First time? Go check out The Truth of The Red Guild so you are more in tune with what follows next.
We're sharing monthly public updates on what we've been doing, what we're up to, and what's to come. This helps us stay accountable and committed to our work, while we open ourselves to the community.
If you haven't read it, here's the previous update:
tincho
tincho
Today’s update could've been earlier than this, we know. But we’re not going to lie to you, our keen and fellow reader. We were –among the usual– resting? So many conferences, events, meetups, and gatherings took a toll on us and we were still in recovery.
So here is a brief summary of what we’ve been up to from July to October 👀.
Rest assured, we haven’t vanished, we’re still here, going strong!
In case you'd rather watch than read:
Latest content
RACE-22 Secureum #22
A few months ago we were offered to create Secureum's RACE for September. If you happen to know nothing about these types of challenges, we've got you covered.
They're mainly security-themed quizzes, composed of –sometimes– several code-related situations, and follow-up questions that should be answered with multiple choice options. The main challenge is that you have to do everything under the clock.
RACEs are nowadays created by invited authors but coordinated under Secureum. This challenge was authored by our tincho.
But yes, tl;dr: an online exam in which you can validate and –at the same time– put your knowledge to the test.
In case you want to check this specific RACE in a self-paced mode with the opportunity to corroborate your choices, you can go to patrickd's solutions.
Write-Up of RACE-22, Quiz of @TheSecureum Bootcamp for Ethereum Smart Contract Auditors.
— patrickd (@patrickd_de) October 3, 2023
Created by the legendary @tinchoabbate from @theredguild, creator of https://t.co/p6KMYXdFSPhttps://t.co/ci3beOrgPJ
Congratulations to everyone who participated! 👏 Not only to the ones who reached the leader board, but it was also a hard run we've heard.
🎉 Secureum RACE-22 Results 🎉
— SΞCURΞUM (@TheSecureum) October 22, 2023
💨 Number of Runners: 175
⚖️ Median Score: 2.8/8
🥇 Top Score: 8/8
🙏 Designer: @tinchoabbate
🏆Top 32 Leaderboard🏆 https://t.co/ubUSJt6lAL pic.twitter.com/IV6OULPfpo
Hacks Explained
And as hard as you think tincho might be, getting people to score a median of 2.8 –ouch–, he also has created some videos explaining two of the most popular hacks at the time. The Torn Governance Hack, and the Euler Finance Hack.
They have been available on our YouTube channel. We hope you enjoy them! And if you have feedback to give, please do so, it will be much appreciated.
Events
The culprits behind the drain of our stamina! 😪
In the previous updates we mentioned speaking at EthBarcelona, DeFi Security Summit & 101, and networking around ETHCC.
But our "little" tour did not end there –oh, no–, we flew to Argentina afterwards.
Ethereum Argentina
First, we stopped at EthereumArgentina, we had two major involvements, and a secret one 🤐.
The first one was an appearance on the main stage. An adaptation of the talk tincho delivered at EthBarcelona to be given with matta in a conversational and kinda theatrical way.
Fun fact: matta used to do musical comedy in the past 🤫.
The video is already available on EthereumArgentina's YT channel. But we got permission to re-upload it to our YT channel as well.
Thanks to our video editor for their patience in dealing with our requests.
Then we managed to entertain our new public –more than 40 people– for 2 hours straight with our First steps in smart contract security with Foundry workshop. Two hours straight with people's current average attention span, and considering it was at the end of the conference... that's quite a feat! 🎉
We were the only workshop allowed to surpass the 40' rule 👑. We gotta give it to the organization –and of course to matta's insistent but convincing skills– for allowing us to give the full extent of our workshop.
Secret awareness campaign
Still unsure how many attendees heard about this particular campaign, we leave the reader some metrics below. Since everyone was told to stay quiet about it, there wasn't much repercussion online, and for that we are thankful!
- 22 unique visitors met Curiosity (our cat) , which could only be reached by scanning wild QR codes that we left almost... everywhere.
- At least 20 more entered directly to our main campaign page through fake websites, phishing, soft-pwns –basically running something they should've checked first– or wireless "attacks".
- More than 40 unattended devices were recorded being delivered one of our awareness cards on top. Some of them were even fully unlocked 🤦.
matta
And that was about half of it. We are hoping to write an entire article about it in the future, so we're not going to reveal all of our tricks this time, at least not without the necessary context and awareness. In exchange, we will end this section by publicly releasing one of our Easter eggs at the end of this article.
This kind of things don't happen only at LATAM Web3 events but in Web3 events worldwide. EthereumArgentina was just an example. As a matter of fact, this campaign was improvised after detecting poor operational and personal security practices in the conferences we attended on our previous trips.
GEERS: Blockchain edition ft. The Red Guild
We feel we've been mentioning this event for so long and now it is over.
The ephemeral nature of events, amirite?
If you are curious about the contents that were given or the nature of the event, you can still check it out at the website below. Bear in mind it's in Spanish.
It consisted of two separate events
The first event was titled "Hello (blockchain) world!". As you may guess, it was an introduction targeted to enthusiasts and newcomers. Although some topics covered technical stuff. We had around ~250 attendees at Teatro del Fuerte (in the city of Tandil, Argentina).
The second event named "Warm up" focused on the technical front. There was a cap of 80 attendees, and hosted more than 60 at Globant's Iconic Building offices (also in the city of Tandil, Argentina).
Basically, it was a more beginner-friendly track, an intermediate/advanced track, and sometimes more of a front-end/back-end choice. Very inclusive!
