1 00:00:00,400 --> 00:00:05,000 This is epicenter episode 346 with guest Dan Guido. 2 00:00:19,300 --> 00:00:21,600 Hi, welcome to epicenter. My name is Sebastian quechua. 3 00:00:22,000 --> 00:00:24,800 Today, our guest is Dan Guido, he's a CEO of trail of bits 4 00:00:24,800 --> 00:00:29,100 there, a software security firm that has been around since 2012, 5 00:00:29,100 --> 00:00:32,700 and they work quite a bit in the blockchain space, but not only. 6 00:00:32,700 --> 00:00:37,100 They also do work in the sort of broader software security space. 7 00:00:37,400 --> 00:00:41,400 They work for government institutions as well in the US. 8 00:00:41,900 --> 00:00:44,200 They're very good at. I mean, one of the things that I 9 00:00:44,200 --> 00:00:47,800 Love About Your Love B is that they're great communicator. 10 00:00:47,800 --> 00:00:52,600 So they have an amazing blog that just captures a lot of the 11 00:00:52,600 --> 00:00:54,300 work that they do. And so if you want to learn 12 00:00:54,300 --> 00:00:57,700 about software security, I think like their blog is a great place 13 00:00:57,700 --> 00:01:00,400 to start. They also have a Publications 14 00:01:00,700 --> 00:01:04,200 repository on their GitHub where they publish all their security 15 00:01:04,200 --> 00:01:06,300 Audits and also all the research that they're doing. 16 00:01:06,300 --> 00:01:09,700 So they're really sort of a great thought leader in the 17 00:01:09,700 --> 00:01:12,200 space of blockchain security. Research. 18 00:01:12,200 --> 00:01:15,100 And I've been want to get down on the podcast since about a 19 00:01:15,107 --> 00:01:16,400 year. Now, I mean, they were 20 00:01:16,400 --> 00:01:19,500 previously a sponsor of the show and we're supposed to do this 21 00:01:19,500 --> 00:01:22,600 interview at ECC and Paris. Obviously, I didn't happen 22 00:01:22,600 --> 00:01:26,900 because Den didn't come over, so it was glad to finally get them 23 00:01:26,900 --> 00:01:30,600 on the podcast and it was really great conversation Federica. 24 00:01:30,600 --> 00:01:34,200 And I did this one together and Dan is just so articulate and 25 00:01:34,300 --> 00:01:36,600 explains things with lots of clarity. 26 00:01:36,900 --> 00:01:40,600 Also, you know, in a way that for us software, security 27 00:01:40,600 --> 00:01:43,000 Lehman's, Are able to understand. 28 00:01:43,100 --> 00:01:46,100 So after the interview for a taken and I went on for an extra 29 00:01:46,100 --> 00:01:49,500 10 minutes talking about, you know, our thoughts and what we 30 00:01:49,500 --> 00:01:52,100 learned from the interview. Also, describing her experience 31 00:01:52,100 --> 00:01:54,100 with security audits. Obviously, you working at 32 00:01:54,100 --> 00:01:57,100 gnosis, she's had to deal with that quite a bit and we also 33 00:01:57,100 --> 00:02:01,000 discuss the potential for more Gatekeepers and the DAP 34 00:02:01,000 --> 00:02:05,100 ecosystem in order to create a safer space, for people, to 35 00:02:05,400 --> 00:02:10,300 invest their money and used apps that have been vetted by 36 00:02:10,400 --> 00:02:12,200 Gatekeepers. So, You want to hear that 37 00:02:12,200 --> 00:02:14,400 conversation? Please subscribe to epicenter 38 00:02:14,400 --> 00:02:15,200 premium. You can do. 39 00:02:15,200 --> 00:02:19,100 So it, premium epicenter, dot TV, that gives you access to 40 00:02:19,100 --> 00:02:22,500 host, debriefs, where we go on for an extra 10 to 20 minutes. 41 00:02:22,700 --> 00:02:26,100 Share our own thoughts about the interview, also Roundtable 42 00:02:26,100 --> 00:02:29,200 discussions and bonus content that will put out from time to 43 00:02:29,200 --> 00:02:31,000 time. So with that, here is our 44 00:02:31,000 --> 00:02:36,700 interview with Dan Guido We're here with Dan Guido then. 45 00:02:36,700 --> 00:02:39,300 Thanks for joining us today. Thanks for having me actually. 46 00:02:39,300 --> 00:02:41,800 We've been wanting to get you on the podcast for some time. 47 00:02:42,000 --> 00:02:47,400 Actually, we were supposed to talk at ECC and you didn't make 48 00:02:47,400 --> 00:02:48,900 it. I think that was probably a wise 49 00:02:48,900 --> 00:02:50,900 decision of, you'd not to fly over. 50 00:02:51,500 --> 00:02:53,500 Yeah. Turns out the professional risk 51 00:02:53,500 --> 00:02:57,100 manager knows how to avoid certain downsides, thanks for 52 00:02:57,100 --> 00:02:58,400 joining us. I mean, you know, we've been 53 00:02:58,400 --> 00:03:01,000 talking for quite some time also because our listeners, remember 54 00:03:01,000 --> 00:03:04,500 that trilobites was a sponsor of the podcast about a year ago and 55 00:03:04,600 --> 00:03:07,300 So it was great to get to talk to you then also and kind of get 56 00:03:07,300 --> 00:03:09,500 into this topic of security. And so this is an episode that 57 00:03:09,500 --> 00:03:12,200 I've been wanting to do for a long time because we obviously 58 00:03:12,200 --> 00:03:15,100 talked about security, a lot on the podcast but never really 59 00:03:15,100 --> 00:03:18,600 done any episodes that focus on security and there's a lot of 60 00:03:18,600 --> 00:03:20,600 things here I think that will learn. 61 00:03:20,600 --> 00:03:23,800 And also maybe be surprised about like, you know, some 62 00:03:23,800 --> 00:03:25,900 misconceptions and things like that that I'd like to get into. 63 00:03:26,300 --> 00:03:30,300 So yeah, tell us a bit about your background and how you came 64 00:03:30,300 --> 00:03:33,900 about founding trailer pets. So I've been doing security 65 00:03:33,900 --> 00:03:35,900 stuff for the better part of my adult life started. 66 00:03:35,900 --> 00:03:38,900 Probably when I was about 13 14 breaking into my school 67 00:03:38,900 --> 00:03:43,700 computers like one does as one does luckily escaped being 68 00:03:43,700 --> 00:03:47,600 severely punished for that but I ended up going to college for a 69 00:03:47,608 --> 00:03:49,500 concentration program in cyber security. 70 00:03:49,600 --> 00:03:51,800 It was called Polytechnic University when I went there but 71 00:03:51,800 --> 00:03:56,300 now it's the NYU tanton School of Engineering and they have one 72 00:03:56,300 --> 00:03:59,100 of these NS a center of excellence programs that teach 73 00:03:59,100 --> 00:04:01,700 kids a formalized education in cybersecurity. 74 00:04:02,100 --> 00:04:04,900 I think that Well that are a little bit younger than me, have 75 00:04:04,900 --> 00:04:07,500 a lot more formalized education and people that are a little bit 76 00:04:07,500 --> 00:04:10,000 older than me, don't they learned from their peers? 77 00:04:10,000 --> 00:04:13,700 They learned in kind of like a master Apprentice kind of set up 78 00:04:13,800 --> 00:04:15,100 so I'm right on the cusp of that. 79 00:04:15,100 --> 00:04:18,300 So I have a formal background in computer science and computer 80 00:04:18,300 --> 00:04:22,000 security, and this is the only field that I've ever been 81 00:04:22,000 --> 00:04:25,200 interested in working in. So I've worked at the FED 82 00:04:25,200 --> 00:04:28,900 Reserve doing incident response helping prevent people hacking 83 00:04:28,900 --> 00:04:31,700 into the currency. Reserve, the United States. 84 00:04:32,100 --> 00:04:34,500 I've been a consultant Sultan tat isec Partners now, NCC 85 00:04:34,500 --> 00:04:36,600 group. So I was, I sick Partners before 86 00:04:36,600 --> 00:04:39,100 there were required. Help start their office in the, 87 00:04:39,200 --> 00:04:42,500 on the East Coast worked with dozens of technology companies 88 00:04:42,500 --> 00:04:46,100 across the globe. But I was pretty frustrated that 89 00:04:46,100 --> 00:04:48,900 it seemed like an unending treadmill that you kind of go 90 00:04:48,900 --> 00:04:52,800 back to clients year after year. And there's always the same bugs 91 00:04:52,800 --> 00:04:55,500 and they don't really internalize the information that 92 00:04:55,500 --> 00:04:57,200 you give them. I thought that there was some 93 00:04:57,200 --> 00:05:00,200 improvement that we could make and I wanted to make fundamental 94 00:05:00,200 --> 00:05:03,200 improvements to the whole field. So I found a trail It's with two 95 00:05:03,200 --> 00:05:06,700 friends of mine back in 2012 to fundamentally Advance the 96 00:05:06,700 --> 00:05:09,200 science of computer science and computer security. 97 00:05:09,500 --> 00:05:12,400 I think we've by and large succeeded at doing that and very 98 00:05:12,400 --> 00:05:14,500 small ways. You know, the company started as 99 00:05:14,500 --> 00:05:19,000 a DARPA contractor, we worked on for year-long research, programs 100 00:05:19,000 --> 00:05:21,600 and automated program analysis and advanced cryptography. 101 00:05:22,000 --> 00:05:24,900 And then from there, we branched out to help provide those 102 00:05:24,900 --> 00:05:28,200 advances to commercial firms and now to blockchain firms. 103 00:05:28,300 --> 00:05:32,400 So that's the, I guess the medium-length overview of where 104 00:05:32,400 --> 00:05:34,100 I came. Came from and what we're doing 105 00:05:34,100 --> 00:05:37,000 now. Tell us about how you got 106 00:05:37,000 --> 00:05:40,700 interested in blockchain as a cryptographic field. 107 00:05:40,900 --> 00:05:43,900 Because I mean basically you found a trade-off B in 2012 and 108 00:05:43,900 --> 00:05:45,600 obviously then it was still pretty new. 109 00:05:45,600 --> 00:05:48,000 So what exactly spoke to you about it? 110 00:05:49,100 --> 00:05:51,000 Yeah, a couple of things, I think it was really driven by 111 00:05:51,000 --> 00:05:53,000 employee interest. There about two or three people 112 00:05:53,000 --> 00:05:57,000 in the company that were just really enamored with blockchain 113 00:05:57,000 --> 00:06:00,100 has technology because it was a green field not necessarily 114 00:06:00,100 --> 00:06:03,000 because it was anything that you could do with blockchain, but 115 00:06:03,000 --> 00:06:06,000 because the field was in it, Infancy was a chance to start 116 00:06:06,000 --> 00:06:08,300 over it was there were no security tools. 117 00:06:08,300 --> 00:06:10,200 There was no security knowledge, people were building their own, 118 00:06:10,200 --> 00:06:12,800 programming languages, building their own compilers, the 119 00:06:12,800 --> 00:06:15,100 execution environment, looked a little bit different. 120 00:06:15,100 --> 00:06:18,400 So there was this huge gap of knowledge that we could rush in 121 00:06:18,400 --> 00:06:22,100 to fill and create things that were correct from the first 122 00:06:22,100 --> 00:06:24,000 step. So, back about three to four 123 00:06:24,000 --> 00:06:27,400 years ago, we had a couple people dabbling in that area of 124 00:06:27,400 --> 00:06:30,100 technology and what we contributed was a symbolic 125 00:06:30,100 --> 00:06:31,700 verifier. That was our very first thing, 126 00:06:31,700 --> 00:06:34,100 we didn't raise our hands and say, hey Will audit your code 127 00:06:34,100 --> 00:06:35,800 for you. We're Engineers. 128 00:06:35,900 --> 00:06:40,500 So we set up a little unit of people that wrote symbolic 129 00:06:40,500 --> 00:06:43,700 capable etherium virtual machine into a tool that we have called 130 00:06:43,700 --> 00:06:45,800 Manticore. And then once we were able to do 131 00:06:45,800 --> 00:06:48,200 that, we realize that hey this is actually kind of valuable and 132 00:06:48,200 --> 00:06:51,000 people would love to work with us to improve their own 133 00:06:51,000 --> 00:06:53,300 security. So because we'd already mastered 134 00:06:53,300 --> 00:06:56,000 the field through that activity that research activity. 135 00:06:56,300 --> 00:06:58,500 That's how we started offering services for blockchain. 136 00:07:00,000 --> 00:07:02,900 How much of your client base today is blockchain base because 137 00:07:02,900 --> 00:07:05,900 you told us just before we started the coil, that we should 138 00:07:05,900 --> 00:07:09,400 update our versions of Zoom because you just release the 139 00:07:09,400 --> 00:07:11,800 fixed. So, how much is basically in the 140 00:07:11,800 --> 00:07:15,600 web tool where and how much is in the web three word of your 141 00:07:15,900 --> 00:07:18,800 company clients? Trail bitches. 142 00:07:18,800 --> 00:07:20,900 A company is split into a bunch of different pieces. 143 00:07:20,900 --> 00:07:23,200 We have a research team that continues to work with DARPA, 144 00:07:23,200 --> 00:07:26,400 the National Science Foundation Department of Defense, like 145 00:07:26,400 --> 00:07:29,400 various other agencies of the US government to fund long-term 146 00:07:29,400 --> 00:07:31,900 research. That's probably about 10 to 15 147 00:07:31,900 --> 00:07:33,500 people, depending on how you count. 148 00:07:33,700 --> 00:07:36,400 We have an engineering team. So, because we have these expert 149 00:07:36,400 --> 00:07:38,800 software developers that can apply research and make real 150 00:07:38,800 --> 00:07:42,100 software with that research. We also have an extraordinarily 151 00:07:42,100 --> 00:07:45,000 capable team of people that you can hire to build software for 152 00:07:45,000 --> 00:07:46,700 you doesn't need to include research. 153 00:07:46,700 --> 00:07:48,500 It just needs to be something that you need. 154 00:07:48,900 --> 00:07:52,100 Usually, it's security software, sometimes it's high Assurance 155 00:07:52,100 --> 00:07:54,200 software, things like cryptographic libraries. 156 00:07:54,600 --> 00:07:57,400 So our engineering team is about another, you know, 10 or 15 157 00:07:57,400 --> 00:07:59,600 people and then we have an assurance team. 158 00:07:59,800 --> 00:08:02,100 And our Assurance team is who the blockchain industry. 159 00:08:02,100 --> 00:08:04,800 Typically collaborates with their people that are 160 00:08:04,800 --> 00:08:08,900 specialized at taking owner door, taking a look at other 161 00:08:08,900 --> 00:08:12,000 peoples code and helping identify hotspots weaknesses and 162 00:08:12,000 --> 00:08:15,400 specific security risks inside them, and that Team Works across 163 00:08:15,400 --> 00:08:17,000 the defense Tech and finance space. 164 00:08:17,300 --> 00:08:21,900 So we've reviewed things like autonomous drones satellites 165 00:08:21,900 --> 00:08:23,900 cryptographic protocols for satellites. 166 00:08:24,300 --> 00:08:26,100 We've looked at embedded firmwares. 167 00:08:26,300 --> 00:08:29,300 Self encrypting hard drives and most famously right now. 168 00:08:29,300 --> 00:08:32,700 We're working. Zoom, when people have a need to 169 00:08:32,700 --> 00:08:35,500 really rapidly, get to the root of difficult problems, 170 00:08:35,500 --> 00:08:38,600 especially ones that involve compiled code, and cryptography, 171 00:08:39,100 --> 00:08:42,700 trailer, b is among the top choices for that assistance. 