make sure that the pinballer market itself doesn't become like the the ceiling for security. We want people to we want to encourage people to go above and beyond what other teams have done, so we're continually making progress and what secure and what's nut from day one there's really only going to be a registry for the first mark. It's really up to the community to decide when to create that second registry and that Third Registry to add more marks to the system. But that's the general idea. We don't we want the community to know from day one that it's not about setting one bar and then making like hiding all the better work that people are doing when it comes to things like formal verification or basically anything that goes above and beyond the minimum standards that people are going to set. As far as particular criteria for earning a mark, there are no particular criteria. This basically the same sort of thing as a missile and start. It's not you have to check a box X, Y and Z to get a certain level. It's that the token holders themselves have an idea of what the next level is and they're deciding whether or not you reach that next level. It's very subjective and that's the idea. I think somebjectisystems can be very useful. Governing in them is very difficult, but I think that's what we're going to figure out how to do as a community. So burn our molar, Muller Moller hed sorry, Bad, bad, third out, realer, Bern Harden, meal that thank you. He's actually the one who recommend we speak to you and look into your project. He he does myth roll as so I kind of assume that there was some sort of linking between the Consensus Project, Myth Roll and pen follow. But it sounds like you're building something that doesn't care about tools, doesn't care about methodology. He cares about results and sentiments surrounding those results from a social perspective. That I think that's really interesting. But giving that tooling is such an issue, do you see integration of the pain Balla System into your deployment mechanisms for smart contracts or deployments in general. Just for for you know, can you can you verify that this contract is actually a vetted contract, but just a copy of it, for instance, and does that mark carry over? So I definitely think that anybody who isn't using me, who anyone who isn't using methrol today that's writing smart contracts is making a mistake. It is really the most useful tool for identifying so many common mistakes that people make when the writing smart contracts and just giving you warnings. You can fix those even before it gets to an auditor. That's just a core part of the development life cycle for smart contracts. When you've done that, when you've in your smart contracts, it passes all the meth rol checks, then you go and you get an audit done from a team that specializes in security. Once you've gotten your added done, the next step that you take is you go to earn a Pinballa mark so you can demonstrate to the public that you've met broad bar for what's safe enough to use. I think the real integration between methyl and Pinvala comes...

...at the level of the council that's issuing recommendations. I think there's going to be no counsel that gives recommendations to contracts that have clear air is being reported by mythrol. Like it's so easy to run against your contract system that I think every contract that applied for a Penballa market, it's gonna be run under meth rol to see what gets output there. But it is the Panvala is the system that's very separate form from things that can be automated and while focuses on things that can't be automated, things that are more subjective, things that require human reasoning to determine what's safe enough to use and what's not, and that's that's where the focus is. But for things that can be detected in an automated way, those humans are going to tie in those tools to make sure that the recommendations are making our sound awesome. I think that's great way to wrap this up. Thank you your on for coming on the show and been talking about Anhala in the space as a whole. I think it was incredibly useful for me and other forward to see seeing a lot of us come to life. Even my dog is barking in the background, which is excited about it. Yeah, thanks for having me. It's been great. For anybody WHO's interested in being a part of this community as we figure out how to govern this mark, how to govern these grants, encourage you to join our telegram channel. You can find it on the Panbala website at panvaladcom, and really just start participating in these experiments that were running together. Our Panabala Mark Demo is something that the public can participate in. It'll already happen by the time this episode airs, but we went your feedback on how it went. What could be better, how what? How we should govern a community that you would want to be a part of, and from there I encourage you to learn how to actually replicate what we're building so we can build a more communities that can cooperate more effectively. alsoastic. Love it, love it, love it. Can't wait to see how this plays out in reality. Sounds very exciting and I look more forward to hearing your demo. So it's audience thanks. Guess. For those that enjoyed this, go check them out, give them feedback, reach out to them. I know every project that comes on shows like this laws it when people actually reach out and talk to them. Most entire community feels that way about everything. So if you like this, subscribe with the like button. Shared your friends, tell your dog, to your wife, tell everybody. And how can people how could people find Panbala as? So the website is panvalacom. We're active on twitter. Our twitter name is hand follow mark. Please follow us there. Those are really the best avenues from Mary. Will be directed to the telegram channel where you can ask this questions anytime, any day. We want you to participate, we want to build assistant that you want to be a part of. Awesome. Thanks, Karen.

In-Stream Audio Search

NEW

Search across all episodes within this podcast

Episodes (128)