We're sharing monthly public updates on what we've been doing, what we're up to, and what's to come. This help us stay accountable and committed to our work, while we open ourselves to the community.
If you haven't read it, here's the update from last month:
tincho
tincho
Among other things, this update features:
- Our latest security work, articles and videos.
- Our experience in ETHBarcelona and the DeFi Security Summit.
- Updates on mentorships.
- How we're still not retiring after the CLR.Fund round.
Security work
As we foresaw in the last update, this month was to be be packed with preparing & releasing educational content, traveling, meeting and attending events for networking. Bottom line: we had little-to-no time to deep-dive into code.
Still, we managed to spend a few days exploring a solution for cross-chain contract administration of ChainLink’s contracts in a Code4rena contest. This is the first example of the guild exploring public security contests.
To avoid losing touch with the community in the process, we did this in collaboration with a few security researchers from WebtrES.
Latest content
New articles in our blog!
First, an article explaining a new question-driven approach we took to review Lido’s codebase, that led us to finding a bug in the oracle.
tincho
It was featured in the Week in Ethereum newsletter. Top 4 in most-clicked. Received great individual feedback, such as:
Really admire the way @theredguild are approaching security spotchecks, and that @tinchoabbate is sharing so much great writing. https://t.co/seIvMJOs6G
— obront.eth (@zachobront) July 12, 2023
Then, an article on how we used a new tool called Diffyscan during the latest Lido v2 spotcheck.
tincho
Also featured in the Week in Ethereum newsletter. Top 5 in most-clicked.
Third article was a short one, intended to promote our grant in CLR.Fund (now closed).
matta
We also recorded, edited and published a ~10 min. video sharing our latest public update with the Spanish-speaking community:
On top of these, we also:
- Crafted 2 talks for ETHBarcelona (see slides) and for the DeFi Security Summit (see slides).
- Continued developing the hands-on smart contract security workshop for Ethereum Argentina.
Community
Collaborations
We collaborated with a few security researchers from WebtrES (Discord-based LATAM community) to participate in the review of a set of ChainLink’s contracts hosted by Code4rena. We invited these researchers to our own Discord server, where we set up a private channel.
We had 3 goals:
- Participate in the contest of a high-profile, relevant project for Ethereum and try to spot security vulnerabilities.
- Connect with like-minded researchers, using the opportunity to share our review process as a guild with members of the LATAM security community. Test a few mechanics in terms of coordination and knowledge sharing, as a rehearsal of what we envision for mentorships.
- Start testing waters to use public, relevant contests as way of funding the guild.
Overall it was a great experience for everyone. Looking forward to the next ones!
Events
Big part of our focus in the last month was on IRL events. We delivered (and attended) talks, and did networking. These were our first events as The Red Guild, and we couldn't be happier with the community's feedback. Also appreciate those who reached out interested in supporting and sponsoring our work.
- ETHBarcelona: we delivered a 20 min. talk on how The Red Guild approaches security research for the common good of the Ethereum ecosystem, sharing our vision, results and challenges. Video is not on YouTube yet. Slides here.
- Defi Security Summit: we delivered a 30 min. talk on the mindset and values to get started in smart contract security and contribute meaningfully to the space. Recording here.
- ETHCC: no talks from The Red Guild here, pure networking and summer joy in Paris.
We're humbled and honored by the love we received for our work at The Red Guild during these weeks. It's been incredible. We're thankful for everyone's words and encouragement to continue with the guild's journey ❤️🔥🪷
Last but not least, we keep making progress with GEERS! The LATAM conference we are co-organizing.
On this front, we continued working on contacting speakers, curating content for talks and panels, closing deals for venues, organizing & publishing the schedule for first event on August 26th, setting up Eventbrite pages and more. The schedule is already live in the website.
Have you signed up? It's free!
Grants
We had opened a public grant in CLR.Fund’s latest round. We promoted it in our blog, Twitter accounts and Discord communities where we contribute. Given our latest experience with Gitcoin, we didn’t have high hopes.
The round has closed, and we didn’t do well. We received less than 100 DAI. We’re going to keep an eye on any analytics on the whole round, so as to understand which projects got more support, and what we can do in future experiences to follow in their footsteps.
Mentorship
One of the goals of our collab with the security researchers on the Code4rena contest was to start rehearsing dynamics for mentorships.
We’re thinking of starting with a small group of 5 or less people from the LATAM community. Details are TBD, but we expect the mentorships to be based on supporting beginners in contests or bug hunting activities.
There will be room for collaborations between mentees, as well as 1-1 interactions between mentees and us. On top of it, we want to use mentorships to share our experience, mindset and values with participants, so that they can become active and impactful contributors to web3 security.
To better understand specific needs of beginners, we created and distributed a survey among different Spanish-speaking communities we’re part of.
More than 30 people have already completed it!
Marketing & Identity
The Red Guild has a logo! 🎉 We’ve found an awesome designer that shipped this beauty. We have many variations, the more complete being:
We’re already using it in our talks, videos and social media. The next step is printing the first batch of stickers to give away to the community 😀 These are being designed right now. Yes yes, don't worry, will be ready for Ethereum Argentina!
What's next?
Regarding security work, it's likely that the guild continues experimenting with participating in public security contests. As usual, prioritizing those that feature projects that we consider relevant for the ecosystem.
Meanwhile, we're having lots of internals talks and discussions on how to fund the guild in a sustainable way. Without necessarily selling private security services like audits. We'll be iterating on many ideas we have, and start engaging with potential sponsors and supporters. If you are interested in backing our work directly, reach out!
Also, we'll continue sharing the survey for mentorships, aiming to collect a larger sample of candidates. After we analyze the results, we'll put together a plan to start offering mentorships for the community.
In terms of marketing and identity, we're planning to revamp our landing page to add more information about the guild and apply our new identity (typography, colors, etc).
Our next event is Ethereum Argentina. We're delivering one talk, one hands-on workshop on smart contract security, AND we'll be security mentors during the hackaton. If you're also attending, come say hi!
Finally, first weeks of August we're wrapping up our grant with the Ethereum Foundation. Huge milestone for the guild! We'll be sharing insights about what we think is the MVP for The Red Guild, and how we plan to continue forward.
See you in the next update!