172 00:08:43,299 --> 00:08:47,300 So blockchain right now I'd say takes up about like a third of 173 00:08:47,300 --> 00:08:50,400 the company's business, maybe a little bit less, maybe 20%. 174 00:08:50,500 --> 00:08:53,300 But you know, we have a really healthy Diversified business 175 00:08:53,300 --> 00:08:56,500 when we work across a lot of areas of technology and I try to 176 00:08:56,500 --> 00:08:59,500 shuffle kind of things that we've learned and the tools. 177 00:08:59,700 --> 00:09:03,800 We've built and the talent that we've acquired across all those 178 00:09:03,800 --> 00:09:06,500 different Industries which is what makes us kind of a unique 179 00:09:06,700 --> 00:09:08,600 company in the blockchain security space. 180 00:09:10,100 --> 00:09:12,100 So it's interesting that you work with zoom because they just 181 00:09:12,100 --> 00:09:15,400 bought key base and brought on that entire team of 182 00:09:15,400 --> 00:09:17,000 cryptographer. So you're saying that they 183 00:09:17,000 --> 00:09:18,900 bought key base, they got all these cryptographers but they 184 00:09:18,900 --> 00:09:20,900 also need to get extra cryptography. 185 00:09:20,900 --> 00:09:25,400 Experts in addition to that team, Oh, yeah, I mean, look, 186 00:09:25,500 --> 00:09:27,700 they're code base has been evolving over the better part of 187 00:09:27,700 --> 00:09:30,400 10 years. It's got hundreds of thousands, 188 00:09:30,400 --> 00:09:34,400 millions of lines of code. That's cross-platform with Linux 189 00:09:34,600 --> 00:09:37,400 Mac Windows. They even have a Blackberry 190 00:09:37,400 --> 00:09:41,000 client, like, there's server infrastructure out there. 191 00:09:41,300 --> 00:09:44,400 It's a custom Network protocol, custom cryptographic protocol. 192 00:09:44,700 --> 00:09:49,400 There is just a voluminous amount of stuff there and when 193 00:09:49,400 --> 00:09:53,100 you have that level of scrutiny on you as a firm like zoom in, 194 00:09:53,100 --> 00:09:55,100 you know, No, today's environment. 195 00:09:55,100 --> 00:09:59,800 You need to really apply a lot of effort to uncover flaws 196 00:09:59,800 --> 00:10:02,700 before other people, find them and to keep your clients safe as 197 00:10:02,700 --> 00:10:05,300 best as possible. So we've done a really detailed 198 00:10:05,300 --> 00:10:07,700 review of all the client software, other firms were 199 00:10:07,700 --> 00:10:09,500 brought in to. Look at all the server software, 200 00:10:09,800 --> 00:10:12,000 but a really key part of our responsibility was to. 201 00:10:12,008 --> 00:10:14,100 Look at the existing implementation of end-to-end 202 00:10:14,100 --> 00:10:16,000 cryptography. We've helped them kind of 203 00:10:16,000 --> 00:10:18,600 analyze, the current state figure out where it's hooked 204 00:10:18,600 --> 00:10:20,600 into the client, how it exactly Works. 205 00:10:20,900 --> 00:10:23,300 What the kind of cryptographic properties of it art. 206 00:10:23,500 --> 00:10:25,700 A. And then the key base folks are 207 00:10:25,700 --> 00:10:27,900 working a lot more on what it should be tomorrow. 208 00:10:28,300 --> 00:10:30,200 So, a lot of the initial value that the key base folks, 209 00:10:30,200 --> 00:10:33,000 provided is a white paper, that's now, published up on 210 00:10:33,000 --> 00:10:34,500 GitHub that. I think a lot of people have 211 00:10:34,500 --> 00:10:37,600 read and that's great and that proves kind of like where things 212 00:10:37,600 --> 00:10:39,000 should go. But it's going to take weeks 213 00:10:39,000 --> 00:10:42,100 months, you know, possibly even longer to get there and in the 214 00:10:42,100 --> 00:10:44,100 meantime you need to make sure that the software you've got 215 00:10:44,100 --> 00:10:46,200 today is safe, which is what I'm working on. 216 00:10:47,600 --> 00:10:50,200 Is that in your career? You've been working on on 217 00:10:50,200 --> 00:10:52,700 security-related stuff since you were in your early. 218 00:10:52,700 --> 00:10:56,100 Teens, how has software security changed the most in your view? 219 00:10:56,100 --> 00:10:59,500 What's been the most like, fundamental shift between say 220 00:10:59,700 --> 00:11:03,700 how software security was looked upon and conducted, like, maybe 221 00:11:03,700 --> 00:11:07,700 like the early 2000s to now, I'm kind of jaded. 222 00:11:07,700 --> 00:11:09,300 I don't think it's changed really at all. 223 00:11:09,400 --> 00:11:12,000 There's been a lot of movement between programming languages 224 00:11:12,000 --> 00:11:14,800 like everyone jumped on the node.js bandwagon at some point 225 00:11:14,800 --> 00:11:17,200 and then everybody jumps on the rust bandwagon and everybody 226 00:11:17,200 --> 00:11:21,800 jumps on the Swift bandwagon and its history repeating itself to 227 00:11:21,800 --> 00:11:24,200 a great extent. Like we saw this with the iPhone 228 00:11:24,200 --> 00:11:27,300 and Android, right in the first versions that came out, they 229 00:11:27,300 --> 00:11:30,300 didn't really apply any of the best practices or Lessons 230 00:11:30,300 --> 00:11:32,400 Learned of the previous generation of software. 231 00:11:32,900 --> 00:11:34,800 That weren't sandbox. They weren't hardened with 232 00:11:34,800 --> 00:11:37,100 compiler protections. And they didn't have a great 233 00:11:37,100 --> 00:11:40,900 user experience like there. Just wasn't a lot there and some 234 00:11:40,900 --> 00:11:44,000 of those early mobile phones for some of the easiest software to 235 00:11:44,000 --> 00:11:46,600 hack on the planet. But now, you know, they took all 236 00:11:46,600 --> 00:11:49,800 their punches and they had to learn from failing, which is 237 00:11:49,800 --> 00:11:52,000 kind of unfortunate. And now, an iPhone is kind of 238 00:11:52,008 --> 00:11:54,800 the most secure consumer device that you can buy. 239 00:11:55,100 --> 00:11:57,700 There's not a single device that I could go to Best Buy and say, 240 00:11:57,700 --> 00:11:59,800 is more secure than a, than an iPhone. 241 00:12:00,000 --> 00:12:02,900 And I think that's kind of the process that a lot of fields of 242 00:12:03,100 --> 00:12:05,000 Technology go through for better for worse. 243 00:12:05,400 --> 00:12:08,100 So really, Means as a security professional is that you've got 244 00:12:08,100 --> 00:12:10,300 to learn this kind of fundamental underpinning. 245 00:12:10,600 --> 00:12:12,800 There's a lot of like foundational security knowledge 246 00:12:12,800 --> 00:12:15,500 that you need, but the technology that you work with 247 00:12:15,500 --> 00:12:17,700 from day to day over the course of your career, is going to 248 00:12:17,708 --> 00:12:21,400 shift pretty rapidly as things. Get to be less mature, more 249 00:12:21,400 --> 00:12:25,300 mature, All right, so it's more about technology changes. 250 00:12:25,300 --> 00:12:30,100 So much as it is about changes to, like, how you secure 251 00:12:30,600 --> 00:12:34,100 software or Hardware, the risks are the same or fundamentally 252 00:12:34,100 --> 00:12:36,200 the same, but the tools that people are building to use the 253 00:12:36,208 --> 00:12:40,000 infrastructure are changing On any given day, our Assurance 254 00:12:40,000 --> 00:12:43,700 team is working with people that write code and, you know, Java 255 00:12:43,900 --> 00:12:49,500 PHP, Ruby rust rails, Django various see Frameworks, or C++ 256 00:12:49,500 --> 00:12:51,700 Frameworks and blockchain software and like everything 257 00:12:51,700 --> 00:12:53,800 under the sun. And everybody just kind of 258 00:12:53,800 --> 00:12:56,800 expects you to know that stuff and really like learning how to 259 00:12:56,800 --> 00:12:58,900 code in C or learning how to code. 260 00:12:58,900 --> 00:13:02,900 And rust is not the hard part. People challenged us to do that 261 00:13:02,900 --> 00:13:04,800 all the time which is why the whole block chain thing. 262 00:13:04,800 --> 00:13:07,000 Also comes kind of naturally to us like if you're a good 263 00:13:07,000 --> 00:13:09,900 security, but then you're going to be able to figure out exactly 264 00:13:09,900 --> 00:13:11,400 what's going wrong in a smart contract. 265 00:13:11,400 --> 00:13:15,200 To the most important part is the security expertise, which is 266 00:13:15,200 --> 00:13:17,800 something that you have to learn and grow over, you know, a 267 00:13:17,800 --> 00:13:22,900 decade or a lifetime, or a full career If you look at blockchain 268 00:13:22,900 --> 00:13:26,300 technology and smart contract, technology are their unique 269 00:13:26,300 --> 00:13:29,400 design and security challenges in these protocols. 270 00:13:30,600 --> 00:13:33,700 The unique security challenge is really that the tools that 271 00:13:33,700 --> 00:13:36,300 people are using to build blockchain software are awful, 272 00:13:36,600 --> 00:13:39,300 what changes between different languages and Frameworks is that 273 00:13:39,300 --> 00:13:42,300 sometimes certain tools have a lot more foot guns in them than 274 00:13:42,300 --> 00:13:44,500 others. So it's a lot easier to write 275 00:13:44,500 --> 00:13:47,200 security vulnerabilities and PHP than it is to write security 276 00:13:47,200 --> 00:13:50,700 vulnerabilities and rust because there's a lot of safety to fall 277 00:13:50,700 --> 00:13:53,600 back on in terms of the language and the compilers and the 278 00:13:53,600 --> 00:13:57,900 development Frameworks. But with solidity, especially 279 00:13:58,000 --> 00:14:00,200 not just a little, but many other blockchain. 280 00:14:00,700 --> 00:14:04,500 Languages, they've managed to reinvent the entire history of 281 00:14:04,500 --> 00:14:07,200 software security flaws and make it the developer's 282 00:14:07,200 --> 00:14:09,100 responsibility to be aware of all of them. 283 00:14:09,200 --> 00:14:12,400 So, really the key difference here is that developers are not 284 00:14:12,400 --> 00:14:15,100 getting any help at all from the tools, in the language that 285 00:14:15,100 --> 00:14:17,700 they're using to develop blockchain software, which makes 286 00:14:17,700 --> 00:14:20,500 the after-the-fact Assurance that's provided by companies 287 00:14:20,500 --> 00:14:23,400 like mine critical. Now, on the other hand, what 288 00:14:23,400 --> 00:14:24,800 blockchain has that's going for it. 289 00:14:24,800 --> 00:14:27,800 That other languages don't is that smart contracts tend to be 290 00:14:27,800 --> 00:14:31,600 a lot more testable code than Traditional code. 291 00:14:31,900 --> 00:14:34,600 It's really easy for me to throw it into an emulator and for me 292 00:14:34,600 --> 00:14:38,600 to send inputs to Any Given function and to evaluate what 293 00:14:38,600 --> 00:14:42,600 the impact is on a really simplistic State machine but on 294 00:14:42,600 --> 00:14:45,700 regular software like if I want to set up a fuzz test client for 295 00:14:45,700 --> 00:14:49,800 Google Chrome or something like that, there's a lot of global 296 00:14:49,800 --> 00:14:52,900 mutable State. There's a lot of libraries that 297 00:14:52,900 --> 00:14:56,500 change their behavior depending on what operating system you're 298 00:14:56,500 --> 00:14:59,500 running on or what specific configuration of your operating 299 00:14:59,500 --> 00:15:00,500 system you have. Have. 300 00:15:00,900 --> 00:15:03,800 That's why I like, you know, when your parents call you and 301 00:15:03,800 --> 00:15:06,000 you're, you know, some software on their computer crashed. 302 00:15:06,000 --> 00:15:08,500 You have no idea how to debug it because you have to be aware of 303 00:15:08,500 --> 00:15:10,600 every single setting on their entire computer. 304 00:15:10,900 --> 00:15:13,200 All the other software that's installed alongside all the 305 00:15:13,200 --> 00:15:16,100 shared libraries that are there. But on the blockchain, 306 00:15:16,100 --> 00:15:17,700 everything runs on the same Block Chain. 307 00:15:17,800 --> 00:15:20,200 So if I have a copy of the blockchain and you have a copy 308 00:15:20,200 --> 00:15:22,400 of the blockchain, then it means that we're testing, we're 309 00:15:22,400 --> 00:15:24,900 running the same code, so that's actually made things a lot 310 00:15:24,900 --> 00:15:28,800 easier for blockchain software. Despite the fact that there's 311 00:15:29,100 --> 00:15:32,100 incredible insecure In the tools that you're using to build it. 312 00:15:33,400 --> 00:15:37,900 Can you give us an idea of what a mature to link it should look 313 00:15:37,900 --> 00:15:40,900 like? So basically if you look at like 314 00:15:40,900 --> 00:15:45,000 languages that have been around for a while like rust for 315 00:15:45,000 --> 00:15:49,500 instance, what ideally would we have in terms of tools in order 316 00:15:49,500 --> 00:15:55,400 to be able to have the same trust in the tooling as you do 317 00:15:55,400 --> 00:15:57,800 in traditional systems? Yeah. 318 00:15:57,800 --> 00:15:59,400 So it's not a question of third-party tools. 319 00:15:59,400 --> 00:16:02,100 It's more question of the language in the compiler itself, 320 00:16:02,200 --> 00:16:03,500 right? Like everybody's familiar with 321 00:16:03,500 --> 00:16:05,900 the fact that solidity can't seem to make it more than one 322 00:16:05,900 --> 00:16:08,500 release without a critical flaw. Everybody's also familiar with 323 00:16:08,500 --> 00:16:11,100 the fact that tools like Slither, you know, one of my own 324 00:16:11,100 --> 00:16:15,300 static analyzers from trailer, b have to watch out for 90 325 00:16:15,300 --> 00:16:20,000 specific flaws or that the use of integers is inherently unsafe 326 00:16:20,000 --> 00:16:21,600 inside solidity. And you need a third party 327 00:16:21,600 --> 00:16:24,600 Library like safe math in order to catch you when you fall. 328 00:16:25,100 --> 00:16:27,200 So the kinds of things that make a language safe. 329 00:16:27,400 --> 00:16:30,900 Our the avoidance of those issues that, you know, I 330 00:16:30,900 --> 00:16:33,000 shouldn't have to worry about the order of operations because 331 00:16:33,000 --> 00:16:35,300 the order of operation should be the same as every other language 332 00:16:35,300 --> 00:16:36,900 that I use. They shouldn't be different like 333 00:16:36,900 --> 00:16:38,700 they are in solidity. That's a big part of the 334 00:16:38,700 --> 00:16:41,200 language design. Their just should not be so many 335 00:16:41,200 --> 00:16:43,300 foot guns, there should be right now. 336 00:16:43,300 --> 00:16:46,300 I think that there's kind of a pressure to make solidity more 337 00:16:46,300 --> 00:16:50,800 feature full to add additional, kind of things to it, that help 338 00:16:50,800 --> 00:16:53,400 you develop code. And as a security engineer, I'd 339 00:16:53,400 --> 00:16:55,400 pull back, I would want to make something that looks like 340 00:16:55,400 --> 00:16:58,800 solidity - - not. So, Aditi plus plus I want 341 00:16:58,800 --> 00:17:01,700 something that's a little bit more simplistic that fits 99% of 342 00:17:01,708 --> 00:17:06,200 people's use cases, but that 100% of those potential uses are 343 00:17:06,200 --> 00:17:08,599 safe and that it's much, much harder to screw up. 344 00:17:09,400 --> 00:17:12,500 That's why you see, you know, rust things like memory safety. 