Hashing It Out
Hashing It Out

Episode 118 · 2 months ago

Hashing It Out Personals: David Theodore

ABOUT THIS EPISODE

David Theodore, Security Researcher at Ethereum, talks about the merge and his path from electrical engineering to security.

You can also watch this episode on YouTube.

Welcome back. Passing it out. This is a personal's episode with David Theodore, security researcher engineer at the Theorem Foundation. Welcome Dave. As always, I'm your host, Dr Corey Petty, with Jesse broke. Um, David, why don't you do the normal thing and kind of start us off introducing yourself, telling us how you got into this ecosystem in the first place? Okay, cool, yeah, my name is David Theodore. UH, security research, consensus layer, security research team at the Ethereum Foundation. Um, how I got into this industry? I think you know, I stumbled across security in general in college. I wiped like reset windows on accident and I had like seventeen pages into a paper and UH started looking into data recovery. I was a broke waiter at the time. Um, not a C S student, I was an electrical engineering student, so like one programming class. Uh. In the meantime I discovered Linux for forensic reasons and I recovered all of my data. Um, and while that took, you know, twelve hours to rip through, looking for magic numbers on the file system on an old hard drive, I was like, what is wireless penetration? What is cash cracking. I never looked back when in the security about two years later I found Manaro um looking into inimity research on the dark web. That led me to ethereum. Had a good buddy that was like an early etherorum investor. Um started doing smart contract audits in the only use case was I C. I was back in the day. That didn't really pay the bills for too long. Huge bear market winter. Uh. So I went into the defense industry exploit development network operations, working with intelligence community predominantly, but some d o d stuff. From there into Malbart reversing, did some maw reversing and android at Google. Um, and then ethereum kind of approached me with hey, we know you're an heath head. Uh, we need some researchers to secure them merge and the merge was a very interesting target, Um, and I just got obsessed. Brought some other guys from the defense industry in with me and yeah, I ever looked back. Leaving and so far. What's it like being a security researcher Um for a project that's tantamount to like rebuilding a plane? Lot's flying. There's yeah, there's some good and bad things. Um, I'll say that like. My previous experience with security research was mostly in in the D D and I C groups and um the targets are different. So I think a lot of the design decisions that the etherium foundation and the contractors made early on to use memory safe languages has changed the playing field. Um Bugs that we see, like in a previous life, would be much more likely to be exploitable. You can think like all these types of memory corruption bugs, like you know, buffer overflows. Um, you have all kinds of like double freeze, US after freeze, all kinds of fun page stuff. Now what we see is more, Um, like logic bugs or just like denial of service space bugs, like a panic and go or rust, which is at absolutely drastic uh still. UH, there's not a lots of funds in these cases. People aren't like getting remote code execution on your on your box because you're running a note, but they're able to stop your note from running and if you have a client penetration, that's the network stopping the notes from running, especially in a proof of stake system, could prevent finality. So it's definitely different. Um, the moving plane analogy aspect of it is very interesting. There's no like let's you know, my father in law was like, yeah, when are you guys gonna do the upgrade? Like you're gonna, you know, announce a downtime and reboot the network? And you know ethereum doesn't go down, Um, and hopefully never will. Uh. And and you know, the the gracious handoff of the baton for proof of work to proof mistake was definitely added a lot of complexity. Um. Now, having said that, like the Multipli architecture and other things, kind of make it to where, you know, leading up...

...into merge day, where like we're worried about bugs and individual clients but at the same time, like we're pretty we feel pretty good about network health save any like fast uh, like maybe unknown or like partially known but unexpected to be abused, issues with the SPEC itself. So I'd say, you know, overall, Um, definitely a different a different monster from the security game. Um, like I said, no loss of fun. Things like that aren't the deal. Um, but definitely having this I guess the thing that makes it so tricky is that it's permissionless. Having this this network anyone can participate in, and having this very open stage where there is value just invites a lot of potential avenues for abuse. So it's it's definitely been a fun thing to to look at. I know you were complaining that your node went down, and a few other people within status also their nodes went down during the merge, and so they spent this past week trying to get their their clients. I had a rare bug with never mind, I think, or a hardware fault, I'm not sure. That basically had my my execution layer client just not thinking for the longest time and so I wasn't from the first thin guest. Three days I wasn't the testing or doing anything for my validators, which is real fun, especially you're trying to get work done during those days. But all is smooth now and I even have a backup system in case it happens again. I don't want to use the cloud. I hate using instances of the cloud if I can. So it really is, especially if you want some of the level of performance gear and bandwidth. Um, just like bandidth, aplication for some of the stuff and can if you're if you're not careful, you can wreck up a pretty pretty penny and using cloud infrastructure it can almost offset like the maybe y that an individual validator can can actually generate, especially when prices are lower like right now. Yeah, yeah, yeah, but I mean we're on a security podcast, so don't use the cloud anyways that you're your proposer keys on there. Yeah, Um, how did so? They approached you and said you were an F head. So have you? Have you maintained being an F head, quote unquote, this entire time? So if you F you left, I'd imagine if you left from doing security, your reviews or security audits too, at that time, probably just a shipload of I C O as you were a little, uh, disillusioned when you left, especially with the price coming down. Did you maintain that kind of exuberance? When I say like leaft, I didn't really like leave. Like I was never affiliated with the ethereum foundation previously. Um. And when I say they like approached me, it was actually more like the community that I knew approached me and they were like, Hey, I know this guy, Um. He's a good security engineer, security research background. Also understands ethereum. Um. And so that was and also, like, I'm a huge believer. So I have one of my best friends, Um. I of with him in the House we lived and was bought with with eight games of his like been following the ecosystem for a long time and I think that I'm having a few ethereum O g S. say this guy knows this stuff because we talked him about ethereum all the time. Maybe, you know, if ethereum has grown up and could pay the bills, kind of like Google and these other Um good engineering firms can pay, that he might be down. And then I think what what turned the tides is Um. A few of the the kind of like PM types at the etherium foundation went and called my twitter, which I'm not really active on twitter, but like I was tweeting about like bitcoin and and and I was tweeting about how proof mistake was going to be a game changer, inen you know. So it's not like these concepts were new UM. Part of the problem I think that they've had is, you know, there's there's only so many firms that Um are really adept enough to audit. Uh does stuff. It's the...

