First time? Go read The Truth of The Red Guild so you are more in tune with what follows next.

At The Red Guild we share periodic public updates on what we've done, what we're up to, and what's to come. This helps us stay accountable and committed to our work, while we open ourselves to the community.

If you haven't read it, here's the previous update:

The state of The Red Guild #7
Update on what’s been happening at The Red Guild, and what’s to come to close 2023.
The Red Guildmatta
updates - The Red Guild
All updates from The Red Guild in a single place.
The Red Guild

Today’s update includes:

  • Details of our participation in past and upcoming events, as well as recent launches (SEAL!).
  • Our work in three recent security contests, along with one cool article on the judging process.
  • Research areas we continue exploring.
  • Grants we're applying to.

Events

Ethereum Argentina - Mendoza edition

We've continued to collaborate as partners in Ethereum Argentina - Mendoza edition, supporting the main organizers in different ways to make this an awesome event.

Ethereum Argentina | Mendoza Edition
We are the annual meeting point to promote the use of Ethereum technology, foster technological innovation and facilitate discussion of successful use cases.
Mendoza Edition

On top of it, we've been preparing a talk on operational security that we'll deliver on the first day. We'll share with the community some ideas and best practices to stay vigilant and safe while navigating the crypto world and beyond.

Agenda of Ethereum Argentina - Mendoza edition

Find the full agenda below 👇

Ethereum Argentina - Mendoza Edition - Agenda
Agenda | Schedule Edición Mendoza | Mendoza Edition
Google Docs

SEAL launch participation

As members of the Security Alliance (SEAL), we participated in their public launch.

Read more about SEAL and why we joined in our article:

The SEAL has landed
Celebrating the launch of the Security Alliance (SEAL). Learn what it is and why The Red Guild got involved.
The Red Guildmatta

DeFi cybersecurity in DeFiLab

We were invited by the spanish-speaking community DeFiLab to share some insights into the state of cybersecurity of DeFi.

We had matta joining the panel, so make sure to watch the recorded broadcast (in Spanish) here, from around 01:57:30 to 02:10:00.

Security work

Contests

We continue to explore security contests and bug bounties as an alternative source of funding for The Red Guild. We've been participating in Cantina lately, where we spent some time in the latest contests for Morpho, ZeroLend and Blast.

We've approached these contests more as bug hunters than auditors, and they've been useful to continue sharpening our bug hunting skills.

Contests play an important role in the Ethereum app-sec landscape today. We wanted to start experiencing first-hand their dynamics, understand pain points, and come up with ideas to make them more appealing to security researchers.

After a few contests, we've published an article sharing ideas on how to improve the judging process.

Who wants to make judging better?
Reflections and ideas to improve the judging process in bounties and contests platforms. Please.
The Red Guildtincho

In terms of results, we wish we could share with you our findings, but they're all still being judged! 🤷

Research on scams and phishing ops

Some members of the guild are growing fond of investigating crypto scams and phishing activities.

It's not like we'll become threat intel experts. But we do want to use our skills to understand these threats. Then, we'll come up with reliable best practices and recommendations for end-users and developers to stay safe from some of them.

There's so much to tell already... We may need to write a book to always keep at hand.

Tooling

Bug hunting in big code bases can be a painful experience. There's so much to see that it's easy to get lost. We're trying to make our lives easier by building some internal tooling that can help us navigate Solidity codebases, particularly in the first days.

Security awareness campaigns

Remember our undercover security awareness campaign in Ethereum Argentina?

You were not pwned by The Red Guild - Ethereum Argentina
Revealing all tricks used in the undercover security campaign we ran at Ethereum Argentina 2023.
The Red Guildmatta

Well, what if we did it somewhere else during 2024?

We've started having internal meetings to specifically discuss what we could do, where, how, with whom, and a big etc.

In the meantime, @smpalladino already suggested we should to do it at DEVCON 😱

RFC DIP Undercover security campaign
Daedalus is still working on a public proposal for DevconSEA treasure hunt escape game (watch this space)… Ordinarily ‘let’s combine the ideas’ is a scary prospect for project management, but in this case there are some really strong thematic and style overlaps between a security awareness campaign and a crypto-onboarding treasure hunt – we’d be open to collaborating with theRedGuild to create a crossover challenge or two within the game! Imagine if you had treasure hunt participants, as part…
Devcon Forumspalladino

It's still early to reveal any surprises, but do know that we're thinking and brainstorming about this!

Grants

As you know, The Red Guild works for the public benefit of the Ethereum ecosystem. Lots of our contributions are on areas that, due to not being profitable, are very much under-provided.

So we're always on the lookout for funding alternatives that can help sustain our operations without compromising on our work ethic and commitment towards the ecosystem.

Lately, we've been in talks with folks at the Ethereum Foundation as we applied to an ESP grant as well as to the Next Billion Fellowship program.

No big news yet, but as always, we'll keep you posted 😉