345 00:17:12,500 --> 00:17:14,800 Type safety. It takes the universe of things 346 00:17:14,800 --> 00:17:16,200 that could go wrong and limits it. 347 00:17:16,200 --> 00:17:18,400 We're now, I just have to worry about logical flaws. 348 00:17:18,599 --> 00:17:21,800 That's much better other things that but, you know, tools like 349 00:17:21,800 --> 00:17:25,400 rust have that are really nice is that it specifically declares 350 00:17:25,400 --> 00:17:26,800 when you're doing something that's unsafe. 351 00:17:27,400 --> 00:17:28,800 These. He's like I as a security 352 00:17:28,800 --> 00:17:32,100 engineer, the most precious resource I have is time when I'm 353 00:17:32,100 --> 00:17:35,200 looking at a piece of code, it might be larger than the amount 354 00:17:35,200 --> 00:17:37,100 of time that I have to fully review. 355 00:17:37,300 --> 00:17:41,400 All of it end to end if I could specifically identify like, hey, 356 00:17:41,700 --> 00:17:44,300 this part of the code base is insecure because the developer 357 00:17:44,300 --> 00:17:47,400 told me so because the compiler force them to then, I know where 358 00:17:47,400 --> 00:17:50,000 to spend my review, effort to get the most bang for my buck. 359 00:17:50,400 --> 00:17:52,200 So rust again, is really good. There. 360 00:17:52,500 --> 00:17:57,700 It helps identify ahead of time. What you're doing is unsafe All 361 00:17:57,700 --> 00:18:00,600 those are features and capabilities that solidity and 362 00:18:00,600 --> 00:18:03,600 particular lakhs. But that also aren't present in 363 00:18:03,600 --> 00:18:07,300 most other smart contract language has to kind of 364 00:18:07,300 --> 00:18:09,000 summarize here for the lemons in the audience. 365 00:18:09,200 --> 00:18:11,600 What you're saying is that social stability has sort of 366 00:18:11,600 --> 00:18:17,300 inherent issues that make it unsafe because as a developer 367 00:18:17,300 --> 00:18:19,400 you're able to do things instability that in other 368 00:18:19,400 --> 00:18:24,000 languages would just be impossible to get wrong or the 369 00:18:24,000 --> 00:18:27,100 compiler or your tooling what alert you that what you're 370 00:18:27,100 --> 00:18:28,000 doing. Is unsafe. 371 00:18:29,200 --> 00:18:31,600 Yeah, absolutely. We actually have a whole talk 372 00:18:31,600 --> 00:18:33,000 about this. We can have a conference 373 00:18:33,000 --> 00:18:36,200 presentation, called anatomy of an unsafe smart contract. 374 00:18:36,200 --> 00:18:37,800 Programming language. It's up on the trail of its 375 00:18:37,800 --> 00:18:39,800 YouTube, it's really entertaining. 376 00:18:39,800 --> 00:18:42,600 It's got tons of great graphics and a little bit of some movies 377 00:18:42,600 --> 00:18:44,200 and a jingle in the middle of it. 378 00:18:44,500 --> 00:18:47,800 So if you're interested in looking at it further that dives 379 00:18:47,800 --> 00:18:51,400 into the specifics of why we think solidity is a poor choice 380 00:18:51,400 --> 00:18:54,200 that we're kind of stuck with now for developing smart 381 00:18:54,200 --> 00:18:56,800 contracts. But again, luckily, what we've 382 00:18:56,800 --> 00:19:00,600 proven is that over time Is possible to build secure 383 00:19:00,600 --> 00:19:03,100 solidity, smart contracts because they're more testable 384 00:19:03,300 --> 00:19:06,300 because it's easier to do. After the fact, verification of 385 00:19:06,300 --> 00:19:10,000 them means that you can still produce secure code and possibly 386 00:19:10,000 --> 00:19:13,000 even more secure code than if the compiler tools helped you. 387 00:19:13,200 --> 00:19:16,900 But it's not a question of either or like, obviously, why 388 00:19:16,900 --> 00:19:19,500 not both right. You shouldn't have one set of 389 00:19:19,500 --> 00:19:22,400 tools undercut, you and then you're testing tools, lift you 390 00:19:22,400 --> 00:19:24,600 back up. And that's kind of the struggle 391 00:19:24,600 --> 00:19:26,900 that I always have in the, in the blockchain community is, I 392 00:19:26,900 --> 00:19:28,400 would love to work on the compiler tools. 393 00:19:28,400 --> 00:19:30,800 I would love to To improve them. And the things that we've done 394 00:19:30,808 --> 00:19:35,600 with slither specifically to formally kind of model things 395 00:19:35,600 --> 00:19:39,700 like the you'll parser and the AST for solidity are things. 396 00:19:39,700 --> 00:19:44,000 That should be adopted Upstream. We have all of these testing 397 00:19:44,000 --> 00:19:48,000 tools and everything that allow us to in the end essentially, 398 00:19:48,000 --> 00:19:51,000 right secure smart contracts, right? 399 00:19:51,008 --> 00:19:53,200 Because we're able to catch all these bugs and were able to fix 400 00:19:53,200 --> 00:19:56,100 all these little inherent issues with solidity. 401 00:19:56,100 --> 00:20:01,200 Does this introduce other Is or other security vulnerabilities 402 00:20:01,600 --> 00:20:06,000 that perhaps another language like rust or more mature has 403 00:20:06,000 --> 00:20:09,200 language like C++ wouldn't encounter like what are some of 404 00:20:09,200 --> 00:20:12,700 the negative effects? Perhaps of, like having a 405 00:20:12,700 --> 00:20:16,000 language that is inherently insecure by its construction 406 00:20:16,200 --> 00:20:20,700 even if we can go in and fix all the bugs after the fact, I mean 407 00:20:20,700 --> 00:20:24,600 it just puts a lot more cost into the process of delivering 408 00:20:24,600 --> 00:20:26,700 good software. So you know, a lot of blockchain 409 00:20:26,700 --> 00:20:30,900 firms don't go through a 50 million dollar Ico, a lot of 410 00:20:30,908 --> 00:20:32,900 blockchain firms. Have difficulty hiring a 411 00:20:32,900 --> 00:20:35,300 security engineer to work full-time on their team and then 412 00:20:35,300 --> 00:20:36,800 my resources are always stretched. 413 00:20:36,800 --> 00:20:39,400 Then, people are complaining all the time about how I try to hire 414 00:20:39,400 --> 00:20:40,900 Trail bits. And they told me that they 415 00:20:40,900 --> 00:20:42,900 couldn't start until a month from now, or two months from 416 00:20:42,900 --> 00:20:44,400 now, or whatever it is. And I need them tomorrow. 417 00:20:44,400 --> 00:20:47,500 And that's because there's only like, you know, two dozen people 418 00:20:47,500 --> 00:20:49,500 on my entire team that are trying to hold up the entire 419 00:20:51,200 --> 00:20:54,000 What it means to have good compiler tools, is it means that 420 00:20:54,000 --> 00:20:56,900 security is easier. It means that more people can 421 00:20:56,900 --> 00:21:02,200 produce more secure code without expert help so that entire gap 422 00:21:02,300 --> 00:21:05,400 of the poor tools and poor language that the etherium 423 00:21:05,400 --> 00:21:08,900 community currently end. Others are suffering under slows 424 00:21:08,900 --> 00:21:11,900 down the whole field. It has a systemic effect on the 425 00:21:11,900 --> 00:21:13,800 ability of teams to ship software. 426 00:21:14,700 --> 00:21:17,100 It's really important to solve and I'm surprised that more 427 00:21:17,100 --> 00:21:18,600 people haven't been angry about that. 428 00:21:18,600 --> 00:21:21,000 And they are about angry about my project lead time or 429 00:21:21,000 --> 00:21:24,300 something. It's more systemic risk, its 430 00:21:24,300 --> 00:21:27,700 ecosystem risk rather than individual project risk you'd 431 00:21:27,700 --> 00:21:31,100 say yeah. I mean this specific design of 432 00:21:31,100 --> 00:21:34,400 solidity is what handed teams like mine, kind of the the power 433 00:21:34,400 --> 00:21:36,100 and position that we have in the community. 434 00:21:36,500 --> 00:21:38,700 I'm self-interested of course, like it's great that people turn 435 00:21:38,700 --> 00:21:40,300 to me for help and everything but I would love it. 436 00:21:40,300 --> 00:21:43,200 If people didn't like ultimately I like to try and put myself out 437 00:21:43,200 --> 00:21:46,400 of a job that's why I produce tools like Slither and why I 438 00:21:46,408 --> 00:21:49,100 released them open source and let people use them without 439 00:21:49,100 --> 00:21:52,000 talking to me is, I would like to have to try harder. 440 00:21:52,200 --> 00:21:56,500 And from day to day, and I want people to give me new challenges 441 00:21:56,500 --> 00:22:00,000 to solve, but the position that we're in is that there's just 442 00:22:00,000 --> 00:22:02,500 this influx of people that continue to try and write new 443 00:22:02,500 --> 00:22:04,700 smart contracts every day. And they fall into the exact 444 00:22:04,700 --> 00:22:07,400 same traps as the last person and that's kind of a poor State 445 00:22:07,400 --> 00:22:10,300 of Affairs. Can you just briefly explain 446 00:22:10,300 --> 00:22:12,200 what it's leather and what it does and how it helps. 447 00:22:12,200 --> 00:22:16,100 People save time. I guess trilobites has a suite 448 00:22:16,200 --> 00:22:19,200 of etherium. Security tools, Slither is kind 449 00:22:19,200 --> 00:22:21,700 of the first layer of them, that's what we use. 450 00:22:21,700 --> 00:22:24,600 Where it's the lowest effort highest value at the other end. 451 00:22:24,800 --> 00:22:26,900 You can just press the big red button and it tells you bugs 452 00:22:26,900 --> 00:22:29,400 that are in your code. The way that it works is when 453 00:22:29,400 --> 00:22:33,300 you compile solidity code with the solidity compiler, it 454 00:22:33,300 --> 00:22:36,200 produces an AST and Abstract syntax tree, and intermediate 455 00:22:36,200 --> 00:22:39,400 representation of some sort prior to creating by code that 456 00:22:39,400 --> 00:22:42,500 goes in the blockchain. So we take that AST, parse it 457 00:22:42,500 --> 00:22:45,400 and we parse it into something called Static single assignment 458 00:22:45,400 --> 00:22:48,900 form SSA form. And then using SSA form, we use 459 00:22:48,900 --> 00:22:51,600 a whole bunch of stuff from compiler Theory to kind of 460 00:22:51,600 --> 00:22:55,900 process it and analyze it as well as Traverse it for the 461 00:22:55,900 --> 00:22:57,500 security issues that we know how to find. 462 00:22:58,300 --> 00:23:01,600 So every single project that we do where we review a client's 463 00:23:01,600 --> 00:23:04,400 code, we have a process afterward where we collect what 464 00:23:04,400 --> 00:23:07,100 we learned. If we found a new bugged like a 465 00:23:07,100 --> 00:23:09,800 class of bug or some That's prevalent within the clients. 466 00:23:09,800 --> 00:23:13,400 Codebase, we try to encode that programmatically into what's 467 00:23:13,400 --> 00:23:17,500 called a detector inside Slither and then in the future Slither 468 00:23:17,500 --> 00:23:19,800 should be capable of finding bugs of that type. 469 00:23:20,300 --> 00:23:22,800 The goal for trail of B is I never want to find the same book 470 00:23:22,800 --> 00:23:24,700 twice. I only ever want to find a bug 471 00:23:24,700 --> 00:23:28,600 once and slithers the primary tool that lets us do that in 472 00:23:28,600 --> 00:23:31,700 very layman's terms like a spell checker your for your code, sort 473 00:23:31,700 --> 00:23:35,300 of thing, kind of, but way more advanced than that, because this 474 00:23:35,300 --> 00:23:38,000 thing can parse like it can understand English grammar. 475 00:23:38,500 --> 00:23:39,900 Yeah, it's primarily for your good. 476 00:23:40,800 --> 00:23:45,300 Yeah. Maybe do you think solidity is 477 00:23:45,300 --> 00:23:48,200 beyond fixing? Should we just scrap it and try 478 00:23:48,200 --> 00:23:51,400 a new language, or do you think we can turn this around? 479 00:23:51,400 --> 00:23:53,300 And what are you thoughts about Viper? 480 00:23:54,300 --> 00:23:56,100 So I think vipers a great Improvement. 481 00:23:56,100 --> 00:23:58,000 I do think it's possible to fix solidity. 482 00:23:58,400 --> 00:24:01,000 It needs somebody to come in with a really strong vision of. 483 00:24:01,000 --> 00:24:03,600 Here's where we need to be. And here's why and right now, 484 00:24:03,600 --> 00:24:06,800 the kind of iterative, you know baby steps kind of approach that 485 00:24:06,800 --> 00:24:10,300 I see of each incremental. Kind of Marching In The Same 486 00:24:10,300 --> 00:24:11,900 Direction, isn't really trending. 487 00:24:12,100 --> 00:24:15,000 The direction that I'd like to see it go I think it needs 488 00:24:15,100 --> 00:24:18,000 fundamentally a really strong leader to come in and say this 489 00:24:18,000 --> 00:24:21,300 is hurting our entire Community. It's hurting our ability to ship 490 00:24:21,300 --> 00:24:23,800 software. It's making people lose money 491 00:24:24,000 --> 00:24:26,200 and it makes us too dependent on security Engineers. 