...prerequisites for Crypto or it's like you've got to understand distributed systems. You absolutely have to understand like a vast amount of cryptographic primitives, which is like exploding right now with all the zk stuff the like. It's not gonna get any better either. Yeah, the Venn Diagram. When you've got somebody that can like audit this stuff gets like real, real narrow, real thin, um. And I think that, you know, you could pay six months for an audit from like a, you know, a decently respected firm for doing security reviews, and they might spend the first three months like wrapping their head around Um, you know, just what is ethereum itself, right. Yeah, and their findings won't be the other findings won't be that great because they didn't start truly reading the code until they wrap their head around the SPEC UM. Yeah, and there's also there's some this was actually one of the most attractive things to me. There's some new, like primitive pillars of security when it comes to Crypto, Um and and, and the way I say that is, like, I guess, like previously for me, Um, there's, when you get into security, there's like so many very like pigeonholed areas of expertise, and I did a lot of software reversing, a lot of security research with software. So the way, like if somebody asked me, like or your red teamer and I would just say yes, but if it was like a pin tester or somebody that like specifically did something to say, I am a software security researcher and find bugs and software, do a lot of fuzzing, static and dynamic analysis, all these kinds of things, um, and that's like a little bit too in depth when you're talking to somebody that's not security focus. So now you have, you have to have like this understanding of not only a bunch of new cryptographic primitives right, like a good security researcher understands like check some means that the data's got integrity if they match. They understand the difference between like asymmetric encryption for key exchange and symmetric concryption for like full desconcription. And then, after you've already liked made it, you know, a good encrypted tunnel for communication. But they don't understand any of the Z ca stuff. Um, they don't understand like these BLS signatures that we have in the consensus layer, like the whole ideas that you have a public private key and you can sign a message, but you can aggregate the signatures and kind of squash them into a fixed data amount. So there's like these new things that haven't existed. The whole Internet has been built on basically check, some asymmetric and symmetric encryption, and now we have like well, more fake which is all the Z case of all these other things. And the other side of that is there's this new pillar, right, and it's like economic security, which is so interesting to me. Proof of state kind of dabbles in it. But you see, like I'll put it this way, so you have a really complex protocol. It's kind a way to like generate revenue, Um, you know, whatever have you. We've done audits. The code is completely secure. Everything, the oracles are locked down. If we don't like make the incidentive design correct and we like make it possible for somebody to like flash loan, like so much of the protocol, to make a vote to change something, the whole thing crumbles. It doesn't matter how secure your code is anymore. There's like these new there's a weight, it's a it's a it's an additional waiting factor that you haven't had to ever think about beforehand, because it's like what's the cost of doing this, and how does the economic waiting of the underlying network change, like and attackers motivation to to take that cost, which is something you typically have to do, and so like for for the longest time with smart contracts, that the best metric for a specific methodology for programming solidity was measured by how long that thing had been on the chain combined with the amount of value that's locked up in it. Because there is no better way to like to say, like it's a pretty good way of doing it. This is one thing and secure or however much value is locked into that thing, and then you can do additional tests to gain more confirmation. But, like, there's nothing better, because no one's gonna release a known vulnerability if it's if it has the potent chils to gain them so much more when values locked into that thing more...

...often. Right. Which is interesting about the merge and all the kind of level of new cryptography and technology built into it is that now there's a shipload of value on the line and so you're starting to see that same metric come into play of like this is secure for this amount of value, looked up for this amount of time. I guess is what is that? TV L? I guess the standard metric like that what you call it. Yeah, and I think so. Go ahead. Oh No, I just want to ask you a question. So when you when you're talking about incentive designed to compensate for like flash loans and people exploiting, you know, contracts, how do you how do you actually compensate for that? Um I think I think you have to just approach things a little bit different. I'll put it this way. What is that like? If I try to boil down what the difference is here, is that Um just like in traditional security, assumptions are made, like like people will say, okay, I just assume you're not going to give me a negative length value here. And so if I give you a negative if you're not filtering for that and I give you a negative length value, you know, you have things like heartplead where we're reading memory from the inkernal processes way off in the distance or whatever. The same thing happens with the economic security here, and it's that people have this deal, they like design the system and then they don't think about, um the adversarial ways that you can change the state. So, like the in this current state of this contract, everything is secure, but one way to change the state is to Flashlan like a shipload of ape coin and then vote on their governance or get the air drop during the time or whatever have you, right, Um, and so it's it's it's all these are basic like ideas and security that have existed previously. It's just now there's a new dimension of how can you change state, and a lot of that comes from external forces. Um, I think proof mistake is a great example of like a minimal like new thing here, like trying to like not many people can answer the question about economic security between like proof of work, Etherorum and proof mistake. Etherorem like, how do you truly measure it? And so people who go to like well, to revert history past finality, you need to burn like billions of dollars, like that's kind of how you can sum it up, right, but I think, uh, you know, it's very simple. It's like it's like you have these very simple rules, whereas these different defied premitis can be like insane, right, like you could have these like decentralized oracles where, Um, if I'm honest, my reputation goes up and I can continue to be an oracle in prediction markets and say, you know who won the football game or whatever, but someday it's gonna make enough sense. I mean to tarnish my reputation and collect a billion dollars. You know what I mean? It's like my reputation is x amount of dollars worth, and so like don't make bets that are more than that, like, and that's, like you said, it's just a new dimension to wait. What off atunity costs are that? They're really, really, really strange. Like I used to do a lot of threat modeling and try and get people to do threat botteling across their code bases and projects and whatever, and how to add that into the process of doing a threat bottle. That's kind of interesting. Like, like you said, their assumptions. When you take flash loans as an example, it's like when people were building out early defi protocols, they made an assumption that it's not reasonable for an individual user to have this much money to do something, and then flashblans came along and then it gave everyone the ability to have way more than that much money to do something, and so the assumption was thrown out the window and everything that was built on that assumption was was then broken, and that happens a lot every time and then, and that's this consequence of building on a shared resource. That is, I think, a relatively novel concept for people, where, like, if I...

