First time? Go read The Truth of The Red Guild so you are more in tune with what follows next.

At The Red Guild, we share periodic public updates on what we've done, what we're up to, and what's to come. This helps us stay accountable and committed to our work, while we open ourselves to the community.

If you haven't read it, here's the previous update:

The state of The Red Guild #9
What we’ve been up to during March, and what’s to come.
The Red Guildmatta
updates - The Red Guild
All updates from The Red Guild in a single place.
The Red Guild

Among other things, for today's update we have:

  • Talks, workshops and activities at muBuenos
  • Sneak peeks into the guild's first offsite, as well as new marketing assets
  • Ongoing work developing Damn Vulnerable DeFi v4

The Red Guild at muBuenos

April was a packed month for the members of The Red Guild contributing at muBuenos.

Lots of technical activities, including workshops on OS hardening, WiFi security, and how to develop in safe isolated environments using web3-tailored devcontainers. Because not everything in crypto security is about smart contracts! In the meantime, we shared Argentinian wines and picadas 🍷🧀

Come and build your own devContainer with The Red Guild | Social Layer
Come and build your own devContainer! Welcome fellow adventurers to another gathering by the red guild, a non-profit security focused organisation that works toward making the Ethereum ecosystem a safer place. In this hands-on workshop you will learn to create your own developer-focused container…
Social Layer

In the devcontainers' workshop, we showed how to develop and run untrusted programs inside a secure environment. We used our own devcontainer, and also explained how to develop and customize your own containers that best suit your needs.

It was also a nice opportunity to learn about dangerous threats in malicious GitHub repositories, and how to defend against them.

But that wasn't all! We organized meetups to continue learning about other topics. For example, wireless security.

The Red Guild’s mueetup #1 | Social Layer
Security focused space by theredguild.org (a security non-profit organization that works trying to make the ethereum ecosystem a safer place). Come, have a chat, collaborate on one of our current projects, present something maybe? exchange data, talk about hardening practices, awareness. bring your…
Social Layer
The Red Guild’s 2nd security mueetup | Social Layer
Last opportunity to come and have a chat with us, ask about and work on security related projects. I will be playing a bit with my flipper zero, assembling a pwntagochi, and maybe something related to WiFi hacking. There are no planned activities for now! Maybe chess?…
Social Layer

In these meetings we discussed about the usual threats in WiFi, RFID, NFC, etc., and shared tips on how to stay safe in hostile environments.

Of course, we also had outdoors activities planned. Just to chill and connect with the lovely Argentinian community ❤️ Slack line, walking, asados, movies, and more!

Thanks to everyone who attended and stayed with us all this time at muBuenos – until next time!

Offsite 🌴

First time in months that all members of The Red Guild meet IRL.

We literally got into a lodging in an island, without any other distractions, at a cozy place akin to a cabin refuge in the mountains. It seems we paid for the full in-the-wild experience, because we even had a little flooding situation 😆

Great times catching up, running insightful retros on our past work, as well as discussing pressing topics, drafting objectives for 2024, and planning ahead. The sync time was also key to iterate fast on some new initiatives we're planning for the upcoming months.

Damn Vulnerable DeFi

As we shared in the last update, we're developing the next version of Damn Vulnerable DeFi.

Damn Vulnerable DeFi
Challenges to learn offensive security of DeFi smart contracts in Ethereum

Many things planned for v4. Right now we're focusing on migrating the whole codebase to Foundry and upgrading to the latest versions of Solidity and the external libraries used throughout the challenges (OpenZeppelin Contracts, solady, solmate, Safe, etc).

While the migration to Foundry from Hardhat has been fairly straightforward, upgrading to the latest versions of those libraries has not. They continue improving and having more embedded security checks, making it harder and harder to write bad code intentionally 😆

The deprecation of SELFDESTRUCT has also been quite consequential to Damn Vulnerable DeFi. We're refactoring a few challenges to make them as appealing as they were, but not dealing with this deprecated opcode anymore.

In parallel, we continue experimenting with an early MVP to play Damn Vulnerable DeFi in other environments. For example, in the browser. Once we have that ready, we'll decide whether it's best to play locally, in browser or spin up dedicated testnets.

Once we're done with this, next stage is adding new challenges!

SEAL ISAC

The Security Alliance (SEAL) makes crypto safer one launch at a time. This time with ISAC, an information sharing and analysis center dedicated to crypto.

SEAL-ISAC | An ISAC for Crypto
SEAL-ISAC is the world’s leading Information Sharing and Analysis Center for crypto.
An ISAC for Crypto

Here's a thread in english by samczsun explaining more details about it:

If you'd rather read it it in spanish, we've got you covered too:

We salute the whole SEAL team for this new launch. For more info about SEAL ISAC, refer to their website 🚀

Design 🎨

In April we set out to revamp some assets of the guild's brand. We wanted to print a new batch of stickers for the upcoming events in better quality, so we started adapting our logo, color palette and font.

After several rounds of desgining, iterating and reviewing variations, we're getting closer to something that we're all happy with. Look, here's a few variations we printed to experiment:

Experimental versions of The Red Guild's logo

In May we'll be narrowing down to just a few options, and hopefully have a final press kit ready to share with you all.

Security work

Not many news on this front. As you saw in the previous sections, we were quite busy with many other activities.

During April we followed up on our work in Cantina's Blast contest, participating in the escalations phase. Surprising to see how PvP the judging and escalations can get.

We wonder to what extent such an adversarial environment is beneficial. Are we focused on security or just trying to beat each other? Competition can push us to work harder and uncover more bugs, but it might also lead to everyone just trying to game the game. It's hard to know where the right balance is.

What's next

In May we'll keep working on many ongoing activities that we've got. These include:

  • Iterating our design and marketing assets to have a beautiful press kit ready.
  • Contributing to initiatives at SEAL.
  • Developing Damn Vulnerable DeFi, aiming to wrap up the migration to Foundry and have at least one new challenge.
  • Consolidating all our learnings of the muBuenos workshops in internal docs. We want to keep improving and polishing them, so as to make them more appealing and reproducible for future events and conferences.
  • Work in internal docs and processes of the guild, following up on discussions we had during the retreat.

And that's it! See you next time 👋