492 00:24:26,200 --> 00:24:29,900 We have to fix this problem. Do you think it would be wise 493 00:24:29,900 --> 00:24:33,500 for aetherium just to say, like, adopt rust or something like 494 00:24:33,500 --> 00:24:34,900 that? I mean, where would that put too 495 00:24:34,900 --> 00:24:39,300 much of a learning tax? Say, on developers, to have to 496 00:24:39,300 --> 00:24:43,100 learn this skill of complex language, there's pros and cons, 497 00:24:43,200 --> 00:24:44,900 right? Like as a security engineer, I 498 00:24:44,900 --> 00:24:46,900 know that I'm not the most important person in the room, 499 00:24:47,400 --> 00:24:49,200 like the most important person in the room is usually the 500 00:24:49,208 --> 00:24:51,600 product manager because you don't have a product unless you 501 00:24:51,600 --> 00:24:54,200 have users, unless you have a market unless you're providing 502 00:24:54,200 --> 00:24:56,500 value to those users and you actually do something that care 503 00:24:56,500 --> 00:24:59,900 about a perfectly secure. No one uses this valueless 504 00:25:00,700 --> 00:25:03,200 trying to say that everybody should stop development pick up 505 00:25:03,200 --> 00:25:06,500 rust over the next six months is, you know, it would hurt a 506 00:25:06,508 --> 00:25:08,200 lot of people. It would you wouldn't be able to 507 00:25:08,200 --> 00:25:10,700 ship software, you lose all your users, there'd be a lot of 508 00:25:10,700 --> 00:25:13,100 developers to fall off a lot of companies to fall over. 509 00:25:13,500 --> 00:25:16,700 So the kind of hard break, I don't think is really in the 510 00:25:16,700 --> 00:25:19,700 realm of possibility, but I do think it's possible to get 511 00:25:19,700 --> 00:25:22,300 incrementally better, and it's possible to have other 512 00:25:22,300 --> 00:25:25,300 Alternatives, like Viper. So, you know, a lot of the 513 00:25:25,300 --> 00:25:27,700 criticism lately that I've seen a Viper, I don't think is On 514 00:25:27,700 --> 00:25:30,300 Target, The Viper compiler. You know, while it's suffered a 515 00:25:30,308 --> 00:25:32,700 couple of setbacks now and then people find bugs in it. 516 00:25:32,700 --> 00:25:35,500 We found bugs in it, right. Somebody paid us to do a Viper 517 00:25:35,500 --> 00:25:38,000 Security review, or we work for computable. 518 00:25:38,100 --> 00:25:40,800 They had their entire code base written Viper, and we found a 519 00:25:40,800 --> 00:25:44,000 compiler bug during the project, but just because we found one 520 00:25:44,000 --> 00:25:46,600 issue doesn't mean the whole thing is fundamentally unsafe. 521 00:25:46,600 --> 00:25:49,700 I think from architectural like high-level perspective, there's 522 00:25:49,700 --> 00:25:53,800 a lot of things about Viper that I like We've talked a lot about 523 00:25:53,800 --> 00:25:57,800 formally verified languages on this podcast and lots of 524 00:25:57,800 --> 00:26:01,000 blockchains have implemented this programming Paradigm. 525 00:26:01,400 --> 00:26:03,900 I think I can kind of explain what a formally verified 526 00:26:03,900 --> 00:26:06,700 languages but I'd like for you to perhaps try to do better 527 00:26:06,700 --> 00:26:10,700 explanation and one of the things I think people think when 528 00:26:10,700 --> 00:26:14,300 they think formally verified language is like no bugs or it's 529 00:26:14,300 --> 00:26:17,100 basically free of being able to be hacked, right? 530 00:26:17,100 --> 00:26:19,400 And I think that's like a misconception, obviously, can 531 00:26:19,400 --> 00:26:21,600 you explain what a firm believer? 532 00:26:21,700 --> 00:26:23,900 Foreign languages and what people are getting wrong about 533 00:26:23,900 --> 00:26:27,300 it. When it comes to security, Yeah, 534 00:26:27,300 --> 00:26:28,900 sure. See if only verify code that you 535 00:26:28,900 --> 00:26:30,500 wrote, right? And the way that you do that is 536 00:26:30,500 --> 00:26:32,800 you express some security properties about it and then you 537 00:26:32,800 --> 00:26:36,300 prove them, you use a tool to prove them and there's two main 538 00:26:36,300 --> 00:26:39,900 components here, there's what properties you express, and then 539 00:26:39,900 --> 00:26:43,200 there's how you prove them, which creates this widespread 540 00:26:43,200 --> 00:26:45,200 difference in what it means to be formally verified. 541 00:26:45,200 --> 00:26:47,400 Like, if I write a smart contract and it's two thousand 542 00:26:47,400 --> 00:26:50,100 lines of code, and I write a single security property. 543 00:26:50,300 --> 00:26:52,300 Is it formally verified? Yes or no. 544 00:26:52,500 --> 00:26:55,600 So like trying to say the code is formally verified or not as a 545 00:26:55,600 --> 00:26:57,300 binary. It tells me that you don't know 546 00:26:57,300 --> 00:27:00,900 what you're talking about. What's really at issue, here is 547 00:27:00,900 --> 00:27:04,200 what the properties are, the Fidelity of them, like how 548 00:27:04,400 --> 00:27:06,900 accurately they explain the critical functionality of the 549 00:27:06,900 --> 00:27:08,200 code. And then the method that you 550 00:27:08,200 --> 00:27:10,300 used to prove them, because you could prove a security property 551 00:27:10,300 --> 00:27:13,100 with a unit test, but a unit test might only test one, 552 00:27:13,100 --> 00:27:15,600 positive interaction in the contract. 553 00:27:16,100 --> 00:27:18,600 It might not test all the potential negative interactions 554 00:27:18,600 --> 00:27:20,300 all the things that you didn't think about. 555 00:27:20,400 --> 00:27:22,700 So then you start getting into things like fuzz testing where 556 00:27:22,700 --> 00:27:27,400 that's a test case generator so you can use a test Generator to 557 00:27:27,400 --> 00:27:30,700 probabilistically, generate a wide variety of potential 558 00:27:30,700 --> 00:27:32,200 inputs. That might break a security 559 00:27:32,200 --> 00:27:36,000 property and that's good. But then is that the same thing 560 00:27:36,000 --> 00:27:39,300 as a symbolically verified security property or an abstract 561 00:27:39,300 --> 00:27:42,800 interpreted security property. So, all these things kind of 562 00:27:43,000 --> 00:27:47,300 change the Fidelity of the security properties that you've 563 00:27:47,300 --> 00:27:50,300 defined, we're at a very low level, you know, maybe unit test 564 00:27:50,300 --> 00:27:53,100 might be really good place to start, but then over time you 565 00:27:53,100 --> 00:27:55,500 prove that security property with stronger and stronger 566 00:27:55,500 --> 00:27:58,400 methods. That are harder to kind of 567 00:27:58,400 --> 00:28:02,800 Escape gaps in coverage. That's one take on formally 568 00:28:02,800 --> 00:28:07,000 verified software. Another is we published an 569 00:28:07,000 --> 00:28:09,800 academic study trail of bits went back and look through two 570 00:28:09,800 --> 00:28:13,800 years of etherium Security reviews that we had performed. 571 00:28:14,200 --> 00:28:17,300 And we split all the bugs we found into one of two categories 572 00:28:17,300 --> 00:28:20,800 bugs that you can find automatically with a verifier or 573 00:28:20,800 --> 00:28:23,700 other tool and bugs. You can bugs that require a 574 00:28:23,708 --> 00:28:26,500 human brain and we didn't talk about the state of Current 575 00:28:26,500 --> 00:28:28,200 tools, we did that. We actually just talked to 576 00:28:28,200 --> 00:28:31,000 theoretically like, is it possible to build a tool that 577 00:28:31,000 --> 00:28:33,500 finds this bug? And what we found is that 50% of 578 00:28:33,508 --> 00:28:36,300 the bugs that we find could never be found by an automated 579 00:28:36,300 --> 00:28:39,100 tool. Now, there's some gaps in that, 580 00:28:39,100 --> 00:28:40,800 there's, there's some really nice things that came out of 581 00:28:40,808 --> 00:28:43,200 that paper. One thing that came out is that 582 00:28:43,200 --> 00:28:46,100 for the highest risk bugs for the bugs that were the highest 583 00:28:46,100 --> 00:28:49,900 severity and the easiest to exploit. 80% of them can be 584 00:28:49,900 --> 00:28:53,400 found by automated tools. So if you're effectively using 585 00:28:53,800 --> 00:28:56,400 automated tools, including verification tool, Rules. 586 00:28:56,700 --> 00:29:00,100 Then you are wiping away 80% of the highest risk issues that 587 00:29:00,100 --> 00:29:02,200 could show up in your projects which is a great result. 588 00:29:02,300 --> 00:29:04,700 There's a lot here about formally verified software that 589 00:29:04,700 --> 00:29:08,900 I think people don't understand. So when you when you say you 590 00:29:08,900 --> 00:29:13,700 split these bugs up into two categories, the ones that can be 591 00:29:13,700 --> 00:29:16,100 automatically found in the ones that couldn't. 592 00:29:16,400 --> 00:29:21,100 So if this just by like some sort of program that kind of 593 00:29:21,100 --> 00:29:25,700 checks against known bugs is there like some machine learning 594 00:29:25,700 --> 00:29:28,000 artificial Intelligence involved in. 595 00:29:29,300 --> 00:29:31,400 We hand reviewed every single bug. 596 00:29:31,700 --> 00:29:36,400 We had a, we had a team of smart people sit down and think about 597 00:29:36,400 --> 00:29:40,500 every single bug. We found for two years and tried 598 00:29:40,500 --> 00:29:44,400 to imagine in their head. If you know a supercomputer, you 599 00:29:44,400 --> 00:29:47,400 know, alien came down from the future. 600 00:29:47,800 --> 00:29:51,200 And provided us with the perfect tools in the universe to find 601 00:29:51,200 --> 00:29:54,200 software security bugs, would it be possible to find this bug 602 00:29:54,200 --> 00:29:57,000 with that tool? And for 50%? 603 00:29:57,100 --> 00:29:59,600 The answer was no. So you still To have a smart 604 00:29:59,600 --> 00:30:01,100 human. How do you determine that 605 00:30:01,100 --> 00:30:02,000 though? Yeah, exactly. 606 00:30:02,000 --> 00:30:05,300 I have exactly the same question if you kind of have computer and 607 00:30:05,300 --> 00:30:07,800 you don't know that it's a human inside, right away. 608 00:30:07,800 --> 00:30:09,700 See how is that different from a? 609 00:30:09,700 --> 00:30:13,700 Just a super smart computer that you can say, look, you really 610 00:30:13,700 --> 00:30:15,800 need a human to identify this bug. 611 00:30:16,200 --> 00:30:19,300 No computer could ever do it on its own well. 612 00:30:19,300 --> 00:30:22,100 So a lot of it means that you have to think about, okay? 613 00:30:22,200 --> 00:30:24,500 So here's how you talk about it. There's a lot of bugs that are 614 00:30:24,500 --> 00:30:26,900 generic to the programming language, like Access Control 615 00:30:26,900 --> 00:30:29,800 issues. It's a problem if If you forget 616 00:30:29,800 --> 00:30:33,700 to control the access to some kind of function that lets you 617 00:30:33,700 --> 00:30:36,500 upgrade the contract, right? Or kill, kill the contract. 618 00:30:36,800 --> 00:30:41,900 That is a fundamental invariant that you can express for the 619 00:30:41,900 --> 00:30:44,400 entire programming language in all programs written in it. 620 00:30:45,100 --> 00:30:48,000 On the other hand, there are security properties that you 621 00:30:48,000 --> 00:30:50,900 might need to Define that are specific to your contract. 622 00:30:51,600 --> 00:30:55,300 There's something that you are trying to do, and the only way 623 00:30:55,300 --> 00:30:59,000 for me to tell that this is a bug, or this is not a bug, is if 624 00:30:59,100 --> 00:31:01,900 Have a smart developer tell me that that's what their intention 625 00:31:01,900 --> 00:31:04,700 was. But if you have a specification 626 00:31:04,700 --> 00:31:09,000 of some sort that specifies that then you could presumably also 627 00:31:09,000 --> 00:31:10,800 have a computer. I mean I guess that's maybe what 628 00:31:10,800 --> 00:31:13,100 formally verified languages. A lot of you do is you create 629 00:31:13,100 --> 00:31:17,800 kind of this like this framework or the spec in the traditional 630 00:31:17,800 --> 00:31:20,800 software sense, like let's say, so the reason why fathers are 631 00:31:20,800 --> 00:31:25,100 really prevalent inside of like compiled code C and C++ is that 632 00:31:25,100 --> 00:31:28,800 I know that when I get a crash that that's going to be a bug. 633 00:31:29,000 --> 00:31:30,400 Right software should never crash. 634 00:31:30,500 --> 00:31:34,400 So therefore, if I find a crash it is a bug on the other hand. 635 00:31:34,900 --> 00:31:39,700 If I have a smart contract and I managed to, you know, transfer 636 00:31:39,700 --> 00:31:42,000 some money to somebody out on the blockchain. 637 00:31:42,300 --> 00:31:44,800 Is that a bug or not a bug? I don't know because that might 638 00:31:44,800 --> 00:31:48,000 have been my intention to do it. So you really need some element 639 00:31:48,000 --> 00:31:51,000 of guidance that you typically don't need for traditional 640 00:31:51,000 --> 00:31:53,800 software. The other thing here is that a 641 00:31:53,800 --> 00:31:56,900 lot of these vulnerabilities, there's just like high level 642 00:31:56,900 --> 00:31:59,000 logic involved, there's high level thinking. 643 00:31:59,700 --> 00:32:03,100 But a machine is not going to discover on its own and that it 644 00:32:03,100 --> 00:32:06,100 would be incapable of kind of creating on its own. 645 00:32:06,500 --> 00:32:08,200 But there's a blog post that summarizes. 646 00:32:08,200 --> 00:32:11,600 It called 246 findings from a smart contract Audits and 647 00:32:11,600 --> 00:32:15,000 executive summary and we will link to that in the show notes. 648 00:32:15,000 --> 00:32:17,100 Great. We've kind of jumped in the deep 649 00:32:17,100 --> 00:32:21,500 end here, so maybe maybe that's go back to square one. 650 00:32:21,500 --> 00:32:24,900 So basically say I've built a project on E, theorem say some 651 00:32:24,900 --> 00:32:28,800 type of decks and that's a team of developers on the projects. 652 00:32:29,000 --> 00:32:32,100 And we're making the leap to men it. 653 00:32:32,100 --> 00:32:35,400 But of course, we think we should get this audited in. 654 00:32:35,400 --> 00:32:37,500 This is probably one of the times when people call you and 655 00:32:37,500 --> 00:32:39,200 say oh, why can't we start tomorrow? 656 00:32:39,200 --> 00:32:41,100 But you know, like only 2 months from now. 657 00:32:41,400 --> 00:32:44,900 So we call you and what do you guys do? 658 00:32:44,900 --> 00:32:48,000 So they see what us the journey look like first off. 659 00:32:48,500 --> 00:32:50,400 You know, I think there's a misconception that people should 660 00:32:50,400 --> 00:32:52,700 hire security firms. The second that they finish 661 00:32:52,700 --> 00:32:55,200 their software. Usually, that's way too late 662 00:32:55,400 --> 00:32:56,700 for. Exactly the reasons that we just 663 00:32:56,700 --> 00:33:00,500 got done discussing a lot of your Depends on the ability of 664 00:33:00,500 --> 00:33:02,700 the developers to express, what their intentions are. 665 00:33:02,800 --> 00:33:04,500 What are they trying to do with the software? 666 00:33:04,700 --> 00:33:07,800 Did you write a spec for it? And then, did you write the 667 00:33:07,800 --> 00:33:11,100 minimum amount of code necessary to actually Implement that spec? 668 00:33:11,300 --> 00:33:13,500 Because complexity breeds and security and the more 669 00:33:13,500 --> 00:33:15,700 unnecessary parts of your code that you write the more bugs 670 00:33:15,700 --> 00:33:18,200 that you're going to have so engaging with the security 671 00:33:18,200 --> 00:33:19,800 professional early is really critical. 