...build an application and put it on Ethereum, I'm building it not only for myself but for everyone to use, and I'm now at the mercy of how everyone uses it, despite how I think it should be used. Yep, it's a good way to put it. The coolest thing I've seen done that I haven't really seen done elsewhere. Um. And nobody talks about this group enough. There's the R I g group within me, at the robust incidents group. They run like intelligent R L agents and staking scenarios, just stimulated to see if there's like, you know, if there is incentives for Re ords financially, to see if there's like, you know, if we if we make a thousand honest validators, great, they all behave this way. If we make, Um, you know, a thousand honest validators, but nine hundred of them all, like, are owned by one entity, is there a time and place where like that entity is willing to, like, you know, slash and sacrifice thirty two, eat one of their validators? To collect, you know, a huge which like reoric mevs stealing payout like on the other end, and like this is the kind of I don't think that you can expect the traditional software like security auditor to wholly comprehend all of these things. So I just think that, you know, just like you have, um, like somebody reviewing the crypto like reading the actual like dissertation where they talked about how these two curves and the properties are and are they quantum resilience and all these like very nitty gritty crypto things like that. Persons and expertise there, and then you have like the actual like software auditor. That guy's got that expertise, and then you've just got like testers that test the crap out of things and right buzzers. Well, now you just kind of need these other people to be like Um to do simulations. I mean we do simulations in the stock market now. Like this is not like a totally new concept. It's just that we're kind of taking you know, Game Theory, which is kind of had its like golden age in the sixties and seventies, and like brushing all the dust off of it and then saying like, okay, we have way more complex crap now in a model. Um, you know, where's the like where's like the two thousand eight financial crisis, like risk lingering? When we're we have all these building blocks and we make all these assumptions and like, you know, defies all like great, but then if there's like actually an issue with maker, like what happens to everything they uses? Die? Is Collateral and like where are these ripple effects going? And you know, as more, more actors get more and more complex and potentially collude, Um, you know, you could see like like all the light o validators colluding or something. Um, and and and being willing to like they know they have, you know, the next three proposals in a row. Well, why don't we re Org this dude out of the chain because he had a fifty fifty MeV or fifty eight MeV block payout or something? So we kind of have to like the only way to do this is to simulate it, just like anything else. I mean it's from a security researcher's perspective, it's like Fuzz. Like fuzz and emulate all of the different scenarios. Fuzz it when he is worth ten dollars. Fuzz it when you know the peg is broken on the stable coin, like like take all these things and figure where it might make sense to do this right. I could see people like, I'm surprised nobody did this. Like the multi block flash loan would have been epic at the merge. Uh, you you already know. You already know who the first block, the first slot is, the first proposer. If you could collude with them and you you mind the teeth t d block, you could take out like a gazillion flash loan and then you'd have and then you just pay it back on block, you know, Slot Zero that post merge, and then you have like all the proof of work in the world to dump into the market on that chain. There's all kinds of like cool little things here that didn't exist, that that actually did happen, that somebody flash loaned to dump proof of work. Mint. I got an overly exuberant N F tea mint. On the first block. There was an n F tem mint. It was like I think they paid like five K and gas and meant like a hundred and F T S, which is going to be small potatoes compared to what they get. You know, I wonder what that like? Merge Panda, the transitions. The name of that N F T uh. That's that's awesome. But yeah,...

...the last block, I think, was mined by F two pool and they minded as a vanity block. They just like they knocked out all the gas. They paid, you know, whatever the gas fees was, to like fill the block up. It was kind of like an epic like salute, like like we mind the last block. You know, I thought that was pretty cool. So what do you what are you excited about now, because the mergence happened? Like Danny's crying, enjoy. What do we wh where do we go from here? What are you excited about now that the mergers happened? That which is like one ridiculous feet of technology and effort to make it happen so smoothly. But like that's no way shape performed, like the end of the show. Yeah, Um, from the security side, there's a ton of work to be done still. Um, we've been doing all kinds of like emulation with all the different E L and see how clients. We've been like fuzzing now with a third party tool by a company called antithesis that basically will, as it is a deterministic hypervisor. The whole network is local. So like it's got determinism at the network level and we like drop packets and we do all kinds of fun stuff. So that that needs to be like kind of teased out a little bit. We need to throw MeV boost into there. Um, MeV boost is relatively new code. I've got a go fuzzer that's like a breath first Fuzzer I've been working on for the last few months. Um, gonna open source that at Dev Com. Gonna Point that at Mev boost again. It's already pointed in prison. The other cool thing one of the big security upgrades that like it's starting to take shape and the SPEC is kind of getting hammered out right now that I don't think it'll be in Shanghai and like the first set of the first hard work where withdraws are enabled, but maybe the one after, and I'm going to advocate for it as soon as possible, is scel east. The secrets, a single secret leader election, and basically what that is is that currently you can know blog proposers a little bit ahead of time, Um, and so you know you could see a very, very targeted denial, a service on on proposers as they happen. I'm not worried about it so much in the short term because, like, botton nets are just kind of like, if you rent a botton net right now, uh, they phone home like every twenty four hours for the next target and then they you know, they're usually compromise IOT devices or whatever, and they don't like know how to take instructions every six minutes and denial a service some individual, i. p for twelve seconds at the time, which is what they would need to do to denial a service proposers. But SS L E will basically use zk proofs to reduce the nymity set and basically make a proof that says Um that like you can generate as a proposer, where nobody knows who's proposing the next block except for the proposer who it is, and they can generate a proof that they're the chosen one. So, like at the slot, when they reveal their proposal, they'll be able to reveal this able zk proof that's like hey, this is a legitimate proposal that can be verified by everyone else, and then no one will know. You know well that they won't know the whole nentymity set, but they'll be like, okay, there's like one of twelve thousand uh potential validators proposing on this twelve second slot. There's no way they could eat us all, twelve thousand of them and still kind of have like the Ian Kin and throughput that they need to to nail the right one. So that's kind of for me, the protocol like levels, strengthening security upgrade in the near future that I'm the most excited about. Uh. There's also like just this green field of what we would consider like systemic things. So obviously all of the consistus layer clients were, you know, uh, very new and and proof mistake was new and a lot of it was theoretical and sure it's been done before, but hasn't been done with like, you know, a trillion dollars of TV on the network, you know, in the hot swap like well, you know, with nine different types of clients like all like seamlessly like that. That was a big thing that you um now that that's behind us, we've got L two S man. We've got, you know, systemic things like maker, like, you know, if if somebody can, you know, generate malicious fraud proofs and optimism and like cause double spend. Like these are things that we've kind of made the scale roadmap for each so...