¡Que jornada la que vivimos en Tandil! 🙌
— Buidlers (@buidlerstech) October 5, 2023
En el Warm Up Técnico de #GEERSBlockchain, compartimos una experiencia super enriquecedora de la mano de grandes referentes locales 💪@webtresclub @NomicFoundation @SEEDLatam @theredguild
Les dejamos un video✨ pic.twitter.com/FP4YHCm8U9
One of my favourite highlights from this weekend was having the opportunity to see firsthand @alcuadrado explain Hardhat Ignition and how it can revolutionize deployments.
— ᴍatías Λereal Λeón ⚡🪷 (@mattaereal) October 2, 2023
People squished right up to him and didn't want to leave 😂
Way to go @NomicFoundation! pic.twitter.com/loAcvMzRza
Post-Events
In the end, we stayed in the venue for a while, chilling and connecting. To celebrate, The Red Guild hosted a traditional Argentinian 'asado' at the main house that was rented for accommodations, mostly for speakers and local influencers.
Attendees and speakers highlighted:
✔️ Benefits of an intimate event
✔️ High quality of the contents
✔️ Highly approachable speakers
Rock climbing – a new constant at events?
It all started in Spain, where tincho heard about a group called ClimbersDAO (this is a real tg group for climbers) and got matta to join. Because matta... has an unresolved Spider-Man/Assasin's Creed wannabe climbing issue and loves to climb the fuck out of things.
So apparently what started as a collective of security researchers, ended up organizing climbing meetups through their journey as well.
We gathered to climb in: Barcelona 2 times, Paris 3 times, Buenos Aires 1 time, and in Tandil we replaced climbing with trekking and board games.
Posting pictures on this matter is avoided in order not to show off our mad skillz (we actually don't want to dox frens unintentionally).
Do you do any exercise or training? Move your body! Health in its many forms is something important to us. Stay healthy adventurers!
Funding
Thanks to the financial support of the Ethereum Foundation, in six months we went from zero to laying the foundations for The Red Guild. We were able to successfully execute all the points we had included in the original proposal, going well beyond what we would’ve imagined at that time. So, coming to the end of this grant was a huge milestone for us.
We delivered a long and detailed document for the EF, based on all our monthly summaries, some of which have been spun and shared as public status updates you've read. The introduction of the document for the EF reads as follows:
We highlight our most significant achievements and milestones as we laid the groundwork for an autonomous guild of security researchers working for the common good of the Ethereum ecosystem.
It's not public, but among all the things we can share are the main challenges that we faced:
- dividing work, coordinating tasks, and sharing knowledge,
- balancing priorities and focus in a small team,
- underestimating content creation efforts,
- and of course, funding.
So for the past months, except for a small donation from Gitcoin, we did not receive any other funding nor did we proactively pursue it.
Recently, a submission to the RetroPGF from Optimism was sent, since we did things around –and directly– related to the layer, fitting us inside their scope. We were also encouraged by some members of their collective.
Operations
Some internal groundwork has been done related to our list of alternative funding, and to the task distribution system inside the guild as well. How we relate to tasks, how they make us feel, and how much time and effort it is needed to fulfill them. To understand all of this better and allow us to project how to fund our activities in the future, we are experimenting with different types of metrics and formulas.
Why this? Well... because what interests you may not be what you're actually good at, what the ecosystem –or the guild– needs at that particular time, and vice versa. To set a few simple hypothetical examples:
- saucecri may be good at developing monitoring tools but he wants to do research on MEV exploitation, a topic let's say he knows nothing about it yet.
- tincho can be great at writing high-technical articles, but when he does they pull him away from the spotchecks he wants to be focused on.
- matta is naturally organized with legal documents and executing payments, but he would like to avoid them as much as possible.
Possible solutions to this scenario could be that saucecri does research on MEV but should develop a tool that is aligned with some of our primary objectives, and so on. However, the complexity and most important output of these metrics resides in how task-related decisions influence our funding.
What's next?
Funding
It's a little too soon to understand the best ways to use the previously mentioned metrics to guide our growth and development. The main idea would be to create a framework for decision-making on what types of projects we would need to tackle in the future, and what different activities should these projects entail. Moreover, this framework should allow us to understand how to plan our activities depending on their type of funding.
In other words, we are still yet to learn how the work done can impact our funding objectives and align with our personal interests/motivations.
Moreover, a collaboration scheme is being developed, in which other organizations or friends can support us in several ways, not only monetary.
Events
You won't see The Red Guild at DevConnect, unfortunately. And to everyone who expected to greet us there or extend their invitations to our members, we are again thankful for it.
If you happen to attend LABITCONF, say hi to matta, he will be at the security panel held on the 11th of November, providing a perspective on the current security affairs of the ecosystem.
Research
Some of our members decided to start learning Rust 🦀, so they can help with projects they are keen on. We're outing them here so they don't quit due to public exposure pressure.
Leave your favorite Rust projects in the comments so they can check them out. Ideally, they will probe their knowledge by sending a few PRs.
Not your average Easter egg: coast-guard.mp3
Imagine navigating through a digital ocean, where the deep, spatial sounds of the '80s merge with the playful melodies of square-wave oscillators, typical of video game consoles from that era. It's as if you're inside a video game, but with a retro twist that evokes memories of the past that still resonate in our hearts.
What makes it even more special is its authenticity. No virtual instruments (VSTs) were used in its creation. Every note and sound comes from real synthesizers, performed with passion.
See you soon, we hope! And thanks for standing by!