672 00:33:20,500 --> 00:33:22,600 We really like it. When people engage with us at 673 00:33:22,600 --> 00:33:25,200 the design stage, we can talk through different implementation 674 00:33:25,200 --> 00:33:27,500 strategies. That might reduce the foot guns 675 00:33:27,700 --> 00:33:28,900 that they leave in the code base. 676 00:33:29,000 --> 00:33:32,400 The areas where they're likely to have bugs that ends up making 677 00:33:32,400 --> 00:33:35,400 the after-the-fact review the final stamp. 678 00:33:35,700 --> 00:33:40,500 You know, the final test before it goes into the Thunderdome on 679 00:33:40,500 --> 00:33:43,000 the blockchain, it makes that process a lot easier. 680 00:33:43,200 --> 00:33:46,600 So when we do actually get hired for a security review, a lot of 681 00:33:46,600 --> 00:33:49,100 what we end up trying to do is reverse engineer the intentions 682 00:33:49,100 --> 00:33:51,700 of the development team because the developers don't always know 683 00:33:51,700 --> 00:33:53,700 what they are. So it involves a lot of 684 00:33:53,700 --> 00:33:57,200 communication, a lot of, you know, back and forth 685 00:33:57,200 --> 00:34:00,500 conversation about Hey, what were you trying to do here? 686 00:34:00,900 --> 00:34:02,600 What is the intention of the system? 687 00:34:03,200 --> 00:34:05,800 And then will encode that into a spec for the team that we work 688 00:34:05,800 --> 00:34:08,699 with or write out the security properties ourselves will prove 689 00:34:08,699 --> 00:34:12,600 them with property, testing fuzzers, like Echidna or will 690 00:34:12,600 --> 00:34:15,000 prove them with a symbolic verifier, like Manticore. 691 00:34:15,400 --> 00:34:17,199 And in addition to that, we'll find those. 692 00:34:17,199 --> 00:34:19,900 Generic language level invariance, things like a lack 693 00:34:19,900 --> 00:34:24,000 of access control, or integer overflows or re-entrance E and 694 00:34:24,000 --> 00:34:27,400 that kind of stuff that might sink your ship in different ways 695 00:34:27,699 --> 00:34:30,300 that process continues. For, as many weeks of the weeks 696 00:34:30,300 --> 00:34:33,199 of the review that we have and then what we do at the end, we 697 00:34:33,199 --> 00:34:35,199 sort of doing this a couple months ago, about two months 698 00:34:35,199 --> 00:34:39,199 ago, is now, we also include a code maturity evaluation because 699 00:34:39,300 --> 00:34:42,199 security isn't really like, okay, great, you're done now, 700 00:34:42,199 --> 00:34:44,699 like somebody looked at your code, all the bugs are gone, 701 00:34:45,000 --> 00:34:48,199 that's not how it works. Because you created that code, 702 00:34:48,199 --> 00:34:51,000 you could have hidden any number of potential issues in there. 703 00:34:51,000 --> 00:34:54,100 And really what we're doing is assisting you that's why I call 704 00:34:54,100 --> 00:34:56,699 it a Security review, not a security audit, right? 705 00:34:56,699 --> 00:35:00,600 This isn't like accounting or I can tell you Everything is like 706 00:35:00,600 --> 00:35:02,600 you know all the dollars are properly accounted for and 707 00:35:02,607 --> 00:35:04,100 therefore you're not committing fraud. 708 00:35:04,700 --> 00:35:08,800 This is more of a probabilistic check where hey, you know I 709 00:35:08,808 --> 00:35:10,600 noticed you're doing some things that aren't so great. 710 00:35:10,600 --> 00:35:13,200 It's like you know, when I used to play baseball as a kid, I 711 00:35:13,500 --> 00:35:16,100 videotape myself swinging the bat and then watch it. 712 00:35:16,100 --> 00:35:18,200 And I'd have somebody else that new a lot better. 713 00:35:18,200 --> 00:35:20,000 How to play baseball? Take a look at it and say, oh, 714 00:35:20,000 --> 00:35:21,900 you need to step like this and then you'll connect with the 715 00:35:21,900 --> 00:35:24,300 ball better. That's kind of what a Security 716 00:35:24,300 --> 00:35:26,600 Professionals doing. They're trying to tune you up. 717 00:35:26,900 --> 00:35:30,400 So, you produce the most secure code And so, the code maturity 718 00:35:30,400 --> 00:35:34,100 evaluations, give you a long-term view as to where you 719 00:35:34,100 --> 00:35:36,900 are in the process. Like, what is the state, what is 720 00:35:36,900 --> 00:35:39,100 the maturity of your testing and verification? 721 00:35:39,100 --> 00:35:41,200 What are the maturity of your access controls? 722 00:35:41,500 --> 00:35:43,700 What is the maturity of your use of assembly? 723 00:35:44,200 --> 00:35:46,000 And how is that going to cause or not? 724 00:35:46,000 --> 00:35:49,100 Cause issues in the future? Because this doesn't really end 725 00:35:49,100 --> 00:35:51,400 after you release. Usually, you've got a version to 726 00:35:51,400 --> 00:35:55,100 that's cooking, or there might just be advances in the field or 727 00:35:55,100 --> 00:35:57,100 the Block Chain itself could change underneath you, you know, 728 00:35:57,100 --> 00:35:58,900 who knows what the etherium foundation. 729 00:35:59,200 --> 00:36:03,000 I was going to push in there. You know, next biannual hard 730 00:36:03,000 --> 00:36:06,600 Fork that might eliminate all the kinds of security 731 00:36:06,600 --> 00:36:09,200 protections that you put in place or or the next person to 732 00:36:09,200 --> 00:36:12,400 invent flash loans that all of a sudden takes the security margin 733 00:36:12,400 --> 00:36:15,000 that you had for interacting with the all your oracle's and 734 00:36:15,000 --> 00:36:18,600 drops it to the floor. What for exactly these reasons. 735 00:36:18,600 --> 00:36:22,000 Basically, what we see more and more upgradeable contracts, 736 00:36:22,000 --> 00:36:23,900 right? So upgradeable smart contracts, 737 00:36:23,900 --> 00:36:26,500 but they come with them. Their own pitfalls. 738 00:36:26,900 --> 00:36:30,900 Can you talk about that? Yeah, so upgradeable contracts 739 00:36:30,900 --> 00:36:32,800 are really interesting case study because there, another 740 00:36:32,800 --> 00:36:35,700 example, where the solidity language shoots itself in the 741 00:36:35,707 --> 00:36:38,800 foot, like, in order to do upgradable contracts, you have 742 00:36:38,800 --> 00:36:42,100 to, you have to use a substantial amount of low-level 743 00:36:42,100 --> 00:36:45,700 solidity to get them done. And the fact of the matter is 744 00:36:45,700 --> 00:36:49,400 that we've identified 17 unique ways that upgradeable contracts 745 00:36:49,400 --> 00:36:54,300 can fail and either lock your contract or lose everyone's data 746 00:36:54,300 --> 00:36:56,900 or be exploitable. After you put them on the 747 00:36:56,908 --> 00:37:00,600 blockchain and It's really not as simple as people think. 748 00:37:01,100 --> 00:37:03,700 Not only that, but it creates risk because now you're, you 749 00:37:03,700 --> 00:37:05,700 have to handle private keys on your corporate. 750 00:37:05,700 --> 00:37:08,100 It like, you know, you've got a network somewhere. 751 00:37:08,100 --> 00:37:11,000 You've got a computer somewhere. That's got some keys that let 752 00:37:11,000 --> 00:37:13,700 you manipulate the functionality of a smart contract on the 753 00:37:13,700 --> 00:37:17,200 blockchain, which is massively fraught with risk for a number 754 00:37:17,200 --> 00:37:19,200 of reasons. Doesn't that defy, the whole 755 00:37:19,200 --> 00:37:23,400 point of a blockchain, it does. It really does. 756 00:37:23,700 --> 00:37:27,100 So I trilobites were not too big fans of upgradeable contracts. 757 00:37:27,100 --> 00:37:29,500 We understand the need for them, like it's Critical that people 758 00:37:29,500 --> 00:37:32,500 have you know contracts that can pause when they're having a 759 00:37:32,508 --> 00:37:34,400 security issue. It's critical that people can 760 00:37:34,400 --> 00:37:36,700 recover from an incident when they experienced one. 761 00:37:37,100 --> 00:37:40,800 But the methods that people use for upgradeable contracts today 762 00:37:41,200 --> 00:37:44,900 tend to be inherently unsafe again Slither is a tool that 763 00:37:44,900 --> 00:37:48,500 enables us to only find bugs once or only have to find bugs 764 00:37:48,500 --> 00:37:52,400 ones and we've encoded all those strategies for, you know, 765 00:37:52,400 --> 00:37:54,900 accidentally failing threatened, upgrade will contract correctly 766 00:37:55,100 --> 00:37:57,100 into Slither. So it checks for all those 17 767 00:37:57,100 --> 00:38:00,100 cases of failure, Doesn't mean that's exhaustive. 768 00:38:00,200 --> 00:38:03,000 There's probably more and there's a lot of other ways that 769 00:38:03,000 --> 00:38:04,400 can go wrong. Like, you can just get hacked 770 00:38:04,400 --> 00:38:07,900 and lose your keys, which is another thing that we consult on 771 00:38:07,900 --> 00:38:10,400 like how to use an HSM to store them like a professional. 772 00:38:10,800 --> 00:38:14,300 But upgradeable contracts tend to carry a lot of risk with 773 00:38:14,300 --> 00:38:16,900 them. So, instead we try to promote 774 00:38:16,900 --> 00:38:19,700 the use of contract migration, which is just burning the whole 775 00:38:19,700 --> 00:38:22,400 house down. When you've got a contract or 776 00:38:22,400 --> 00:38:26,300 token or whatever out there on the blockchain, you can save all 777 00:38:26,300 --> 00:38:28,500 the data and roll it over to a brand new car. 778 00:38:28,700 --> 00:38:31,500 I tracked that presents a lot of issues. 779 00:38:32,300 --> 00:38:36,000 Since clearly you have to notify people that might be using your 780 00:38:36,000 --> 00:38:39,400 old code to use your new code. Also has implications that defy 781 00:38:39,400 --> 00:38:42,500 space since there might be some, you know, defy app that's 782 00:38:42,500 --> 00:38:45,400 sitting up there on the blockchain that's hard-coded to 783 00:38:45,700 --> 00:38:48,600 think that you're at a certain address but now you're not how 784 00:38:48,600 --> 00:38:51,300 do you fix that? So you know, there's not 785 00:38:51,300 --> 00:38:53,800 challenges to it but it's inherently safer since there's a 786 00:38:53,808 --> 00:38:55,900 lot less moving Parts, it's cleaner. 787 00:38:56,600 --> 00:38:59,800 I also think it's more honest I totally see that. 788 00:38:59,800 --> 00:39:01,900 I mean, that's that's pros and cons, right? 789 00:39:01,900 --> 00:39:04,500 So I totally see that. It's probably the most secure 790 00:39:04,500 --> 00:39:06,500 way or it's definitely the most secure way. 791 00:39:06,900 --> 00:39:10,500 Then the question is, do you kind of leave it up there and 792 00:39:10,500 --> 00:39:12,900 just tell people to migrate and then, basically, you have the 793 00:39:12,900 --> 00:39:15,800 problem of split liquidity and different versions. 794 00:39:15,800 --> 00:39:19,100 And you can't do that too often and it's kind of fraud, both 795 00:39:19,100 --> 00:39:21,700 ways. So, when we think about Security 796 00:39:21,700 --> 00:39:26,000 in blockchain technology, we almost invariably go straight to 797 00:39:26,000 --> 00:39:29,600 Smart contract failures that There's also plenty of, you 798 00:39:29,600 --> 00:39:32,100 know, like front-end and back-end vulnerabilities, that 799 00:39:32,100 --> 00:39:37,500 we pay not as close of a mine too and so they're often 800 00:39:37,500 --> 00:39:39,400 overlooked. So for instance, with what 801 00:39:39,400 --> 00:39:42,900 happened with Luke, bring a couple of months ago, I don't 802 00:39:42,900 --> 00:39:45,000 know whether you remember that. I don't. 803 00:39:45,600 --> 00:39:49,700 It was about the way that hash was stored somewhere and there 804 00:39:49,700 --> 00:39:52,500 was like a limited number of hashes that they were actually 805 00:39:52,500 --> 00:39:53,800 using. They were they were, they were 806 00:39:53,800 --> 00:39:55,900 generating hashes and 32-bit space. 807 00:39:57,200 --> 00:40:02,700 That sounds bad. Do you think we pay too little 808 00:40:02,700 --> 00:40:05,500 attention to the things that happen around the smart 809 00:40:05,500 --> 00:40:07,300 contract? So, basically, the front-end and 810 00:40:07,300 --> 00:40:10,400 back-end infrastructure brother, because everyone goes straight 811 00:40:10,400 --> 00:40:13,200 to the smart contract, right? And people do smart contract 812 00:40:13,200 --> 00:40:17,000 audits, but I know a few of fewer companies who actually do 813 00:40:17,200 --> 00:40:21,100 complete front and back-end audits, just because it's an 814 00:40:21,100 --> 00:40:24,300 expensive thing to do, right? Yeah, I mean I think there's 815 00:40:24,300 --> 00:40:26,600 some properties about smart contracts that make them a 816 00:40:26,607 --> 00:40:30,300 little bit more. Like I think it's correct that 817 00:40:30,300 --> 00:40:33,100 you focus on them for the first line of your Security review. 818 00:40:33,700 --> 00:40:35,500 They're fully exposed to the public. 819 00:40:35,500 --> 00:40:38,700 Anybody can go read and run the code which is really unique. 820 00:40:38,700 --> 00:40:40,200 Right? If you have like server 821 00:40:40,200 --> 00:40:43,200 infrastructure up in the cloud somewhere, I can easily grab the 822 00:40:43,200 --> 00:40:44,700 source code to that and start messing with it. 823 00:40:44,700 --> 00:40:47,800 I have to I have to just poke a black box which is a 824 00:40:47,800 --> 00:40:50,400 fundamentally different kind of problem to solve on the other 825 00:40:50,400 --> 00:40:53,100 hand the information you know, quote unquote. 826 00:40:53,200 --> 00:40:56,300 Formation that you steal from a smart contract is inherently 827 00:40:56,300 --> 00:40:58,900 financially valuable. So when you think about this, 828 00:40:58,900 --> 00:41:01,300 from an attackers perspective, what they love, what they 829 00:41:01,300 --> 00:41:04,700 ultimately usually want to do is make money, sometimes they want 830 00:41:04,700 --> 00:41:07,100 to get Fame, sometimes they just want to, harass people and 831 00:41:07,100 --> 00:41:10,500 troll, but for the most part, they want to make money. 832 00:41:10,700 --> 00:41:14,000 It's much easier to make money, hacking a smart contract than it 833 00:41:14,000 --> 00:41:17,700 is to hack a server somewhere on the internet because once you 834 00:41:17,700 --> 00:41:20,400 hack the server, usually, that's a pivot point axis, something 835 00:41:20,400 --> 00:41:22,600 else that does have Financial value. 836 00:41:22,600 --> 00:41:26,500 So there's more Steps involved in cashing out, right? 