First time? Go check out The Truth of The Red Guild so you are more in tune with what follows next.
At The Red Guild we share monthly public updates on what we've done, what we're up to, and what's to come. This helps us stay accountable and committed to our work, while we open ourselves to the community.
If you haven't read it, here's the previous update:
Today’s update features our work for the past month or so, including:
- Participating in one security review contest in Cantina
- Our participation in LABITCONF and the upcoming Ethereum Argentina in Mendoza
- Latest articles, videos and... a massive smart contract security course 🔥
Security work
Last month we participated in the security contest of Morpho in Cantina.
It's not usual to see us competing in this kind of contests, but we felt like trying it out. First-timers in Cantina!
There were two repositories, one for the core contracts of Morpho and the other for the periphery. We spent around 10 days reviewing the code base. First days in the core contracts (boring), the rest in the periphery (more fun).
We ended up reporting a few issues here and there. Nothing too significant, but given the code seemed heavily audited and tested already, we're quite satisfied with our performance.
Judging only started a few days ago. We'll see how that goes! Looking forward to learning more once the full report is out.
Events
LABITCONF
We attended one of the largest crypto conferences in LATAM, called LABITCONF.
We wouldn't miss such a big opportunity to share our team's ethos and posture towards the safety of the ecosystem. So we had Matta participating in a security panel, sharing his thoughts and experience on how to stay safe in crypto's wild west.
Thanks to the organizers and the other participants, we had a nice time – hope to see you all in the next edition!
Nym workshops - AbadíaDev
TOR is cool, but have you tried avoiding patterns and sending metadata? Well, if you value your privacy to the max, you def. should check that out!
Nym is a technology that protects internet traffic by routing it through a decentralized mixnet that can be accessed anonymously using their own ZK. There's plenty of information on their website if you're curious to learn more.
We hosted a hands-on workshop about Nym at a hacker house in San Telmo (Argentina) known as AbadiaDev. The workshop delivered by Dani from Nym, in which we assisted, was focused on setting up a mix node, the one in charge of – as you might expect – mixing requests.
Coincidentally, Web3Familia was hosting a different event the day we arrived, so we took the opportunity to meet. We slid a talk into their schedule, on how The Red Guild approaches blockchain security for the common good.
Benefits of hosting multiple Latin American events in the same hacker-house? Empanadas and asado all day long!
Thanks a lot to everyone that came to say hi! Particularly to the webtrES club, to Martín the owner of the house, to Chris from Web3Familia for sponsoring our food, and to our host Smile! She supported everything that happened there.
Ethereum Argentina - Mendoza Edition
We've confirmed our participation in the next edition of Ethereum Argentina - Mendoza Edition. Likely with a talk on, no surprise, security! We're also involved in the organization of the event, helping out with whatever is needed for overall coordination and production.
So in March you can find us talking security with a wine glass at hand, as we enjoy the company of hundreds of other builders trying to make web3 a better place. Looking forward to this!🍷🌞
Latest content
Smart contract security course
Fellow reader, we've told you a few times that we were cooking a massive smart contract security course. So it shouldn't come as a surprise to see that the course is finally out!
Spearheaded by the one and only Patrick Collins, we collaborated in designing the overall course, coding hundreds of broken Solidity code for the lessons, and supporting Patrick in any way we could as he and his team pushed for months to build, record, edit, and publish.
The course is free and public in Updraft. Soon to be released on YouTube as well.
Together with Patrick, we've delivered +22 hours of 100% free and public top-quality content to learn smart contract security from scratch. Enjoy!
Security awareness
Last month we spent some time reviewing and investigating a huge security incident in an Argentinian company, apparently attacked with malware (likely using the Mekotio banker).
Matta helped in the analysis of the case, publishing a viral tweet thread (in Spanish) to raise awareness in the local community.
On another topic, we also published our full write-up of the undercover security awareness campaign we ran in the last edition of Ethereum Argentina.
If you haven't read it, go for it!
Funding
Optimism's RetroPGF
We made it!!! We got FORTY BALLOTS in the last round of Optimism's RetroPGF.
We're thankful for everyone in the community who included our team on their lists, or simply showed their support for us on Twitter, Discord communities, forums, etc. It exceeded all our expectations.
A special mention goes to the team behind EthernautDAO. Their support gave us the initial push we needed to be more widely recognized in the ecosystem outside our security circles.
What's next?
It's the end of the year, so don't ask too much from us 😄 Nothing too big for the next month. At least that we can speak of!
The usual bug hunting is always ongoing, either in bounty platforms or security contests. Also, expect new articles from us. We had a few in the pipeline for some time already, and we're starting to catch up.
So if you still haven't, subscribe.
Have a nice end of the year! And remember friends, don't fetch untrusted code from untrusted sources if you're trying to build a secure hardware wallet.