...like we've got to lock them down to Um. So our team is growing. We've always got people like looking at the consistent layer clients, but like also huge d five projects, all the L two stuff. Another big thing is C K. I mean that's where we're the first parts of like an easy k tech are going to be the whisp stuff and S Sli. That's gonna be the first thing in the consensus layer and it's very minimal and like the smartest k people in the world have been talking about it. Watch Dan Cloud and Battalic and and George Cutty knacks. Talked to Dan Bona and some of the other Standford people in the backyard and they're just like related. Right. They've been working on all these cool cryptographic primitive since like the seventies and now like we're brushing the dust off of their textbooks and like implementing them for the first time and it's going to change the world. So they're always like down to hell, but that stuff's like, you know, you could see scaling roadmaps like let's say that starkware is able to, you know, make your transaction fees like substance right and and their state updates are tiny and you're like people are now able to like run world of warcraft N F T minting levels of like ments, like hundreds of millions of N F T S A day can be minted on l two is and like the transaction these are like minimal and you can withdraw this and take this with you. And ECOSI is like these are the next big things. I mean car titles, loans, all these things. They're gonna live in L twos. So if we've got like random bugs like the double spin bug and Z cash like hiding under the covers that we don't know about, like that's detrimental like that that would that could be something that could like kind of Straw harm. Yeah, it's it's huge. So these are and we don't have auditing tools for this. Like we're still like working on on ramping solidity auditors right, and that's application space has not even been when I've been focusing on like I know enough to be dangerous and there's some really good people, but there's not enough of it. And now don't have the on ramps for it right, like so, like you look at something that's reasonably knew that I think is a relatively good on ramp, like security Um, to try and train people to become adept enough to start being dangerous. It's still only, still only focus a smart contracts, because that's where, I don't know, it's easiest to get in. But it feel like when most people think about web three purity, they think about it from perspective of solidity, not everything underneath it, which is holding a tremendous amount of value. Yeah, and now you're gonna have to ask them to like understand elliptic curve pairings, multiparty um computation, and it's like, Hey, do you guys know like linear Algebra and like all these complex cryptographic Primit is because your Z K system is going to basically be built on these. And so it's like not only do you have to understand the solidity, we have to understand like the prover and the verifier and you have to understand all the zk stuff that nobody really understands. Right, we've got, I'm in these calls right with the Xerox Park folks and there's these brilliant mathematicians and cryptographers that really understand Z K, and then there's like, you know, people that can implement it in code. And then we're in this call. Were like, how do we formally verify these things are like sound and complete? And it's like, uh, like note, like there's there's a bunch of people that like have a piece of the knowledge and it's like we're gonna have to build that out, we're gonna have to make the best practices, we're gonna have to like train people. Who are these M s? Who are the poor? Are The people that are managing these projects because they need to. They just listen to most people that I know that have kind of decent skill set and project management, it's no fucking clue what's gonna be said and you need of those calls. Yeah, that's kind of the problem, Rick Right now. It's it's more like uh, industry, like the people that are in the calls would be like like a formal verification company, like their bread and butter will like being doing these audits Sunday and then like some Z K experts and then like the people that wrote the like compilers right, like the current like circom and stuff and like probably of them, or academics, their students, they're not getting paid these like big engineering salaries yet, right, so they're like kind of like I could do this or I could go work for too sick, but you know, and it's like no, don't go do that. This is gonna be bigger than that in a few years, you know. And it's it's very, uh, disorganized and it's, I'll put it this way, the last six months it's like gone from completely unknown to like now we have a road map, like let's make...

...let's make a bug tracker every Zk bug that we've seen so far. Let's get it in there so we know like how to start classifying these things, you know, like we we we have, you know, terminology for previous types of bugs, and we don't even know like what to do here, right, and like how to call this. And so I think, uh, I think that's all very exciting. I think I'll be focusing a lot on that. I have an electric engineering undergrad with a math minor. So zk is just kind of like very matthew tied to what I think I should focus on, um, but the space move so fast, like I mean like we're we're one l two with like, you know, a ten billion dollar T v L away for me being like, oh shoot, I gotta drop everything and go look at that and like maybe hire some more people to to kind of take a look at this. You know, I think the good news is that, Um, the natural bug bounty aspect of things. You kind of mentioned it earlier. I don't think we called it that, but like there's been a billion dollars plus in this contract for at least a year. Like those kind of like time will tell like how secure things are. Um, it's just it's it's a litmus test, right. I mean banks are still running main frames, right? Why? Because, like that was the first thing they built it on and it hasn't broken yet, you know. So I think the programmers are dead, so they don't want to change it. So that does yeah, yeah, and that's why four Tran will never die, right, because there's nobody to to translate it into se right. But yeah, I don't know, I think, uh, for me, like my risk perspective, Um, I feel pretty good about steaking eat. Um, I I feel good about which clients I run and I've ran. You know, we run instrumented with like race sanitization, memory sanitization, a SAM UB Sam. We run these instrumented clients. We fuzzl me. So I've seen all this stuff. That suder the ward. I feel pretty good about steaking. I feel good, pretty good about like the economic model of like the security model of steaking. But like I'm not gonna be putting ninety percent of my eat bag into Um, you know, these L twos until they're like kind of tried and truth. And I think that there's gonna be a lot of promises for both privacy and scalabilities of Zk. But that's another one. Like if you go ask Dane, who's like one of the best cryptographers in the world, Professor Stanford, Israeli cryptographer, like just known in the industry, he will tell you, like I would be cautious about putting zk in to the consensus layer right, because it's like we think you don't you need some Beau, need some years to harden these things. Yeah, and it's like don't roll your own and then it's like okay, well, what's the next thing we need to build? Well, let's put the entire etherory and virtual machine into a zk proof, like like come on, man, like don't roll your own. And then at the same time we have that motto, like cryptography has always had that motto. But like some of the leads of cryptography, especially, like things like threshold signatures and these these new things, are building this stuff. So it's not like novices or amateurs trying but doing wrong. There's plenty of those two but like some of the titans are also building these things and it's interesting to be in a position where like maybe we should roll our own because it's we have the best people doing it, like it's it's very strange. Yeah, yeah, I think. I think for me it'll be let let everyone roll their try to wrap my head around it, try to test it and then like baby steps of putting my money into it. Right, Um, uh, you know, maybe I'll have kind of the way that you have like your cold wall and your hot wall and mentality, like I won't have more than I put on a hot wall and inside of a k roll up in the short term. Yeah, but I'm definitely excited about it. Um, I think that there's also there's like little semi centralized things like Um C K, sink and D Y D X was a great success, right. They had like if you ever use D Y D X, it's like, and I'm a US citizen, so I don't use it. I've seen people use it. UH, yeah, Um, but yeah, it's like instant transaction, finality. Uh, and maybe not finality under the hood, so much like their stayed updates don't get pulled up. But like to you it feels like that. And like that you can force withdrawals and like even the people that got like frozen, they couldn't like make trades or even those trades and some scenarios because...