837 00:41:26,700 --> 00:41:29,500 So for those reasons, it's definitely appropriate to focus 838 00:41:29,500 --> 00:41:33,300 on the smart contract, part first, but, yeah, by no means 839 00:41:33,300 --> 00:41:36,100 don't stop there. You absolutely need to think 840 00:41:36,100 --> 00:41:38,700 through the entire perspective because again, how secure is 841 00:41:38,700 --> 00:41:41,200 your smart contract. If you publish the keys for 842 00:41:41,200 --> 00:41:43,500 upgrading it on the internet, right? 843 00:41:44,600 --> 00:41:47,600 If you're just throwing them on your personal laptop and that 844 00:41:47,600 --> 00:41:50,500 person laptop attacked then. So does the smart contract and 845 00:41:50,500 --> 00:41:51,800 every single piece of data on it. 846 00:41:52,000 --> 00:41:53,800 So, yeah, depending on You trust. 847 00:41:53,800 --> 00:41:56,700 And the way that you designed your system, the security of 848 00:41:56,700 --> 00:41:59,400 your oracle's, the security of cloud infrastructure, the 849 00:41:59,400 --> 00:42:02,000 security of your mobile applications, the security of 850 00:42:02,000 --> 00:42:05,500 your authentication system can all play a role in. 851 00:42:05,500 --> 00:42:08,100 Ultimately, the security of your product, which is what you need 852 00:42:08,100 --> 00:42:10,200 to think about. You need to think about, is this 853 00:42:10,200 --> 00:42:14,500 product, doing the things that my clients expect it to or am I 854 00:42:14,508 --> 00:42:17,000 going to unintentionally lose all their body or 855 00:42:17,000 --> 00:42:19,600 unintentionally, do something that they don't expect, right? 856 00:42:20,300 --> 00:42:23,400 And and that's a larger problem than simply is your smart 857 00:42:23,400 --> 00:42:25,500 contract safe. For a lot of clients. 858 00:42:25,500 --> 00:42:27,600 We've actually started doing threat models people in the 859 00:42:27,600 --> 00:42:29,600 Block Chain. Space haven't been to up on it 860 00:42:30,000 --> 00:42:32,200 because they're more like interested in the really quick. 861 00:42:32,200 --> 00:42:34,300 Kind of like, you know, rush out to production. 862 00:42:34,600 --> 00:42:38,900 I know what I need and, you know, I'm really kind of 863 00:42:38,900 --> 00:42:43,200 ego-driven secure Tech Master of the Universe and not a lot of 864 00:42:43,207 --> 00:42:46,200 people stop and think, like, okay, well, what don't I know 865 00:42:46,300 --> 00:42:49,700 and what should the interactions be between the systems that I've 866 00:42:49,700 --> 00:42:53,000 designed and what are the risks that I need to mitigate against? 867 00:42:53,300 --> 00:42:56,800 So, for a lot of people in more mature Fields, we've been doing 868 00:42:56,800 --> 00:43:00,900 threat models, for instance, election systems voting systems, 869 00:43:01,300 --> 00:43:04,700 not closely related to governance systems but not quite 870 00:43:05,200 --> 00:43:07,200 for those. You know, you could throw 871 00:43:07,200 --> 00:43:10,200 security at the wall and see what sticks you could just go 872 00:43:10,200 --> 00:43:12,200 and say hey I've got 10 code bases, I'm going to have 873 00:43:12,200 --> 00:43:13,900 somebody do an application Security review. 874 00:43:13,900 --> 00:43:15,300 I'm going to make sure that I can't crash. 875 00:43:15,300 --> 00:43:18,400 But really what you want to understand is how easy is it for 876 00:43:18,400 --> 00:43:19,900 someone to manipulate this election? 877 00:43:20,200 --> 00:43:23,800 How do users interact with the voting system that I've Designed 878 00:43:24,300 --> 00:43:28,100 is it possible to hack the end-user and somehow convince 879 00:43:28,100 --> 00:43:31,300 them to use the system in a way that they're not supposed to, 880 00:43:31,300 --> 00:43:33,500 like, you know, can I tell people to download the wrong 881 00:43:33,500 --> 00:43:35,700 mobile app? Maybe it's not even a security 882 00:43:35,800 --> 00:43:39,200 issue in my system, but it's the way that I communicate things 883 00:43:39,200 --> 00:43:42,100 about it, so we've done a lot more threat models. 884 00:43:42,100 --> 00:43:44,800 We've tried to figure out like, what's actually important for 885 00:43:44,800 --> 00:43:46,400 the blockchain. This is the same thing. 886 00:43:46,400 --> 00:43:49,500 Like if you want to sit down and start developing security 887 00:43:49,500 --> 00:43:51,700 properties, for a piece of blockchain software, what 888 00:43:51,700 --> 00:43:53,000 properties are you going to write? 889 00:43:53,500 --> 00:43:55,500 What are the interesting properties to express? 890 00:43:55,800 --> 00:43:58,200 And in order to answer that question, you need an accurate 891 00:43:58,200 --> 00:43:59,600 understanding of your threat model. 892 00:44:00,200 --> 00:44:02,600 We use a couple tactics for building threat models. 893 00:44:02,600 --> 00:44:05,400 We use Mozilla has rapid risk assessments. 894 00:44:05,400 --> 00:44:10,400 Most frequently there are really gray 30 to 60-minute scripted 895 00:44:10,400 --> 00:44:13,100 interview that you have with a developer to help them 896 00:44:13,100 --> 00:44:16,200 understand, what's actually, at risk in the software they've 897 00:44:16,200 --> 00:44:18,400 built. But then other times, there's 898 00:44:18,400 --> 00:44:22,800 nist standards, there's all this Adam szustak kind of literature 899 00:44:22,800 --> 00:44:25,100 that came. Microsoft, that are a lot more 900 00:44:25,100 --> 00:44:28,000 heavyweight, but the rapid risk assessment stuff fits really 901 00:44:28,000 --> 00:44:30,100 well into a one or two week Consulting engagements. 902 00:44:30,100 --> 00:44:32,600 That's what we end up referring. If you want to see an example of 903 00:44:32,600 --> 00:44:35,200 that. We have a great example of a 904 00:44:35,200 --> 00:44:38,100 really well developed threat model up on our Publications 905 00:44:38,100 --> 00:44:40,000 repository. That we did four votes, a 906 00:44:40,000 --> 00:44:42,200 blockchain voting system. That's the area where all this 907 00:44:42,200 --> 00:44:44,700 stuff overlapped. It was quite entertaining to us 908 00:44:44,700 --> 00:44:47,300 to get a client that had both but you know, you can see what 909 00:44:47,300 --> 00:44:49,900 it looks like and we'll be publishing more of those as time 910 00:44:49,900 --> 00:44:51,200 goes on. So hopefully there's stuff that 911 00:44:51,200 --> 00:44:55,000 people can learn from. Okay, we link to that as well. 912 00:44:55,400 --> 00:44:59,500 We've talked about the security vulnerabilities of individual 913 00:44:59,700 --> 00:45:02,200 smart contracts but now it gets even trickier. 914 00:45:02,200 --> 00:45:04,300 Right? So basically in the defy space 915 00:45:04,300 --> 00:45:07,600 and then the open finance space composability is key. 916 00:45:07,900 --> 00:45:11,300 And we have seen several attacks and vulnerabilities over the 917 00:45:11,700 --> 00:45:16,200 just over the last past months who's Gateway was leveraging 918 00:45:16,200 --> 00:45:18,900 some weakness in composed protocols. 919 00:45:19,100 --> 00:45:23,100 So what do you think we should be doing about that so who Be 920 00:45:23,100 --> 00:45:27,000 responsible for checking that thing's actually fit together 921 00:45:27,000 --> 00:45:29,200 and that basically interfaces work. 922 00:45:29,200 --> 00:45:32,400 And is it the people who actually build the blocks and 923 00:45:32,600 --> 00:45:35,800 thereby also the interfaces or is it the people who are kind of 924 00:45:36,400 --> 00:45:40,400 use these money Legos to build, like more complex, protocols or 925 00:45:40,400 --> 00:45:42,700 should the users check? Or should we have like an 926 00:45:42,700 --> 00:45:45,800 external body? That kind of satisfies, these 927 00:45:45,800 --> 00:45:48,800 kind of composed protocols, what's your take on this? 928 00:45:50,200 --> 00:45:53,000 Yeah, so I mean for better for us, there's no gatekeeping. 929 00:45:53,000 --> 00:45:55,600 Like I can't, you can't tell me that I can't put code on the 930 00:45:55,600 --> 00:45:58,400 blockchain. So, ultimately, this is what 931 00:45:59,500 --> 00:46:01,900 creates all bunch of surprises that people have to deal with 932 00:46:02,400 --> 00:46:06,100 the defy space. I think is really immature like 933 00:46:06,100 --> 00:46:10,700 it's a beta, use case for etherium, and for blockchain 934 00:46:10,700 --> 00:46:13,100 technology in general. And people need to understand 935 00:46:13,100 --> 00:46:15,700 that people are throwing a lot of money in to defy applications 936 00:46:15,700 --> 00:46:18,600 right now and are kind of holistic, end-to-end 937 00:46:18,600 --> 00:46:20,400 understanding of exactly. A whole Field. 938 00:46:20,400 --> 00:46:23,600 Works is very limited. So I expect that there's going 939 00:46:23,600 --> 00:46:25,900 to be failures and that there's going to be these new use cases 940 00:46:25,900 --> 00:46:28,700 that people come up with whether it's a flash loan or a 941 00:46:28,700 --> 00:46:32,300 deflationary token or like, whatever people end up 942 00:46:32,300 --> 00:46:35,300 designing, that flips, all the security properties. 943 00:46:35,300 --> 00:46:38,600 I thought I had on its head. So the D5 space, I think users 944 00:46:38,600 --> 00:46:42,100 really need to understand. It is a work in progress. 945 00:46:42,200 --> 00:46:44,800 This is not like, just because I've got a couple of Legos, 946 00:46:44,800 --> 00:46:48,100 doesn't mean I can just start using them today and not suffer 947 00:46:48,100 --> 00:46:49,700 any potential consequences like theirs. 948 00:46:49,900 --> 00:46:52,800 Always going to be some downside risk and the downside risk in 949 00:46:52,800 --> 00:46:56,600 the D5 space right now, is really high because that level 950 00:46:56,600 --> 00:46:58,200 of maturity just is not there yet. 951 00:46:58,900 --> 00:47:01,500 I think there's a lot of other things than defy space that kind 952 00:47:01,500 --> 00:47:05,100 of caused me concern. And for people listening to 953 00:47:05,100 --> 00:47:07,300 this, they can't see my body language right now, as I'm kind 954 00:47:07,300 --> 00:47:12,100 of like nervously, rubbing myself just like all the defy 955 00:47:12,100 --> 00:47:15,200 space stuff, stresses me out. You know, there's assets with 956 00:47:15,200 --> 00:47:19,000 really low liquidity, even ignoring flash loans, there's 957 00:47:19,000 --> 00:47:23,700 things that people Very limited amount of money can interact 958 00:47:23,700 --> 00:47:25,800 with and cause failures for other people. 959 00:47:26,500 --> 00:47:29,700 There's all this Reliance on external oracle's we're not 960 00:47:29,700 --> 00:47:31,900 everybody that's deploying a defy application. 961 00:47:31,900 --> 00:47:35,400 Has evaluated how secure their system is against that Oracle 962 00:47:35,400 --> 00:47:38,800 being manipulated or how many oracle's being manipulated or 963 00:47:38,800 --> 00:47:40,900 what the cost is to manipulate an oracle. 964 00:47:40,900 --> 00:47:44,900 Like just that kind of full system thinking really isn't 965 00:47:44,900 --> 00:47:48,400 there. How can you have full system 966 00:47:48,400 --> 00:47:51,800 thinking, when, if the number of oracle's you can have in a 967 00:47:51,808 --> 00:47:55,700 system is basically unlimited. And then, on top of that, like 968 00:47:55,700 --> 00:47:59,600 the number of bugs, you can have per Oracle is unlimited, right? 969 00:47:59,800 --> 00:48:02,400 You're basically just reducing the security to the lowest 970 00:48:02,400 --> 00:48:04,300 common denominator and you don't know what that is. 971 00:48:04,300 --> 00:48:07,800 So it's like, you know, it's virtually impossible. 972 00:48:07,800 --> 00:48:11,700 Then in that case, if you have external inputs to a system to 973 00:48:11,700 --> 00:48:15,700 ensure full security Yeah, I mean, it gets even worse. 974 00:48:15,700 --> 00:48:17,900 When you start thinking about external contract, interactions, 975 00:48:17,900 --> 00:48:19,700 right? Like, there's a lot of players 976 00:48:19,700 --> 00:48:22,300 out there, you know? The compound folks, I think are 977 00:48:22,300 --> 00:48:24,000 one of the best where they whitelisted. 978 00:48:24,000 --> 00:48:26,300 A lot of the interactions they have with external contracts 979 00:48:26,300 --> 00:48:28,600 because you just don't know exactly what everyone's going to 980 00:48:28,600 --> 00:48:32,300 do and you need to carefully, consider all the interactions 981 00:48:32,300 --> 00:48:34,500 between yourself and a counterparty before you start 982 00:48:34,500 --> 00:48:37,100 engaging with them. There's a lot of contracts out 983 00:48:37,100 --> 00:48:39,600 there that say that they're ERC 20 but don't actually implement 984 00:48:39,600 --> 00:48:43,900 the spec is the easiest example. There's a lot of Acts out there 985 00:48:43,900 --> 00:48:47,200 that, you know, if you don't flow through all the second 986 00:48:47,200 --> 00:48:50,500 third, fourth order, effects of what it is to interact with a 987 00:48:50,508 --> 00:48:52,800 given contract. Then there's the potential that 988 00:48:52,800 --> 00:48:55,800 somebody finds one of those composability issues and gives 989 00:48:55,800 --> 00:48:58,900 you a really bad day. So I think it's really incumbent 990 00:48:58,900 --> 00:49:01,600 on defy applications at least right now to take these baby 991 00:49:01,600 --> 00:49:04,600 steps towards full decentralization and not exactly 992 00:49:04,600 --> 00:49:06,600 go for hey I'm going to interact with the whole world and 993 00:49:06,607 --> 00:49:08,700 everybody on the blockchain could call every single function 994 00:49:08,700 --> 00:49:09,600 of mine. And I'm going to call every 995 00:49:09,600 --> 00:49:12,300 single function with areas and it's going to be great because 996 00:49:12,700 --> 00:49:14,900 it ends up taking On too much risk to quickly. 997 00:49:15,700 --> 00:49:18,100 So I think a lot of people in the D5 space need to take some 998 00:49:18,100 --> 00:49:20,700 baby steps and be sure of themselves. 999 00:49:20,700 --> 00:49:24,300 When they take those steps through either Security, review 1000 00:49:24,900 --> 00:49:28,100 really effective and thorough modeling work with economists to 1001 00:49:28,100 --> 00:49:31,500 figure out a second sentence and actually understand what kind of 1002 00:49:31,500 --> 00:49:34,000 risk their inheriting. Maybe do a threat model, right? 1003 00:49:34,500 --> 00:49:36,900 Understand what kind of risk that they're inheriting by 1004 00:49:37,600 --> 00:49:42,300 interacting with those systems or creating certain features so 1005 00:49:42,300 --> 00:49:43,900 I thank you that stupid. Resting. 