At The Red Guild, we share periodic public updates on what we've done, what we're up to, and what's to come. This helps us stay accountable and committed to our work, while we open ourselves to the community.

In case you missed the last one, you can find all our updates here:

updates - The Red Guild
All updates from The Red Guild in a single place.

Did you miss us? We've got a lot to share about what happened during the past two months (August and September):

Conferences & events

Here's the TL;DR. In 34 days we have:

  • Given 3 talks
  • Hosted 5 workshops
  • Mentored in 3 conferences (roughly 16 teams)
  • Participated as judges in a hackathon
  • Organized and shipped a 1-day security conference

Impressive, isn't it? 😄 Here's a more detailed breakdown.

Ethereum Uruguay

During Ethereum Uruguay we participated as mentors in the hackathon, mainly advising and practicing pitch, and also delivered a talk called "Cháchara segura" with pablito.eth.

The talk consisted of a small research that started with the question: How many of the historical top 25 rekts of our ecosystem were NOT due to a vulnerability in smart contracts?

We really enjoyed our stay, and wish the Uruguayan Ethereum Community the best on this –kind of– new beginning.

Ethereum Argentina

During Ethereum Argentina we participated as judges and mentors in the hackaton. Also delivered two pieces of content.

First, a main-stage sketch with pablito.eth (again) of two friends called "Cuentos de la crypto", where we talk about many many many stories of crypto projects failing due to security problems.

The idea of the sketch is strongly motivated by having a strong interest in different types of art as an expression, so having things a little "off" from the usual was bound to happen. Expect more of this in the future.

And then we delivered a 1-hour presentation on detailed walkthroughs of common repository backdoors, sharing with users and developers all the risky threats that may lurk in a seemingly benign code repository.

Aleph

Then Aleph happened. The awesome crypto pop-up city in Buenos Aires where we stayed around for long, organizing events, meetups and connecting with the local community. Here's some of what we did:

  • We offered office hours to startups, to discuss and coach security mentoring, and how to improve pitch and storytelling.
  • Organized a one-day security-oriented conference named "Security day", in which we created a whole day that followed a storyline, inviting different speakers to co-create specific original content for the conference.
Security day (+CTF) · Luma
We welcome you to a day at Aleph where we don’t take security for granted. Your host, matta (The Red Guild, and member of SEAL), will introduce you to several…
  • Shared a revisited version of the "Cháchara Segura" talk we had delivered in Ethereum Uruguay.
  • Also delivered a talk on the Public Goods track, talking about the importance of security as a public good. In it, we share the gist of our work and other similar organizations such as the Security Alliance (SEAL).
2024 - Aleph - On the importance of security as a public good
On the importance of security as a public good by matta.
  • Hosted a Solidity & dApps week by The Red Guild (see all events in https://lu.ma/theredguild), where we invited awesome speakers to teach and share their experiences in:
    • Intro to Smart Contracts & Solidity
    • Intro to dApps development with Scaffold-ETH 2 & SpeedRunEthereum
    • Smart contracts deployments with Hardhat Ignition
    • Smart Contracts Security with Foundry

The overall experience of Aleph was really enriching, an incredible amount of work by soo many people to host a lot of activities at the same time. Argentina is up to a good start, or so we believe. Talks should be published soon, but we will probably re-upload most of our content to our YouTube channel as always.

Contributions to SEAL

In the past months we kept contributing to multiple Security Alliance (SEAL) initiatives. Our original idea of creating a safety handbook to cover security topics for users, devs, and other stakeholders is now part of an upcoming SEAL initiative called “Security Frameworks”.

Did I say upcoming? Sorry, I meant LAUNCHED! 🙌🚀

GitHub - security-alliance/frameworks: Official repository for the Security Frameworks by SEAL
Official repository for the Security Frameworks by SEAL - security-alliance/frameworks

We're glad that we can finally share with the community this initiative that matta has been leading and pushing forward like no other.

These Security Frameworks by SEAL are still a work in progress, and you can now help us take it to the next level. We encourage you to take a look at these guidelines, and contribute with PRs suggesting changes, improving them, and writing your own!

If you don't know where to begin, just take a look at the Issues list 👇

Issues · security-alliance/frameworks
Official repository for the Security Frameworks by SEAL - Issues · security-alliance/frameworks

Design

In the past months, we've been iterating over our design assets over and over just to get them as beautiful as they can be. We've printed multiple sticker batches that we've been sharing at events and conferences.

Latest batch of stickers! Experimenting with new designs, colors, shapes.

Right now we're also working on improving the design of presentations, as well as brainstorming ideas for new stickers, a landing page, and more! 🎨

Security awareness for future DEVCONs

After our successful security awareness campaign in Ethereum Argentina 2023, and some people in the community showing interest in us repeating the experience in Devcons, we've taken our time to put together a DIP proposal for the Devcon organizers.

(RFC) DIP: Security Awarness Activities On-Site
This thread is a work in progress. Heavily inspired by: “RFC Undercover Security Campaign” by @spalladino . You were not pwned by The Red Guild - Ethereum Argentina Crypto conferences aren’t just about the buzz and networking. If you look a little closer, you’ll notice that they can sometimes be more intense than they appear. In these spaces, there’s more than just learning, swag, and POAPs; there are also people looking to take advantage of the unprepared. The threats are real, from subtle s…

We've come up with the ALERT name for our future campaigns, meaning: Awareness, Learning, and Education for Real-world Threats.

If you're interested in us doing this kind of activities, or you'd like to somehow contribute to making them happen (sponsoring? 😄) then feel free to jump in the forum's thread or directly get in touch with us!

New grant proposal for the Ethereum Foundation

As you probably know by now, the Ethereum Foundation (EF) has been our primary supporter since our inception. They undoubtedly understand the value of teams doing security for the public benefit of the Ethereum ecosystem and have been an outstanding source of funding for the work of The Red Guild.

Seeing our relationship with the EF growing and strengthening is nothing but reassuring that we're on the right path to making this ecosystem a safer place.

That's why we've decided to apply for a new ESP grant with them, this time hopefully for a longer period of time🤞

What's next

On top of everything we just shared, there's still much we cannot disclose. We don't like ruining surprises 😀. Suffice it to say that we're heads-down working on new pieces of content for the DeFi Security Summit and Devcon.

In the DeFi Security Summit you'll find us delivering:

  • In the 101, a workshop on smart contract security with the recently released version of Damn Vulnerable DeFi
  • In the main conference, a workshop on hardening development environments against repository backdoors.
  • Possibly participating in a SEAL panel.

In Devcon, you'll find us:

  • In our Impact Team booth, preaching the Ethereum security for the public benefit gospel, delivering cool swag, and perhaps hosting some fun activities.
  • Delivering a 2-hour workshop on practical threat detection for users and devs.
  • Delivering a short talk at the security track where we talk about SEAL's Security Frameworks.

So, where do we see you this time? Until then!