...their wallet was like too many, too too few hops from MOVAK. They still have the ability to withdraw from that and like that's a really cool thing. Um, I think immutable x is cool. I think that there's like a lot of these, like l two is where you don't necessarily need an e v M, right, you don't need the equivalent Dvm, at least Um, the compatiblely V in like does the trick or very application specific things like you know, I don't know. You could just like make a small betting game or you could have Um, an l two that just handles like like like state channels between two companies like wells Fargoing Bank of America. You know, they have millions of transactions every day between their different customers. Maybe starbucks is somewhere between there and everybody's buying coffees. You don't need this like l one security there, but you also don't need the whole e V m. You just need a payment model and at the end of the day you just settle up, you know, like the net, just like difference between the treasuries there and the banks. And so I think that, like there's a lot of promising things that will come out Um. For me, the like the biggest like bull case here is that if I rewind back to my web two days and like pretend that I like some engineering need and my boss and the shareholders or whoever has come to me and said we need a web three Um strategy here, the question I asked myself is, like do I build this crap on ether? I build on Salana? So I build my own chain? What do I do and why? And I think that if anybody goes down the rabbit hole and wraps their head around everything here, the obvious use case for anything more than just payments is that you have your own l two, you make up your own rules and then you settle on l one as often as you need, like even twenty four hours, like settlement time, like one, and then you pay these minimal fees. You basically have free transactions for users and you inherit the security model. So for me, like, like that's the coolest thing about it and I think that if that's the one that makes the most sense from as far as like, don't get me wrong, technology readiness is not like completely there yet, but from like the theoretical bounds of what we can do with computer science and all these different algorithms that created and all these new primitives that we've created, that's the cheapest, most secure way to pull things off and be able to control all my dials right. And that goes for like payment stuff too, like the U S C B DC that says it should be private. Treasury doesn't necessarily think so, but the Fed says should be private. K Y C A ML it sanctionable. You can make all that right now. And and transactions to be super cheap. It's all private. Anything over ten thousand dollars in the transfer ors between two addresses and twenty four hours, can have a view key, we can turn all these dials and make everybody happy and then like route the thing every six hours in ethereum and each uoser pays the crowdsource between thousands of transactions, the transaction fee to get the economic security rooted in like the most security centralized place where nobody can go change it. And like, for me, like if that's where the theoretical balance go, that's where the engineering talent goes to make it happen and we have the most efficient system. And like a good example is, like I'm a big BTC guy. I love BTC. I think sinto she's amazing. I think like solving the double and problem is huge. Solving the coordination problem, like in the like the smallest parts, is huge. But right now for me, proof mistake. You know, now it's working. It's showing me that you can pay less for security. So I think that any time that you you're paying more for something, whether it's transaction fees in your l two, whether it's, you know, uh to to run some like highly permission node, whatever it is, like that will eventually get eaten away because markets will become efficient. It's the same way that we now have network switches that have fpgas in them to route traffic and to like filter packets. From Adda's perspective, we don't use the main computer right and we have gpus for calculating matrix man like, anytime there's like a need for something, the most efficient engineering solution will bubble up in like a capitalist environment where you can raise and you can have free of information and education, and I think that crypto is like the most elegant embodiment of like, look what we did with the Internet, and we can all talk about it and learn from it and it's all open and there's no college teaching all these things. It's just like fly by the seat of your pants. So many algorithms. That's the weird part of it. Yeah, yeah,...

...that's that's they're not there yet and being security in this space is ridiculous. Like people like you and they're like did you see this hack? You're like, dude, I haven't even got finished my reading list from last month. Like it got, it got overwhelming because it's that was the only reason someone was pinning me was because something was either bad happening now or potentially bad in the future, because there's a new discovery. Yeah, so so I'm I'm being pinned about your camper situation to ask you, like, what is that about the camper situation? Yeah, that like a security related thing. No, no, this is uh, I blame this on covid. Uh. So I'll kind of like I'll show it a little bit. So this is an airstream. It's front of the like curvy. Yeah, so this is like the main Halliway. My Office is back there. There's like a kitsch. It's opposite the camera. So right now we're branby Colorado, so the mountains are kind of behind us. I'm actually in a park Um, so we're like hooked up, have full power, all that kind of stuff. But we're not always that way. Right now I'm on Cell Dude. Starlink has been let me down, but it might be due to the fact that I'm running. I'm running a hundred girly validators and multiple main net validators and Spoli validators out of here. So this desktop right there and those two. There's a laptop that's running girly validators, but the rest of it that is fuzzing right now, because you don't need heating now when it's yeah, right now. Actually, the A C is on just in the middle of the day. Gets hot here, but usually like windows are open and that sort of thing. Oh, here's the bedroom. But yeah, we're in a park right now. In the kind of the justification for that. We like to be out in the middle of nowhere. Call it boon docking is the term, Um, and we have like solar setup. We've got the star link and if you're in the middle of nowhere starling works great. It's when you get close to like major population zones they have these little twelve miles cells and they get saturated. But like I have this theory that just depending like the way that my starlink will point, it'll orient itself and like it's not like beaming straight down for a cell. So like Denver's and maybe only like thirty miles as the crow flies this way. And I'm pretty sure, like everybody in Denver is using my startlink, like you know, through put and I'm not prioritized in this region. Um, when you're when you have a home address, you can like say I live here and get on a waiting list and then they prioritize you. But since we're just like moving around all the time. It's not the best. So right now I'm actually on a hot spot. I don't know where I put it. I have a cell booster, so a poll that you're like unscrewed and telescope out. It's twenty two FT high. It's got a directional Lt Antenna. Some of the five g bands are now like sharing like time, uh, like modulated positions and the Lt bands, and so I get five g usually Um pointed towards its hours. I run it through the it's ands cable, which happens to be what like satellite dishes use like TV dish network. So there's already like a whole drill in the air stream when we bought it. That like ghost the TVs. So I like routed through that into the inside and I have a little like analog booster that just boosts like various channels and then I broadcast like a little mini cell inside the air stream, because the air stream is like a far day cage, Dude. It's like a big double. Look at it. Yeah, that's how much. Yeah, how much does your your travel itinerary in location dictated by your Internet service, because you're running a bunch of like yeah, high uptime services. Yeah, I'll say this. The the biggest deal is that there's no like good unlimited cellular plans in the US. So yeah, so the way whenever we pick a spot, actually it's not, but it will throttle you down own Um, if you get...

...there. And then if I throttle you, I mean like it might be like where you can't load Google maps, like you'll get a call through, but like there won't be enough data, UM, and and they progressively penalize you because Google flies paying, you know, t mobile or whoever, whoever is like local to you, they're paying for that bandwidth and then they're like, I don't know if they're cutting them on the back end. They're saying like okay, we'll give you through put in our fiber during you know, peak hours or whatever, or how they do it. But Internet is definitely the biggest pan point. Um, Starlink is is the number one thing for like the prioritized swords Starlink, because it's unlimited and when it works, it works. It's like two, three hundred megabits a second. Um, oh man. Yeah, on average. Faster though, if there's nobody around, like a little bit more East into the rockies like in Silverton um I can get like well over a hundred up. It's it's great. Um, the one thing that you if, if anybody tries to mimic this, uh, you can't put whole punch so many Gnat pins, like if you have a bunch of block chains with way too many peers, like they'll eventually limit how many like nat whole punches you get. So just use a VPN for each of your nodes and then like two starlink it looks like you have like one CCP connection and then like your VPN exit will have all your peers and all that. Um, a big life hack that I do for running my main net nodes is I have sitting at a friend's house and like an area with really good like some metric Gig a bit up down fiber. I have a node that I've got like the Max peer limits set for my e L and my C L at like two plus, so like four hundred peers across the network, and I hard coded my e N R for my local pier and that peer so like at any time they will always prioritize each other. So, like if I need to connect to the Internet and I'm behind a firewall, like you can't like open ports on Starlink. All I have to do is connect to my other box and I download the whole d h d for All the peers on the network. It's ready to just stream and prioritize me. So I kind of have like this like cheating, always connected, like Super Server. I'm curious to see, like, because the safe of things that you're doing now, um, are really going to start to push the direction of how the like multi client architecture, both from a bunch of implementations and having separate clients for the execution layer and the consensus layer, and how those communicate with each other and how the individual sections link up with each other to, you know, kind of share information or whatever. What you're talking about is like future features across the client implementations of like well, the Rs you can do this to make it easy for you if you want to live a lifestyle like this or something like that, and they're curious to see, like how the different clients implementations start to differentiate themselves with respect to like feature sets and like what you can do on one versus the other. Yeah, one thing that would get me to switch right now would be if a client mountain said Hey, we added Uh Matt whole punching to our lip P twop implementation so that I could accept incoming peer requests from behind a firewall without having open you know, who owns the whole stack? Right? Just gonna throw that out there. Which one the LIP P two P stack? Yeah, well, an implementation at least that also has a client. There's a few, I think actually all of the like, because we have we basically own the whole language, so it's easy to get. Yeah, yeah, you guys had to write everything from the ground up. Basically, Hey, try getting, try getting negotiating an audit, a multi like a multi client audit. For that. That was a really fun process. was getting three different firms three months to audit the entire uh, like Nimbus, and everybody's booked right. Oh, that was luckily, I was a while ago. So like yeah, but we had to book it out for a long period of...

...time and like spend a tremendous amount of time just getting people to understand what the scope was and understanding Nim and get them get them to level of confidence where they can say, yea, I'll take that job. I have a tyler on our team security researcher, had to go down that rabbit hole. It's like okay, new language, start over right, but that's kind of been everything. Um, you know, like go and roster are pretty common. I'd say Javas the like oldest of the group, but that's you know, the clients are are go, Rust Java type script and Nim Right, and so it's like all the old tricks that we had for like Auditing C and C plus plus, just like throw them out the window, like let's start clean. Yeah, yeah, I guess I got sidetracked. Um, I think the day in the life of finding a spot is look on Google maps. So first look on campidiums and APP. It will show you like RV parks and spots where you can camp and people will upload like the number of bars they get or like verizon or, you know, a teen T or whatever cell provider. That's cool. That's a fallback. Yeah, definitely. If I can get one bar with my cell phone, I can get four bars with the booster and putting it up on a pole and all that kind of stuff. Um, there are some caveats, like you don't want to be like in the bad lands or like in Utah when it's Super Windy and have a twenty two ft pole like as your Internet service, right when it's like you sixty winds and stuff like that. There's always like something that every new spot you're like, oh, a new challenge. And if you look at it like that, Um, it's a good mindset, right. It's I knew a guy that, uh, he called life. He basically said like a trip to life is turning adversity into a game, right. So it's like if, if the if the stakes are gets you, you succeed, it's like even cooler, right. So you have to look at it that way. But yeah, we find a spot. Do they have cell yes, you know, if it's a park, or they have decent Wifi? Yes or no? They're just like, you know, grab the whole page of reviews for Wifi and if somebody can say like Oh, Wifi is not that great, but if I sit in the office it's great, then that's good enough. We kind of want like a fallback. Then we look at the starlink. Go to Starlink dot com, slash map. Is it supported area? If it is a supported area, doesn't have a wait list, because if there's no wait list. I don't have to worry about being de prioritized. Then we got to look at Google maps satellite view. Are there too many trees that will block the satellite? Is there the point? Does it getting to the point where, like, is it pretty? So do I want to go there? Like I feel like that's like really far down the list right now. Yeah. Well, well, I think we say like okay, I want to be in the San Juan Islands. Now start like we've already checked off pretty like badass place to be. Like okay, yeah, you gotta take a ferry there. I don't even know how to get in our VONA ferry. Like we got to deal with that. But if we can find a place they meet all the other requirements of the Internet, then we're good. Um, but yeah, it's kind of I have a really nice like Google maps like page I share with my wife where we've like marked everything. It's worked and like like that's the one place we saw that dude with the four wheelers and the guy with the horses and you know, this is the place where you definitely, you know, want to there's nowhere to there's no dump stations, and so I don't know. There's a long list. It does get tiring. Um, I think we've gotten to this like sweet spot where we move once a month and then it's like it doesn't take all my time. I can still like go mountain biking on the weekends, you know, because you can kill a whole weekend traveling. I mean it took us. We drove from like Whistler, I went to SPC, flew back, got the RV, drove from Whistler to here in Colorado, and it took us like three days full time of driving. So, like I que up on my podcasts and, like you know, on my all these like interesting books, and then it's just like on the road for, you know, many days. Um, but there's a lot of planning. I wouldn't try to do it alone, uh, like even if we're gonna stop, you know, you don't want to pay for a hotel when you were dragging your house at you. So, like like my wife or I, whoever is not driving, will like look and figure out where we can like there's always free camping and a lot of states, um, and be like well, what's a cool place? It's not far off the highway. That looks really beautiful. You know, Um, and then...

...we we just like stop and don't really like disconnect. I don't even like the all the monitors are like packed up, so the desktops like hiding. There's like a laptop running all my notes, you know, like it's kind of an experiment to see. I mean I could run these things in the cloud, I could run them at my desktop that's sitting in my buddy's house. Um, but I think that there's kind of like a meme behind like Yo, dude, I'm I'm literally validating on the road from, you know, cellular and satellite and solar and like can your bitcoin mining rig do this? It's kind of a it's such a flex yeah, it's very uh, it's like future solar punk, cyberpunk, like I don't know, so let's see what we can do. Is kind of my mindset. Right. That's pretty cool. That's really cool, and especially now that you have like way more opportunities to do that, now that the merges happened, it's like it's it's starting to like expand your ability to experiment with how far can you go here in terms of running contributing to a world resource that's so big on minimal resources? And I think that's only being only capable of being done through something my proof mistake. Yeah, agreed, man, that's really coo. I'm gonna Reference This podcast for when I get to that level, Corey. So like I can look back and I can be like, yeah, I started here, my knowledge of everything, I can reference, you know, three years from now. Oh, yeah, I'm gonna pull up that podcast with the David and I'm on the go now. And now you have a new podcast to listen to when you move every month. Yeah, dude, I I like I have. I definitely one thing that's like growing in state, besides the chain, is my like to read and to listen, to list and you guys are now added to it. Yeah, so, uh, what else did you do that that? I feel like that takes up a significant amount of time, between security research at the consensus layer you've targeted against is this layer, which is a significant amount of work, and moving around the country in an Rv whilest thinking like what else, what else do you get up? What do you what do you spend your time? To him, I'm a huge mountain biker. I love it. After the merge was successful, to my teammates that were at the Boulder Office with me. We headed to winner park, mountain bike to bunch. Um, that's kind of my like if I could pick one hobby, Um, I would say that's it. I was yes, it's been it's going on eleven years. been cleaned up for ten years. I was like a hard drug user in high school and cleaned up and I discovered mountain biking. Um, apart from security research and other things, has just got me going. It's like nature and adrenaline and fitness and like it's like a high. I think it's you know, it's risk involved. You can run into a tree. My best friends does it and he like every time he comes back he's got like something discolocated. Yeah, hopefully I don't end up doing that. Um, I broke my wrist at the beginning of last summer and I all three bikes in the surfboard all up and down the west coast, unfortunately. Um, this this summer has been great. Went up to whistler in British Columbia, which is like probably the premier place in North America, right in Colorado right now. Um, Austin's the home base. Love Live Music, I love Dancing Austin's like brushed covid off and everybody's gotten and gotten over it, and so now everybody just hangs out and there's a huge crypto scene there. Um, like to hike a lot. My I have a golden doodle and my wife. They're hiking right now during the first peek. Um, she likes to throw her out like a podcast. You need to get the hell out of here. No, I'd love to show her off. She's great. She makes this all fun. Um, and my dog is just I love. Her name is maple. Um. We call her noodle. She's a golden doodle, so noodles kind of her pet name. But yeah, she likes to bail like I don't know. I think she gets cryptote out. I think especially when there's cameras out, crypto and cameras don't go to well together all the time. I'm sure you guys have very skittish engineers that like to like kind of like shy away from the interviews all the time. Yeah, yeah,...

...but yeah, biking, music, traveling. Um, I think you've ever been to Portland? We drove through it like a few months ago. We spent a lot of time in California last year and then Um, this past summer we like headed north. So we did like a lot of Washington state. So in the islands, Um, like a round Mount Olympia, Olympic National Forest, all the coastline there. We didn't like stop in in Oregon so much just because we are like meeting a buddy up there and our ultimate goal was to make it to British Columbia. Um. But yeah, I think definitely we'll be back. The Oregon Coast was beautiful. Um, Washington is very similar and we loved it. They have like this D and R Land Um Department of Natural Resources. So they like, I guess it's publicly owned land. They're like grow a bunch of treaties and then they make it. They like cut it down every thirty or forty years for like lumber and they sell it and the proceeds go to the state. So like in the meantime they're like hey, there's this thirty dollar a year adventure pass, unlimited camping on all of our lands for free. Uh, and so like, you know, you're just go into these like crazy forests and you know, we love that and I the guys I talked to you said Oregon was very much like that. We did find a Frisbee in Silverton, Colorado. Had A number on it. I texted the dude, he said and I sent a picture in a pin. I was like Hey, man, found your Frisbee and he was in Oregon and he was like yeah, he was like dude, okay, I'll come get it and he was like Oh wait, that that penny drops in Colorado. I was like yeah, man, he's like, dude, I lost that in a blackberry thicket like three years ago and like, I can't remember where, in Oregon. So just like for the MEME, I was like all right, dude, I'm bringing this shift to you, you know, and I were like texted the guy when we got close into Oregon and ended up like being at work. So I dropped it off in the visitor in office and the lady at the visit of the office was like, Oh, this is awesome. This frisbee has been like, you know, all over the place. You know, like that you lost it, some dude brave the blackberry thicket to get it, lost it in Colorado and made its way home. So did did kind of stop a little it there. But yeah, Um, I think next like East Coast is a big you know, we've never even done it. You know, Florida is like everybody does our V stuff in Florida, mostly like northeasterners that are trying to escape the cold. We'll see there. But I think we need to to upgrade our battery storage to be able to be off graded in Florida. Um, running like multiple a C s will kill your budget so fast. I just got a quote for like another thousand and powers like lithium to basically go under this like it'll fill up like the whole area under this dinet here Um, and then like another seven hundred wats of solar and another four hundred like what external panel, basically what I would need to run a C in the middle. Yeah, it was like the quote was ridiculous. It was like thirty seven grand or something. I think it's twenty six if I did it myself. So I'M gonna have to become like a an expert on I can do the electrical stuff. It's like drilling holes in this nice air streams, though. You can. You can do some serious damage if you puncture a hole. Those things are yeah, yeah, these things are there's they're pretty advanced. They like have heating elements around him. They'll like keep themselves warm and like yeah, there's a I'm really excited like to see all this stuff come out. I mean people are running stuff in their houses. I talked to a guy the other day that lives in like except for the summer he escapes up here, but him and his wife want a place in Baja Mexico, and he said he just has like infinity lead acid batteries to this basement and so he's just running. He's got like car batteries like running his whole house, you know, in a bunch of solar I know. Um, I definitely love the solar punk meme, like the lifestyle. I think that's so cool. I think, uh, I think like like I'm fuzzing. I'm fuzzing, you know, constansus layer clients right now, Um, and like I've got my CPU like maxed out. I think, like I'm using like eight hundred lots and I you know, I can run that all day off solar when I find a bug like sustainably, like the little like I don't know, cool like new age engineer inside and he's like yeah, like adversity in two game. You know, this bug was...

...stopped. Sustainably, this proposal was validated. She gets upside of a check mark. Sustainably found bug. Yeah, we we kind of thought about like making like a little like a non twitter handle, like following, you know, a validator across the US, like flat Stanley, but like a validator, and like updating with like a like a month away so you can see where each proposal was made and like these ridiculous locations, you know, from the top of this mountain or in the middle of the desert or whatever it is. That's funny. Let me know if you do, I'll definitely follow it. Yeah, yeah, I guess I've docked myself already, but I don't know that it matters too much. That's kind of a nice part about moving around so much that you can doct yourself and then leave and then you're fine. David Hoffman like retweeted my like I had a picture of my air stream in a bunch of places with the VALIDA. There's something's like imagined censoring this, like I'm not gonna break any loss, don't get me wrong, but if I wanted to, you know, I could validate from anywhere. I rolled this baby down to Mexico if I wanted to. You know, it's just nice to have the optionality. Okay, that's dope. So wrapping up, Um, do you have any, I guess, advice you'd give to newcomers in terms of like how to join, how to get involved that learn? Yeah, my question to you is how did you go from electrical engineering to doing security research? Because my background is also as an electrical engineer and I'm just getting the chance to work in cryptom starting this past fall of this past spring. So I think the advice I can kind of answer the same. I think I can answer with the advice and then like my personal journey, like a brief version of it. Um, whatever gets you interested, do it. Um. I think a lot of people like we're in a new a new age right. Information is free online. You don't have to like go to, you know, Princeton or something and get get a c s degree. Like, I know a guy that, Um, he loves Z K. he's going down the rabbit hole. He's starting a program and Russ. He's never touched code before a year ago. Um, a lot of security engineers are like this. Um, some of the best hackers I knew they just were hacking games when they were younger and all they were doing was editing the memory to keep saying one right and that. Yeah, exactly. Um, I think that there's this industry is moving so fast that I think the opportunity costs of your time is something you can throw out the window. You don't have to say like hey, should I focus on getting my business degree right now because I'm a year in, or should I like go head over heels into learning this and and I think that there's transferable hard skills. Um, developing is one of them. So if you, if you try writing some code, and the easiest language probably to like wrap your head around that would be like python. Do like a hello world in Python. How To make excellent python? I don't know anything you think is cool. I want to calculate odds for Poker Python. How to do that python? Somebody's done it. Right now I'm actually doing like a python script for incentives modeling for a project due. Yeah, and it's it's like you learn yourself. You learn by doing. You don't learn by an official education. Necessarily not. Don't get it wrong. If you have an opportunity to get a CS degree from a good school, you can learn all the theoretical stuff, you can learn everything. You still need to go do this stuff. You need to go work at a company or build your own product. But just doing is how you learn here. There's so much need. Um, you can go from like being completely unskilled to worth a hundred grand a year. And like a year, if you're good and you're motivated, you might have to live in your mom's basement when you do it right, Um, but yeah, whatever gets you going. For me and my journey, Um, I love the adversarial stuff. I love when it's like a chess game. It's like me versus you, and security just kind of Lens to that. Defy hacks are like that. Like I don't like when Defi gets hacks, but I definitely read up on it and I'm like, I wonder what they're like. WHO This guy is like imagining, like, or this girl, like, are they sitting in their facement? Are they ever going to touch the money? Who is this person who did this? Yeah, I think. Did you ever used to play pvp games? Is that? Is that where that mentality comes from? Okay, you mentioned now and so I...

...was like arenas. Okay, I played battlefield on the day off on this rage on Starling, I'll get like a forty Millisecond Ping. So like kind of run of the mill average. It's not real bad. Um. But yeah, I think security research. Like how did I make the the jump? Um, I told you. I I basically knewked my heart drive. I recovered the data and I saw Kellie Lennox is like this pintesting distro of Lenox where they have all the different like offensive security tool roll in like one distro, precompiled, ready to go. I was like what is all this? Um, I discovered all the snowden links leaks and I was like Yo, like people like hackers are getting paid by the US government to like be like quote unquote, good Guy Hackers, um. And like that's debatable and that's a whole another discussion or whatever, but like they're not going to jail and you can make a career out of this. Um. And then I specifically wanted to like learn from those people. There weren't Um. Now there's a lot of great stuff. Like if you look up binary exploitation at Georgia tech killer, of course it'll walk you through like like what does a you know, like all the way to a heap overflow at the end. From like the beginning, it's like here's a here's a just a stack buffer overrun. Um, here's command injection, all the different types of like vulnerabuilding primitives. How to exploit them? Like the final cts in the class are like literally like ten different keep exploits and different keep allocators and how do you abuse them? So you're going through like you do thems course. Is that? Yeah, yeah, and that the videos are online. Yeah, that's a killer course. That didn't exist when I got into security research. The only way to do it was to like find a defense contractor that was selling these things to these three letter agencies and go work for a guy that have been doing it and like learn from them. Right. So I kind of like took that path. But yeah, you know, it's there's all kinds of cool adversarial ship right now, like Mav is amazing, Dude. I see these math strategies or something. Even touch anything like that, and so like it's a it's a total rabbit. It's highly guy and he was talking about how, like a year and a half ago he was like exploiting Um. He was he was just piggybacking transactions that I guess we're Um in the men pool that I guess sucked a bunch of value and he would just copy the transaction and run it and he would just accidentally steal money. Yeah, that's called a generalized front runner. So people are basically looking at the men pool and they're they're writing like new implementations the E v M, like in C plus plus and like in F P G A S, and the whole deal is like be the fastest one to know, uh, to calculate something. So they'll take a transaction and they'll say, can I replay this transaction without the dependency of who sent it and still get the money? And if that's the case, off front run the transaction. And so what's happened is people that are submitting Defi hacks for like hundreds of billions of dollars, that are submitting him like to the MEM pool instead of through flashblocks, flashbots or like whoever. The other black aggregators are are getting front run by these mav guys, and these mav guys are the have like little things like on ether scan. It's like, Yo, if I steal all your ship from your defied contract, just paying me and let me know. I'm not a thief, I'm not a hacker. I just operated generalized front runner and I actually front ran a hacker hacking your contract like. That's the kind of stuff like. I think that's so cool. So that stuff gets you going, man, just follow the industry, don't. Don't wait for a classic be like developed for you by some guy, because by the time that's happened it's already going to be like too late. Follow the people on twitter, allow who they follow, look at the likes they like, read the flashpots stuff. If Mav gets you going, get in their discords. Great, and I lost an employee today. Ah, it's awesome. No thanks, man. That was I think it's a great way to wrap up. I definitely appreciate you coming on the show and and definitely starting both like the intricacies and and complexity of the work you do, as well as the life you lead while trying to do it. So cool. Thanks coming on and be sure to keep...

...checking out awesome and I'll keep watching these until next time.

In-Stream Audio Search

NEW

Search across all episodes within this podcast

Episodes (127)