1006 00:49:44,000 --> 00:49:48,700 So there's a different kind of bug that we don't think about 1007 00:49:48,700 --> 00:49:52,300 often after basically composed abilities and everyone's at the 1008 00:49:52,300 --> 00:49:56,400 Forefront of everyone's mind. But there's one thing that a lot 1009 00:49:56,400 --> 00:49:58,900 of people who've been in the ecosystem for a very long time. 1010 00:49:58,900 --> 00:50:02,300 I deathly afraid about but that we rarely talk about. 1011 00:50:02,300 --> 00:50:05,600 So bugs in the compiler just because if there's a bug in the 1012 00:50:05,600 --> 00:50:09,500 compiler that kind of causes a certain era and basically it's 1013 00:50:09,500 --> 00:50:12,600 kind of people don't generally check bytecode and in their 1014 00:50:12,600 --> 00:50:16,000 audits. We kind of rely on on the code 1015 00:50:16,000 --> 00:50:19,000 itself and the AST and so on. We don't really check the bad 1016 00:50:19,000 --> 00:50:20,800 code. So do you have thoughts on this? 1017 00:50:20,800 --> 00:50:23,200 So are we too reliant on individual? 1018 00:50:23,200 --> 00:50:27,500 Contact compilers a little bit? You know I like I said earlier 1019 00:50:27,500 --> 00:50:30,500 the quality of the compiler that most of us are using solidity 1020 00:50:30,500 --> 00:50:34,300 compilers extremely low. So the testing just really isn't 1021 00:50:34,300 --> 00:50:36,100 there and there's an ongoing discussion right now. 1022 00:50:36,100 --> 00:50:38,100 About improving. Some of that testing by actually 1023 00:50:38,100 --> 00:50:41,700 importing some of the techniques from Slither and offering more 1024 00:50:41,700 --> 00:50:46,800 standardized interfaces for Or software like ideas and testing 1025 00:50:46,800 --> 00:50:50,100 tools so that we don't accidentally break the entire 1026 00:50:50,100 --> 00:50:53,000 ecosystem of tools that people rely on to test the software 1027 00:50:53,000 --> 00:50:55,800 that they that they create, you know, by updating the compiler. 1028 00:50:56,300 --> 00:50:59,700 But it is a little bit of a misconception that we're not 1029 00:50:59,700 --> 00:51:02,100 testing by code. Most the tools out there that 1030 00:51:02,100 --> 00:51:04,200 are doing property, testing, or doing some bollocks 1031 00:51:04,200 --> 00:51:07,100 verification, or are doing abstract, interpretation are 1032 00:51:07,100 --> 00:51:08,300 actually working on the bike code. 1033 00:51:08,700 --> 00:51:11,400 So, when you get a manual review, normally that manual 1034 00:51:11,400 --> 00:51:13,900 review is of the solidity. That Wrote. 1035 00:51:14,100 --> 00:51:16,200 And then if you have a static analyzer, that's that 1036 00:51:16,200 --> 00:51:18,300 economizers. Usually, again, going to be of 1037 00:51:18,300 --> 00:51:20,500 the solidity that you wrote. So, you inherit some potential 1038 00:51:20,500 --> 00:51:23,800 bugs from the compiler, but when you're writing properties, 1039 00:51:23,800 --> 00:51:27,000 writing security properties. In general, the approach that 1040 00:51:27,000 --> 00:51:28,600 Engineers have taken towards building. 1041 00:51:28,600 --> 00:51:32,400 Those tools has been to evaluate those security properties on the 1042 00:51:32,400 --> 00:51:34,200 byte code that gets put into the blockchain. 1043 00:51:34,800 --> 00:51:39,800 The risk is that the emulation that you're doing for the 1044 00:51:39,800 --> 00:51:43,000 etherium virtual machine to evaluate that bytecode, might 1045 00:51:43,000 --> 00:51:46,200 not Be identical to the etherium virtual machine that powers the 1046 00:51:46,207 --> 00:51:48,800 blockchain. I have a python aetherium 1047 00:51:48,800 --> 00:51:51,300 virtual machine that's built inside Manticore. 1048 00:51:52,000 --> 00:51:55,600 Is that identical to the execution of the etherium 1049 00:51:55,600 --> 00:51:58,300 virtual machine on the real blockchain, I try to get it to 1050 00:51:58,308 --> 00:52:01,100 be as close as possible but there's always the potential 1051 00:52:01,100 --> 00:52:02,700 that there's Divergence was there as well. 1052 00:52:03,100 --> 00:52:06,000 So, you know, this is a little bit of a like, you know, Turtles 1053 00:52:06,000 --> 00:52:09,000 all the way down but every single one of these things that 1054 00:52:09,000 --> 00:52:11,800 you do ends up reducing the scope of what can go wrong. 1055 00:52:11,800 --> 00:52:15,100 Like it doesn't hurt you. To do a manual code review and 1056 00:52:15,100 --> 00:52:18,700 find bugs and solidity. That only helps, it doesn't hurt 1057 00:52:18,700 --> 00:52:22,300 you to depend on a from scratch python implementation of the 1058 00:52:22,300 --> 00:52:25,000 etherium virtual machine. It generally only helps you find 1059 00:52:25,000 --> 00:52:27,500 bugs. So these things over time like 1060 00:52:27,500 --> 00:52:30,000 you get this preponderance of evidence like okay I've reviewed 1061 00:52:30,000 --> 00:52:34,100 the the source code I've statically checked it with a 1062 00:52:34,100 --> 00:52:36,800 linter. I have property tests that run 1063 00:52:36,800 --> 00:52:40,300 on the etherium virtual machine and then I'm only going to 1064 00:52:40,300 --> 00:52:42,300 compile it with a safe version of the compiler. 1065 00:52:42,300 --> 00:52:44,300 So for instance, a wreck mendacious that your lab it's 1066 00:52:44,300 --> 00:52:46,900 makes and our reports is. We don't want you to use the 1067 00:52:46,900 --> 00:52:48,800 latest version of the solidity, compiler. 1068 00:52:49,400 --> 00:52:52,200 We actually roll back two versions that we think are safe. 1069 00:52:53,100 --> 00:52:55,200 I don't know the exact version that we recommend now, but 1070 00:52:55,200 --> 00:52:57,700 generally, we look at the maturity of new features, 1071 00:52:57,700 --> 00:53:02,000 they're developing and take our own view as to how safe we 1072 00:53:02,000 --> 00:53:04,000 think. The long term will be for each 1073 00:53:04,000 --> 00:53:08,000 of those those features and then we you know, recommend something 1074 00:53:08,000 --> 00:53:09,600 before those features were introduced. 1075 00:53:09,900 --> 00:53:14,200 So things like the API encoder version to the Parsing, that 1076 00:53:14,200 --> 00:53:17,400 kind of stuff, I would absolutely avoid and use a 1077 00:53:17,408 --> 00:53:18,600 version of the solidity. Compiler. 1078 00:53:18,600 --> 00:53:22,700 That's older since less likely to have bugs, you know, 1079 00:53:22,900 --> 00:53:25,400 introduced into your code. Sure. 1080 00:53:25,800 --> 00:53:28,300 And so are there other dark horses in the blockchain 1081 00:53:28,300 --> 00:53:31,400 security space for that should keep us up at night? 1082 00:53:31,600 --> 00:53:35,100 I mean, how do you feel about non Quantum resistant code? 1083 00:53:35,100 --> 00:53:36,500 Is that something we should worry about? 1084 00:53:36,500 --> 00:53:38,600 What, what should we do? What should we worry about that? 1085 00:53:38,600 --> 00:53:40,000 We're currently not worrying about. 1086 00:53:40,000 --> 00:53:43,200 So give us some nightmares. Yeah, sure. 1087 00:53:43,400 --> 00:53:45,800 I mean the post Quantum stuff. I'm not I'm not super worried 1088 00:53:45,800 --> 00:53:47,000 post. Quantum stuff does not keep me 1089 00:53:47,000 --> 00:53:48,500 up at night. I think it's still an open 1090 00:53:48,500 --> 00:53:51,800 question if quantum computer can even exist, you know, a lot of 1091 00:53:51,808 --> 00:53:55,900 people talk about the the number of qubits and whatever that you 1092 00:53:55,900 --> 00:53:59,800 can get and how that's growing over time and there's a larger 1093 00:53:59,800 --> 00:54:02,900 number of cubic quantum computers, but that's not 1094 00:54:02,900 --> 00:54:05,800 actually the, the metric that people use to evaluate, a 1095 00:54:05,900 --> 00:54:08,600 quantum computer works or not because you have to deal with 1096 00:54:08,600 --> 00:54:12,000 noise, the larger, your Quantum system is the more noise that 1097 00:54:12,000 --> 00:54:14,900 you To look through in order to get results out the other end. 1098 00:54:15,200 --> 00:54:17,500 And what we've seen is that as these quantum computers scale 1099 00:54:17,500 --> 00:54:20,200 up, so does the noise and the end up kind of equaling each 1100 00:54:20,200 --> 00:54:22,900 other out. So I don't think that like, 1101 00:54:22,900 --> 00:54:25,100 Quantum Computing is a five-year problem. 1102 00:54:25,500 --> 00:54:27,100 It's definitely not a 10-year problem either. 1103 00:54:27,100 --> 00:54:29,900 I think it's more of like a 30-year problem and when you 1104 00:54:29,908 --> 00:54:33,100 look at it on that time Horizon, there are some really good 1105 00:54:33,100 --> 00:54:36,000 research results that are out for developing post Quantum 1106 00:54:36,000 --> 00:54:40,000 cryptography trailer B has a great guide on our blog called a 1107 00:54:40,008 --> 00:54:41,400 guide to post Quantum cryptography. 1108 00:54:41,600 --> 00:54:44,600 Where we review you'd a lot of the nist candidates for Quantum, 1109 00:54:44,600 --> 00:54:47,100 cryptography and broke down the different categories of 1110 00:54:47,600 --> 00:54:50,100 lattices. I saw Jenny's codes hash 1111 00:54:50,100 --> 00:54:53,000 functions and all the other kind of potential ways to get there. 1112 00:54:53,400 --> 00:54:56,200 So I think that on that kind of time Horizon, cryptography can 1113 00:54:56,200 --> 00:54:59,000 kind of Mosey along and end up giving us a good result and 1114 00:54:59,000 --> 00:55:02,200 prepare us for the future if quantum computers were ever to 1115 00:55:02,200 --> 00:55:03,800 exist. And that's, you know, I'm not 1116 00:55:03,800 --> 00:55:05,800 discounting that's a possibility, but I'm just saying 1117 00:55:05,800 --> 00:55:08,100 that it's hard. So that's, that's definitely not 1118 00:55:08,100 --> 00:55:10,200 what keeps me up at night, honestly. 1119 00:55:10,200 --> 00:55:13,800 Like, I think the outlook for, Contracts is pretty good. 1120 00:55:14,400 --> 00:55:19,000 Like I think that in 2020 we figured out a lot of the things 1121 00:55:19,000 --> 00:55:23,200 that we needed to know to build smart contracts safely, like 1122 00:55:23,200 --> 00:55:25,800 there are tools that are available for people to use. 1123 00:55:25,800 --> 00:55:27,500 There's a process that they can follow. 1124 00:55:27,700 --> 00:55:31,300 There's a lot of lessons learned from other failures and we 1125 00:55:31,300 --> 00:55:34,800 generally know the foot guns that exists inside solidity. 1126 00:55:34,800 --> 00:55:36,300 Even though we'd prefer they weren't there. 1127 00:55:37,100 --> 00:55:40,300 And I think that four teams now that are developing software, 1128 00:55:40,500 --> 00:55:43,100 they have the tools to have the knowledge judge and its 1129 00:55:43,100 --> 00:55:46,400 capability within the realm of capability for them to produce 1130 00:55:46,400 --> 00:55:48,800 secure software. It's just a matter of whether 1131 00:55:48,800 --> 00:55:51,100 they do it or not. So generally, what keeps me up 1132 00:55:51,100 --> 00:55:53,900 at night is that there are people just sling and code that 1133 00:55:53,900 --> 00:55:56,100 there are people that just ignore all these lessons that 1134 00:55:56,100 --> 00:55:58,600 don't do their research that don't use the best tools 1135 00:55:58,600 --> 00:56:00,200 available to them to produce software. 1136 00:56:00,800 --> 00:56:03,600 The adherence that we have two people that use Slither to check 1137 00:56:03,600 --> 00:56:05,400 code before they put it on. The blockchain is still pretty 1138 00:56:05,400 --> 00:56:07,200 low. I don't know exactly what the 1139 00:56:07,200 --> 00:56:10,600 numbers are, but I'm sure it's not 100% and that's a, that's a 1140 00:56:10,600 --> 00:56:14,800 huge problem. There's 90 flaws that slither 1141 00:56:14,800 --> 00:56:17,100 finds that the solidity compiler can't. 1142 00:56:17,400 --> 00:56:19,000 That's kind of what keeps me up at night. 1143 00:56:19,100 --> 00:56:21,200 There's all kinds of new stuff that gets developed like the 1144 00:56:21,200 --> 00:56:23,600 defy space. I'm kind of like, I've learned 1145 00:56:23,600 --> 00:56:27,300 to love the bomb, right? Like, I know that's an immature 1146 00:56:27,300 --> 00:56:29,100 space. I know there's going to be hacks 1147 00:56:29,100 --> 00:56:31,700 and failures and that's what I expect to have happened. 1148 00:56:31,700 --> 00:56:33,300 So when I see it happen, I'm not surprised. 1149 00:56:33,800 --> 00:56:36,200 So I'm comfortable with the fact that we're going to discover 1150 00:56:36,600 --> 00:56:41,100 more potential things that cause issues like like flash loans or 1151 00:56:41,500 --> 00:56:44,100 deflationary. Tokens or people that just don't 1152 00:56:44,100 --> 00:56:47,300 implement, the ear C20 spec properly, and people 1153 00:56:47,300 --> 00:56:49,200 inadvertently, trust them that they do. 1154 00:56:49,600 --> 00:56:52,600 There's a lot of stuff there, I don't know, I'm a little bit 1155 00:56:52,600 --> 00:56:55,300 jaded, so I think I've seen all this stuff before, so it doesn't 1156 00:56:55,300 --> 00:56:57,900 really scare me. I have to be able to sleep easy 1157 00:56:57,900 --> 00:57:00,000 like that. I wouldn't be able to work in 1158 00:57:00,000 --> 00:57:01,900 this field. If I went to bed every night, 1159 00:57:02,100 --> 00:57:03,600 what's the worried about the world being there? 1160 00:57:03,600 --> 00:57:08,300 When I woke up in the morning, Balmy as the space continues to 1161 00:57:08,300 --> 00:57:13,500 grow and more say like real world assets or like 1162 00:57:13,500 --> 00:57:16,100 institutional Finance comes into this space. 1163 00:57:16,900 --> 00:57:20,000 Like, do you think at some point there will be a trade-off where 1164 00:57:20,600 --> 00:57:24,300 we either have to go towards more centralization or more 1165 00:57:24,300 --> 00:57:29,400 white listing or like kind of pull back because you know, if 1166 00:57:29,400 --> 00:57:32,500 just composability just grows exponentially. 1167 00:57:32,500 --> 00:57:35,000 That means also like exponentially more. 1168 00:57:35,100 --> 00:57:38,000 Purity issues and security, vulnerabilities, and 1169 00:57:38,200 --> 00:57:41,600 institutional Finance is not going to want to deal with that. 1170 00:57:41,700 --> 00:57:46,000 So what's the future look like? Yeah. 1171 00:57:46,000 --> 00:57:49,200 So the defy space I think is a really special case, right? 1172 00:57:49,200 --> 00:57:52,000 Where if you want to have some defensively unit of code out 1173 00:57:52,000 --> 00:57:54,700 there, that's capable of remaining safe, despite changes 1174 00:57:54,700 --> 00:57:56,300 to the environment around it forever. 