At The Red Guild, we share periodic public updates on what we've done, what we're up to, and what's to come. This helps us stay accountable and committed to our work, while we open ourselves to the community.
If you haven't read it, here's last month's update:
tincho
For today we've got:
- Progress with the upcoming release of Damn Vulnerable DeFi
- Blast results announced!
- Contributions to SEAL.
- Topics for the upcoming workshops.
- Work on design and new logo.
Damn Vulnerable DeFi
Yeah, Damn Vulnerable DeFi v4 is coming! So much progress in the last couple of weeks.
Migration to Foundry? Done. Updating all libraries to latest versions? Done. New challenges featuring bridges, read-only reentrancy, rounding errors, permit2, merkle proofs, token airdrops? Done!
We might be witnessing the most vulnerable set of smart contracts coded by humankind. We take this responsibility seriously 😄
Right now we're developing prototypes for one or two more challenges, bugfixing others, improving challenge prompts, and that kind of top-quality features that made you love/hate Damn Vulnerable DeFi from day one.
In the meantime, if you've got suggestions for this release, leave a comment below 👇
at @theredguild we're cooking the next version of Damn Vulnerable DeFi
— tincho 🪷 (@tinchoabbate) June 12, 2024
what would you like to see? drop suggestions here or in comments!https://t.co/kjIemM9JhH
Blast
Back in February we shared that we were starting to participate in public security contests, mostly as an alternative source of funding for The Red Guild.
Even if we're not keen on the PvP mindset around contests, it's undeniable that they're here to stay, so we migh as well participate in the ones we find interesting. They're a nice training ground for our code reviewing skills.
We always learn something new during contests. Even when we don't find anything too relevant to report. But well, sometimes we do find stuff we're proud of.
Such as in Blast - an L2 forked from Optimism. The contest was in February, the results were announced last month.
It's official. 🚀🪐
— Cantina 🪐 (@cantinaxyz) June 4, 2024
The results are in for our massive $1.2M @Blast_l2 security competition:
Here are your top 3 ranked researchers:
🥇 @zachobront: $201,484.57
🥈 @Guhu95: $119,941.96
🥉 @tinchoabbate & @saucecri ( @theredguild ): $74,729.62
Amazing work. Leaderboard below: pic.twitter.com/xgcTHm5vQq
Blast was a challenging contest, where we had to dig deep into a forked Geth codebase to uncover severe flaws and vulnerabilities. It was the first time we ever review Golang code to such depth. Glad it paid off!
Regardless of the actual numbers and leaderboards, we're just happy to be finding new ways to keep The Red Guild afloat.
SEAL
We're members of SEAL, crypto's Security Alliance. Lately some of us have been collaborating on a handful of initiatives within this group. For some time we've kept all these projects behind closed doors. But it's time to start sharing them!
Mehdi from Sigma Prime will be delivering a talk at ETHCC about the Security Alliance, sharing lots of insights on projects that The Red Guild has contributed to.
If you're at ETHCC, that's one talk you cannot miss. Find it in ETHCC's agenda and add it to your calendar right away.
Drafting workshops
There're many events coming for this second half of the year that we'd like to attend. Ethereum Argentina, DeFi Security Summit, Devcon, just to name a few.
So, we're already drafting multiple pieces of content and hands-on workshops that we hope to present at these events. They'll likely be related to practical smart contract security as well as best practices for hardening development environments.
If there's anything specific you'd like to learn in these topics, let us know!
Design
June found us crafting a new version of our logo, as well as transitioning to a new designer for the guild.
Most of the latest design work was focused on (1) modifying the color palette and (2) finding a new font. Here's the result:
With these colors and font we'll have higher-quality swag (stickers, shirts, etc), and can start on unifying our brand's style across all our social channels.
Oh, and there's a fresh batch of stickers we've printed a few weeks ago that's looking awesomeee ⭐
Next steps
- Attending talks and networking in ETHCC. Some members of The Red Guild will be around this huuuge event. If you happen to see us and want to chat about security for the public benefit, come say hi!
- Working on content for upcoming events! Ethereum Argentina is getting closer and closer - we definitely want to deliver a workshop there. We're also close to submitting content for the DSS main event.
- Continue developing Damn Vulnerable DeFi v4. We're aiming for a release sometime around August. In paralell of developing the actual codebase, we'll be working on planning the release, drafting announcements, and more niceties.