The Optimism Collective's round 3 of RetroPGF is happening! Now we're going through the voting phase until December 7th.
If you're a badgeholder wanting to learn more about The Red Guild and why support us, this article's for you ❤️
You can find our application for the RetroPGF in these links:
We're also part of the EthernautDAO's list:
Who are we
The Red Guild is an autonomous collective helping enhance the security of the Ethereum ecosystem and those who contribute to its long-term success.
As a small team of hackers, educators and advocates, we’ve taken a public-good approach to web3 security, putting our skills in favor of the community.
We envision transforming security research and advocacy into a public good initiative in favor of the Ethereum ecosystem. This will complement the private profit-driven efforts of others in the space.
tincho
We conduct security reviews, responsibly disclose vulnerabilities, and produce free educational material in articles, interviews, videos, talks, workshops, awareness campaigns and challenges. We engage with LATAM communities, sponsoring meetups and hosting local events for web3 devs and security researchers.
We've worked on The Red Guild full-time for almost a year as our full-time job. We have never sold private security services nor accepted funding from VCs. All we've done has been for the communtiy, open and accessible to the whole ecosystem.
How we got to know the RetroPGF rounds
Up until some months ago, The Red Guild was funded by grants from the Ethereum Foundation. In the meantime, we've been seeking for complementary sources of funding to sustain our project in the long-term. And now that our grants with the EF are done, we're more actively looking for alternatives.
We tried community-driven grants like CLR.Fund and Gitcoin Grants, but the experience, to say it nicely, didn’t meet our expectations.
After sharing and openly talking about those experiences in conferences and meetups, we were advised —by other LATAM communities that have been actively contributing and participating in the ecosystem— to explore the RetroPGF rounds of Optimism, which could better align to our values and support (at least part) of our activities.
Our contributions and impact
No doubt our work hasn't been exclusively aimed to the Optimism Collective. Yet we're convinced it contributed to educating web3 security researchers and developers on security topics that are relevant for Optimism-based applications to stay safe.
🕵️♂️ Security work
- Participated in bug bounty programs to responsibly disclose security vulnerabilities (like this one).
- Reached out privately to developers to share weaknesses, flaws or security concerns.
- Opened public GitHub issues for non-exploitable bugs or to suggest best practices (like this, this, this, this or this).
- Participated in crowdsourced security contests from relevant projects in the ecosystem (such as this for Optimism).
Here's a list of public reported issues, ranging from critical vulnerabilities to other flaws and weaknesses.
⚔️ Challenges
- We continued developing and maintaining the most beloved DeFi security challenges in the ecosystem! Damn Vulnerable DeFi.
If you're a true OG optimist, the Wallet Mining challenge might be for you 😁
🦜 Talks
We attended several events to spread The Red Guild's ethos:
- A live talk at ETHBarcelona discussing how we think about security for the common good of the ecosystem. And the challenges that come with it.
- A live talk at Ethereum Argentina sharing our approach to security at The Red Guild.
- A live talk at the DeFi Security Summit, sharing our view on why security matters and the reasons beginners should join the space.
- A security panel in day 2 of LABITCONF conference (sadly no recordings, but here's a tweet with some photos from one of the panelists).
⚒️ Workshops and walkthroughs
- 1.5 hours-long workshop on security testing with Foundry, for a local university in LATAM. We also delivered a refreshed version of this workshop at Ethereum Argentina.
- A ~1.5 hours-long walkthrough of the Account Abstraction reference code, going deep into the contracts and bundler implementation.
😵💫 Hacks explained
- Videos explaining hacks in detail, such as Euler and TORN governance.
🎙️ Interviews
- Our interview with Patrick Collins sharing our smart contract reviewing process (full video here),
📜 Articles
(we write a lot, probably too much, these are just some highlights)
- Some (like this or this) related to our security research activities and vulnerability disclosures.
- Some (like this) explaining in detail how we approach security spotchecks, a kind of unsolicited security review we do at The Red Guild for projects that catch our interest.