1175 00:57:57,300 --> 00:57:59,600 Then you need a really solid understanding of all the 1176 00:57:59,600 --> 00:58:02,600 economics of that system and all the incentives that people have 1177 00:58:02,600 --> 00:58:05,000 to interact with it and all the safety margins for all the bad 1178 00:58:05,000 --> 00:58:06,300 things that could potentially happen. 1179 00:58:07,100 --> 00:58:09,900 You know, we recognize that. So we partnered with prison 1180 00:58:09,900 --> 00:58:13,300 group, a small team of extremely talented. 1181 00:58:13,300 --> 00:58:18,000 Economists that, Like us used to work professionally with large 1182 00:58:18,200 --> 00:58:21,300 financial institutions and Central Central Banks and that 1183 00:58:21,300 --> 00:58:25,500 sort of thing to offer a combined service offering called 1184 00:58:25,500 --> 00:58:28,800 maenette 360 where we look at things from a combined economic 1185 00:58:28,800 --> 00:58:32,800 and security perspective. What was good in 2019, what? 1186 00:58:32,800 --> 00:58:36,100 What used to pass the bar in 2019 of like, okay, I don't have 1187 00:58:36,100 --> 00:58:37,300 re-entering. See my contracts. 1188 00:58:37,300 --> 00:58:38,700 I can put this thing up on the blockchain. 1189 00:58:39,100 --> 00:58:44,400 That is not the bar in 2020. So like there's a higher 1190 00:58:44,400 --> 00:58:47,300 standard of proof that I think people are going to need as time 1191 00:58:47,300 --> 00:58:49,500 goes on. So we're certainly not done like 1192 00:58:49,500 --> 00:58:52,500 just because I wrote Echidna and Manticore and Slither doesn't 1193 00:58:52,500 --> 00:58:55,100 mean I also security solved and if everybody runs this stuff 1194 00:58:55,100 --> 00:58:56,900 before they put on the blockchain, the totally safe. 1195 00:58:57,100 --> 00:59:01,000 Like there's certainly much farther that we have to go and I 1196 00:59:01,000 --> 00:59:05,800 think having a really solid formal understanding of the 1197 00:59:05,800 --> 00:59:09,000 economic security of your smart contracts is probably the next 1198 00:59:09,000 --> 00:59:11,800 level to that and that's where trilobites is investing. 1199 00:59:12,000 --> 00:59:14,600 A lot of our tool development and a lot of our Partnerships 1200 00:59:14,600 --> 00:59:19,200 and a lot of our own teams kind of internal knowledge transfer 1201 00:59:19,200 --> 00:59:22,300 and learning. So what's the future of software 1202 00:59:22,300 --> 00:59:25,300 security? And you know what role is a i 1203 00:59:25,300 --> 00:59:29,300 play in terms of being able to detect bugs. 1204 00:59:29,300 --> 00:59:32,300 I mean like right now there's like human Auditors but you're 1205 00:59:32,300 --> 00:59:34,700 also relying on a whole lot of tools like we kind of gave this 1206 00:59:34,700 --> 00:59:36,600 analogy to like a spell checker or something like that. 1207 00:59:36,600 --> 00:59:38,200 Right. Like grammarly. 1208 00:59:38,200 --> 00:59:39,900 Right. But the next logical, step would 1209 00:59:39,900 --> 00:59:42,000 be my mind. Be like, let's now build like 1210 00:59:42,000 --> 00:59:44,500 some artificial intelligence that goes in and tries to figure 1211 00:59:44,500 --> 00:59:47,300 things out and perhaps based on in some input or some like that. 1212 00:59:47,300 --> 00:59:49,900 But like what's the future look like? 1213 00:59:50,100 --> 00:59:52,800 Your opinion. Yeah, I don't know AI plays a 1214 00:59:52,808 --> 00:59:55,000 huge role. So a eyes been really cool. 1215 00:59:55,000 --> 00:59:59,500 There's a company of things are called tab 9 that created an AI 1216 00:59:59,500 --> 01:00:03,900 driven software, development tool like an IDE, they took the 1217 01:00:03,900 --> 01:00:07,100 entire universe of source code on GitHub and they trained a 1218 01:00:07,107 --> 01:00:09,300 model around it. And then when you're inside of 1219 01:00:09,300 --> 01:00:12,400 your IDE, you can just type out one word and then press tab a 1220 01:00:12,408 --> 01:00:14,400 lot of times. And when you press tab, a lot of 1221 01:00:14,408 --> 01:00:16,800 times just fills in the code that it thinks you're writing 1222 01:00:17,100 --> 01:00:19,800 based on the model that range from GitHub, which is super 1223 01:00:19,800 --> 01:00:23,400 cool. But for security, you know, a 1224 01:00:23,400 --> 01:00:25,900 lot of what makes the program secure is, an understanding of 1225 01:00:25,900 --> 01:00:29,700 your security properties and the ability of you to test them and 1226 01:00:29,700 --> 01:00:32,000 the tools that you use to do, that aren't probabilistic their 1227 01:00:32,000 --> 01:00:34,100 deterministic, that's what you want. 1228 01:00:34,100 --> 01:00:37,900 I don't want like a model that's kind of fuzzy that like, you 1229 01:00:37,900 --> 01:00:41,400 know, the these guys out on the internet so that it was safe. 1230 01:00:41,400 --> 01:00:43,900 Therefore, it is like, that's not the standard of proof that I 1231 01:00:43,900 --> 01:00:45,400 want. I don't want to train a model to 1232 01:00:45,400 --> 01:00:48,100 tell me that my code is safe knowing that it might be wrong 1233 01:00:48,100 --> 01:00:50,700 or that there might be, you know, things I trained it on 1234 01:00:50,700 --> 01:00:52,500 that are incorrect. Instead. 1235 01:00:52,500 --> 01:00:56,700 What I want is I want like symbolic execution to Fork off 1236 01:00:56,700 --> 01:01:00,000 every potential configuration of every single function in my 1237 01:01:00,000 --> 01:01:03,600 entire smart contract. I'm provided deterministic 1238 01:01:03,600 --> 01:01:06,100 result back to me that it's impossible for me to reach a 1239 01:01:06,107 --> 01:01:11,200 state that I don't want. That's kind of what security 1240 01:01:11,200 --> 01:01:14,100 looks like in the future. You know, we participated in 1241 01:01:14,100 --> 01:01:17,300 this DARPA program that tried to examine the exact same thing. 1242 01:01:17,300 --> 01:01:20,500 Back in, 2014, 15 and 16. It was called the For cyber 1243 01:01:20,500 --> 01:01:23,700 Grand Challenge. The way it worked was I don't 1244 01:01:23,700 --> 01:01:26,700 know if you know the development of computers like deep blue. 1245 01:01:27,400 --> 01:01:30,300 But back in the 60s and 70s, they used to. 1246 01:01:30,300 --> 01:01:32,300 That was the first time that people created robots that would 1247 01:01:32,300 --> 01:01:35,300 play chess my robots computer programs that would play chess 1248 01:01:36,000 --> 01:01:39,100 and the computer programs were just so awful at their jobs that 1249 01:01:39,100 --> 01:01:43,100 they would get creamed with even an amateur chess player and 1250 01:01:43,100 --> 01:01:45,000 there was no way that they would ever win a game. 1251 01:01:45,400 --> 01:01:48,700 So they ended up making a league of only chess-playing robots. 1252 01:01:48,700 --> 01:01:51,800 Where the chest Robots would play against each other where 1253 01:01:51,800 --> 01:01:53,400 they're all, just as dumb as the other one. 1254 01:01:53,900 --> 01:01:56,200 And then, eventually they learned from each other and they 1255 01:01:56,200 --> 01:01:58,400 figured out strategies that worked, and they build up a huge 1256 01:01:58,400 --> 01:02:00,500 repertoire of potential attacks and defenses. 1257 01:02:01,000 --> 01:02:03,500 And then after years of training against each other, they were 1258 01:02:03,500 --> 01:02:06,400 able to play against him. Beat human participants. 1259 01:02:06,700 --> 01:02:08,700 So the DARPA cyber Grand Challenge was supposed to be the 1260 01:02:08,700 --> 01:02:13,100 same thing for computers. It was a league where computers 1261 01:02:13,100 --> 01:02:15,800 could play Capture the Flag, a simulated hacking exercise, 1262 01:02:15,800 --> 01:02:17,900 against each other. And then the winner of that 1263 01:02:17,900 --> 01:02:19,900 competition would play a capture the flag. 1264 01:02:20,100 --> 01:02:22,700 In Defcon CTF, which is the largest Capture the Flag 1265 01:02:22,700 --> 01:02:24,100 Channel. Our most prestigious, let's say 1266 01:02:24,100 --> 01:02:25,600 I capture the flag challenge in the world. 1267 01:02:26,200 --> 01:02:29,300 We put forth a machine to do that, but the kinds of 1268 01:02:29,300 --> 01:02:32,500 advancements that you need to improve software security, tools 1269 01:02:32,500 --> 01:02:37,300 are things like automated crash, triage better program analysis, 1270 01:02:37,300 --> 01:02:39,700 tools that help you understand and model, what a program is 1271 01:02:39,700 --> 01:02:43,000 doing and where data is going, those kinds of things are really 1272 01:02:43,000 --> 01:02:46,900 critical to the future of software security, not so much 1273 01:02:46,900 --> 01:02:49,900 the AI portion. It's not a clean kind of 1274 01:02:50,000 --> 01:02:53,700 Relationship between software security and chess. 1275 01:02:54,100 --> 01:02:57,100 If any of that makes sense. I actually have a great talk 1276 01:02:57,300 --> 01:03:00,300 with smartphones are Revolution where I try to review all the 1277 01:03:00,300 --> 01:03:02,400 research that's been made and the progress that's been made in 1278 01:03:02,408 --> 01:03:05,900 the last 10 years or so at automated program analysis and 1279 01:03:06,400 --> 01:03:08,600 software security. Generally, I think the future 1280 01:03:08,600 --> 01:03:11,300 for this kind of stuff is that a lot of the tools are going to 1281 01:03:11,308 --> 01:03:13,900 get embedded into IDs. Like right now it's a 1282 01:03:13,908 --> 01:03:17,600 specialized task for me to use a program analysis tool. 1283 01:03:17,600 --> 01:03:22,300 Like a symbolic executor Or some other kind of program verifier 1284 01:03:22,300 --> 01:03:25,000 you need a security expert to do it and it's a third-party tool. 1285 01:03:25,000 --> 01:03:27,900 We have to go download it separately, but I think the 1286 01:03:27,900 --> 01:03:30,400 availability of a lot of these tools inside standard 1287 01:03:30,400 --> 01:03:33,500 development tool kits will increase over time, so hopefully 1288 01:03:33,500 --> 01:03:37,300 the bar of knowledge required to use them goes down, more people. 1289 01:03:37,300 --> 01:03:39,600 Take advantage of them and then we end up finding a lot more 1290 01:03:39,600 --> 01:03:41,700 bugs. There's also the potential of 1291 01:03:41,700 --> 01:03:44,300 like using them as Gatekeepers in the talk. 1292 01:03:44,300 --> 01:03:47,200 I talked about things like you know, a lot of people that are 1293 01:03:47,200 --> 01:03:49,700 developing apps today they deploy them to an app store. 1294 01:03:50,000 --> 01:03:52,800 The go out to the IOS app store or the Android App Store and 1295 01:03:52,800 --> 01:03:57,300 there's a really nice point of control where you can use these 1296 01:03:57,300 --> 01:04:00,100 program analysis techniques to ensure that every app that 1297 01:04:00,100 --> 01:04:02,600 everyone has access to meets a minimum bar of safety. 1298 01:04:03,400 --> 01:04:06,700 And I think that the blockchain kind of has a lot of the similar 1299 01:04:06,700 --> 01:04:09,900 characteristics as an App Store where there's probably some 1300 01:04:09,900 --> 01:04:13,100 upfront verification that could happen prior to entry. 1301 01:04:13,100 --> 01:04:16,700 Like are you this tall to board the ride, kind of deal that 1302 01:04:16,700 --> 01:04:17,800 might end up making things safer. 1303 01:04:17,800 --> 01:04:20,400 So that's where I see kind of, you know, maybe the two-year A 1304 01:04:20,408 --> 01:04:23,300 lot of the stuff in two years, there might be a test to see if 1305 01:04:23,300 --> 01:04:25,900 you're tall enough to board the ride to get on. 1306 01:04:26,000 --> 01:04:28,800 Maybe the ethereum blockchain but that might be an anathema to 1307 01:04:28,800 --> 01:04:31,600 a lot of the like cypherpunks out there that really don't want 1308 01:04:31,600 --> 01:04:33,200 to do gatekeeping. Yeah. 1309 01:04:33,200 --> 01:04:35,500 They'll go for kit and take their toys somewhere else. 1310 01:04:35,500 --> 01:04:39,200 And yeah, and then they'll go build their own blockchain and 1311 01:04:39,200 --> 01:04:40,900 we'll start with the same problems all over again. 1312 01:04:42,100 --> 01:04:43,500 Dan, thanks so much for coming on. 1313 01:04:43,700 --> 01:04:46,800 Working people, find you and Reid and we'll link to all of 1314 01:04:46,800 --> 01:04:49,000 these great post you mentioned in the show notes. 1315 01:04:49,000 --> 01:04:51,500 But where would you like some people? 1316 01:04:52,600 --> 01:04:53,700 Sure. Yeah, you can follow me 1317 01:04:53,700 --> 01:04:56,700 personally on Deke. We do that on Twitter. 1318 01:04:57,100 --> 01:04:59,400 You can also get the trail B at drill bits. 1319 01:04:59,700 --> 01:05:02,200 Our blog is exceptional. Are highly recommend is getting 1320 01:05:02,200 --> 01:05:04,200 it. We try to have fun with it. 1321 01:05:04,200 --> 01:05:07,000 Yeah. Blog dot trailer b.com and then 1322 01:05:07,000 --> 01:05:09,400 if you're in the market for building smart contracts you 1323 01:05:09,400 --> 01:05:12,600 should go look up our repository called building secure contracts 1324 01:05:12,900 --> 01:05:15,600 which includes the accumulated lessons learned from all of our 1325 01:05:15,600 --> 01:05:18,500 security reviews and how we recommend clients, build secure 1326 01:05:18,500 --> 01:05:21,300 contracts without us. That's going to walk you through 1327 01:05:21,300 --> 01:05:24,600 all of our Tools a lot of our guidance checklists, tips and 1328 01:05:24,600 --> 01:05:26,100 tricks. All that good stuff is right 1329 01:05:26,100 --> 01:05:28,000 there. Awesome, thanks. 1330 01:05:28,600 --> 01:05:29,800 Thanks a lot. Thanks for having me. 1331 01:05:32,300 --> 01:05:35,100 It doesn't end here there's much more of this conversation and 1332 01:05:35,100 --> 01:05:38,000 you can hear it by signing up for epicenter premium as a 1333 01:05:38,000 --> 01:05:41,500 premium subscriber, you'll get access to a private RSS feed 1334 01:05:41,500 --> 01:05:44,100 where you can hear the interview debrief which goes on for an 1335 01:05:44,100 --> 01:05:47,100 extra 20 minutes. You'll also get exclusive access 1336 01:05:47,100 --> 01:05:50,200 to Round Table conversations with epicenter hosts and bonus 1337 01:05:50,200 --> 01:05:52,000 content. You won't hear anywhere else. 1338 01:05:52,200 --> 01:05:56,000 Go to epicenter dot rocks / premium to join the community 1339 01:05:56,100 --> 01:05:57,300 and support the podcast.