Freemium 2.0

September 22, 2022


Read more

Capital Constipation

September 19, 2022


Read more

Political Tail Risk

September 06, 2022


Read more

Tightening Effects

August 29, 2022


Read more

digital
daily

digital daily: Code Audits

Code Audits: For builders, smart contract vulnerabilities lurk like something just outside peripheral vision. A sense of danger you can't quite grasp. Engineers dream of hackers draining their protocols, ruining a year's work in seconds. On a decentralized blockchain, code is locked as it is deployed. It can't change. That immutability creates our most valuable commodity – trust. But any errors are also permanent. Auditors are one solution. They are hackers-for-hire that perform the humbling work of exposing your failures, helping you address them while they are small. A formal audit starts by freezing your code. A team of experienced hands attack from every angle using custom-built power tools, probing for weakness. Guided by history, they perform the role of applied archivists, cataloging public attacks and rerunning them against client code. They also explore new territories. Vulnerabilities are relayed privately as the two teams collaborate to review, repair, and retest. When the work is done, a public audit report is often published to give users confidence that the system is hardened. A single audit typically takes 6-8 weeks, and many protocols hire several audit teams hoping independence will strengthen the analysis. It may be costly, but less so than a hack. However, audited protocols can still be vulnerable. Expert eyes help to reduce the left tail, but they can never eliminate it. Risk is part of the process. Audits give us enough peace to rest and dream up the financial infrastructure of the future. But the monsters under the bed are real. In 24/7/365 markets run by autonomous global computers, monsters typically strike while you sleep. Sweet dreams.

BACK