- Some (like this) explaining how we use available open-source tools for our work.
- Some (like this) sharing our past experiences with auditors in the ecosystem.
- Monthly updates openly sharing all of our activities with the web3 community.
🫂 Events
- A local meetup of web3 devs in Buenos Aires that we sponsored.
- 🌟 GEERS: Blockchain edition. A local 2-day event in Argentina that we co-organized, with hundreds of attendees. We also delivered security-related talks and workshops there. Here you can find photos from the first day and the second day.
Over 250 people from various cities learned about Optimism for the first time at GEERS. The topic was featured at least twice in the talks. Particularly in a talk by Joxes on "The Importance of Participatory Roles in Governance".
🧑💻 Education
- A Secureum RACE quizz for beginners to learn about edge cases of Solidity smart contracts.
- A 🔥 massive 🔥 smart contract security and auditing course partnering with Cyfrin.
🥷 IRL security awareness
- A 2-day-long undercover campaign at Ethereum Argentina running red-teaming-like activities to raise security awareness in all attendees.
If you're a numbers person, then here's a snapshot of mid October 2023 showing some metrics from our tracked, public content. Honestly we don't pay that much attention to them. We take them with a pinch of salt. Because we tend to be cautious of using vanity metrics to measure our real impact.
And by the way, The Red Guild has done all of this, and more, with only 3 full-time members 😉
How was our application process
This is the first time The Red Guild applies for the Optimism Collective's RetroPGF rounds. Overall the experience has been good so far. We've got some experience applying for other community grants such as Gitcoin and CLR.Fund. So we can say that the AX (applicant experience 😛) for this one has been, at the very least, better.
Our approach is usually the same. First we see the kind of information they are requiring from our activities, we copy the form fields to a shared Notion page, and write our whole application in Notion. After iterating on it multiple times and peer-reviewing it, we may share it with an outsider for additional feedback. Finally, we'd open the "official" form, move our texts to it, and hit submit.
With Optimism, we did struggle finding out how exactly to fill out the online form. We couldn't see at once all the information we had to provide. So we had to first fill it up with random stuff and advance right until the end (without submitting it, of course) to know exactly everything we'd need to provide.
Also, each field in the form had hidden limitations in the text's length. This meant that we had to first find the limit for each field (you'd LOL hard if I told you how we did this), and then adjust our texts to each particular field. This was somewhat inconvenient and slowed down the process. But well, it wasn't a blocker really.
Other than these, the experience was nice and we'd comfortably go through it again in the future.
Some community love
Here's some members of the community sharing appreciation for The Red Guild's work:
👀
— Ξthernaut (@the_ethernaut) November 21, 2023
Attention badgeholders 🔴
👇@retropgf https://t.co/Rw28GXhDws
Really admire the way @theredguild are approaching security spotchecks, and that @tinchoabbate is sharing so much great writing. https://t.co/seIvMJOs6G
— obront.eth (@zachobront) July 12, 2023
This is one of the good things to support with RetroPGF.
— CryptoFede (@fedesarquis) November 22, 2023
These guys fight for our security and help improve everyone's knowledge on the subject <3 https://t.co/xuBCv4KDr2
lovely to see @theredguild included among such impactful projects for the ecosystem ❤️
— tincho 🪷 (@tinchoabbate) November 30, 2023
thanks for the support @EthernautDAO! https://t.co/xUhkjz5cfl
While there are many things in this space being overrated, what @tinchoabbate and @mattaereal are doing has been underrated. ٩( ^ᴗ^ )۶ https://t.co/LjW2JURUys
— riely.eth ✨ (@RielyChen) March 28, 2023
🤯 IMHO the most constructive and funniest workshop at @EtherArgentina
— colkito (@colkitoxyz) November 24, 2023
What a great work! @theredguild @tinchoabbate @mattaereal 🙏 https://t.co/ljq5jG5JXY
🤯 OMG The Red Guild is awesome 🤯 I so want to vote for it
Go for it dear badgeholders: