web3

Honest Attempts to Secure an Ecosystem

I have used my off-time from audits in the past months to write more about security. Especially in a nascent ecosystem like Ethereum still is, the most considerable impact can be delivered by educating people. Education has to happen in different modes of complexity, depending on the target audience:

  • Developers must be educated on how previous hacks happened and how to avoid making similar mistakes in the code they produce.
  • Business leads must be educated about the general (in-)securities of smart contracts and what can and cannot be expected of them.
  • General users must be educated on spotting and avoiding scams while repeatedly preached to not invest any money they can’t afford to lose. Ever.

My own contribution to the above is the Ethereum Smart Contract Best Practices. When I joined ConsenSys Diligence, the repository already existed, and people enjoyed the content. In the rollercoaster of auditing smart contracts as the main business, little time was left to properly maintain code samples, keep best practices up to date, and polish the overall site. I intend to change that.

This is a note for everyone who enjoys my technical posts to follow along as I develop the best practices. Occasionally, I also tweet about the sections I have revised previously. Contact me if you have suggestions on attacks, best practices, or helpful tooling to add.

After all, this is about educating a community so it can make educated decisions!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.