First time? Go check out The Truth of The Red Guild so you are more in tune with what follows next.
At The Red Guild we share monthly public updates on what we've done, what we're up to, and what's to come. This helps us stay accountable and committed to our work, while we open ourselves to the community.
If you haven't read it, here's the previous update:
matta
tincho
Today’s update features our work for the past month or so, including:
- Participating in one security review contest in Cantina
- Our participation in LABITCONF and the upcoming Ethereum Argentina in Mendoza
- Latest articles, videos and... a massive smart contract security course 🔥
Security work
Last month we participated in the security contest of Morpho in Cantina.
It's not usual to see us competing in this kind of contests, but we felt like trying it out. First-timers in Cantina!
There were two repositories, one for the core contracts of Morpho and the other for the periphery. We spent around 10 days reviewing the code base. First days in the core contracts (boring), the rest in the periphery (more fun).
We ended up reporting a few issues here and there. Nothing too significant, but given the code seemed heavily audited and tested already, we're quite satisfied with our performance.
Judging only started a few days ago. We'll see how that goes! Looking forward to learning more once the full report is out.
Events
LABITCONF
We attended one of the largest crypto conferences in LATAM, called LABITCONF.
We wouldn't miss such a big opportunity to share our team's ethos and posture towards the safety of the ecosystem. So we had Matta participating in a security panel, sharing his thoughts and experience on how to stay safe in crypto's wild west.
🔐 Today I shared an excellent Blockchain Security panel at @labitconf with @octal from @Evertas, @mattaereal from @theredguild, @SDLerner from @rootstock_io and Seba Wain from @coinfabrik. We talked about protocols security, consensus, the future of defi security and more! pic.twitter.com/5Eu7wK41lZ
— pablito.eth 🦇🔊 ♢ (@PabloSabbatella) November 12, 2023
Thanks to the organizers and the other participants, we had a nice time – hope to see you all in the next edition!
Nym workshops - AbadíaDev
TOR is cool, but have you tried avoiding patterns and sending metadata? Well, if you value your privacy to the max, you def. should check that out!
Nym is a technology that protects internet traffic by routing it through a decentralized mixnet that can be accessed anonymously using their own ZK. There's plenty of information on their website if you're curious to learn more.
We hosted a hands-on workshop about Nym at a hacker house in San Telmo (Argentina) known as AbadiaDev. The workshop delivered by Dani from Nym, in which we assisted, was focused on setting up a mix node, the one in charge of – as you might expect – mixing requests.
Coincidentally, Web3Familia was hosting a different event the day we arrived, so we took the opportunity to meet. We slid a talk into their schedule, on how The Red Guild approaches blockchain security for the common good.
Benefits of hosting multiple Latin American events in the same hacker-house? Empanadas and asado all day long!
Thanks a lot to everyone that came to say hi! Particularly to the webtrES club, to Martín the owner of the house, to Chris from Web3Familia for sponsoring our food, and to our host Smile! She supported everything that happened there.
Ethereum Argentina - Mendoza Edition
We've confirmed our participation in the next edition of Ethereum Argentina - Mendoza Edition. Likely with a talk on, no surprise, security! We're also involved in the organization of the event, helping out with whatever is needed for overall coordination and production.
Llegamos a la tierra del sol y del buen vino 🌞🍷🏔️
— Ethereum Argentina 🦇🔊 (@EtherArgentina) December 13, 2023
📅 Agenden el 1 y 2 de marzo del 2024
Argentina, tierra de builders de punta a punta 🇦🇷 pic.twitter.com/HNRiWgJWiL
So in March you can find us talking security with a wine glass at hand, as we enjoy the company of hundreds of other builders trying to make web3 a better place. Looking forward to this!🍷🌞
Latest content
Smart contract security course
Fellow reader, we've told you a few times that we were cooking a massive smart contract security course. So it shouldn't come as a surprise to see that the course is finally out!
SMART CONTRACT SECURITY AND AUDITING FULL COURSE IS NOW OPEN TO EVERYONE ON CYFRIN UPDRAFT
— Patrick Collins (@PatrickAlphaC) December 13, 2023
🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊🎊
In just 22 hours, the top web3 experts walk you through 5 increasingly difficult audits to drill security power into you.
Here's what you need to know👇 pic.twitter.com/QvxvpKFsWE
Spearheaded by the one and only Patrick Collins, we collaborated in designing the overall course, coding hundreds of broken Solidity code for the lessons, and supporting Patrick in any way we could as he and his team pushed for months to build, record, edit, and publish.
Honored to have contributed w/ @theredguild designing the course and coding so much broken code alongside the beast @PatrickAlphaC https://t.co/YpgKYDqqhk
— tincho 🪷 (@tinchoabbate) December 14, 2023
The course is free and public in Updraft. Soon to be released on YouTube as well.
Together with Patrick, we've delivered +22 hours of 100% free and public top-quality content to learn smart contract security from scratch. Enjoy!
Security awareness
Last month we spent some time reviewing and investigating a huge security incident in an Argentinian company, apparently attacked with malware (likely using the Mekotio banker).
Matta helped in the analysis of the case, publishing a viral tweet thread (in Spanish) to raise awareness in the local community.
Acabo de venir de una empresa que fué víctima de un ataque de los mejorcitos que ví últimamente.
— ᴍatías Λereal Λeón ⚡🪷 (@mattaereal) November 24, 2023
Les robaron ~100 palos desde el Home Banking de Banco Provincia, con tan sólo utilizar su token. Pero la forma en la que lo hicieron no fué sencilla (1/?)
On another topic, we also published our full write-up of the undercover security awareness campaign we ran in the last edition of Ethereum Argentina.
@theredguild ran an undercover campaign at @EtherArgentina to teach about security at crypto events 🔥
— tincho 🪷 (@tinchoabbate) November 24, 2023
Featuring USB drops, deceiving flyers, phishing sites, backdoored code, QR codes, and other tricks.
Here's all the details!https://t.co/HZ8VSzG3OV
If you haven't read it, go for it!
matta
Funding
Optimism's RetroPGF
We made it!!! We got FORTY BALLOTS in the last round of Optimism's RetroPGF.
tincho
We're thankful for everyone in the community who included our team on their lists, or simply showed their support for us on Twitter, Discord communities, forums, etc. It exceeded all our expectations.
A special mention goes to the team behind EthernautDAO. Their support gave us the initial push we needed to be more widely recognized in the ecosystem outside our security circles.
We made it to this list's top 20!
— ᴍatías Λereal Λeón ⚡🪷 (@mattaereal) November 30, 2023
Glad that we are along so many incredible projects.
Thanks for the recommendation, much appreciated ♥️♥️♥️ https://t.co/BviadmByZT
What's next?
It's the end of the year, so don't ask too much from us 😄 Nothing too big for the next month. At least that we can speak of!
The usual bug hunting is always ongoing, either in bounty platforms or security contests. Also, expect new articles from us. We had a few in the pipeline for some time already, and we're starting to catch up.
So if you still haven't, subscribe.
Have a nice end of the year! And remember friends, don't fetch untrusted code from untrusted sources if you're trying to build a secure hardware wallet.