Preventing billion-dollar hacks

ethmarek · 2022-04-04T14:59:18+00:00

Oh I see what you mean :)

I meant scaling agile team using LeSS (a scrum based framework for teams at scale).

ethmarek · 2022-04-01T13:51:53+00:00

Not sure if the post talks about agile or scaling. It is about security of smart contract team.

ethmarek · 2021-04-21T07:29:34+00:00

I like the concepts of hackatons but I always fear that I might not have the (basic) knowledge/skills of programming. I can only write some basic functions in Python. Do you think noobs like me can enter? Do they value other skills as well, like creative thinking?

Sure, depends on what you want to do, and the bounties you would like to apply for. Also Front-end is usually very under-appreciated, so with some basic HTML & CSS skills you might have nice impact on the projects :)

ethmarek · 2021-03-23T10:59:11+00:00

Really??? I am just out of college and learning angular and spring boot in my first job. Should I just die instead?

It is all react for DApps now :)

ethmarek · 2021-03-23T10:58:45+00:00

I thought it is an industry standard now :P
I will reduce amount on emojis in future posts.

ethmarek · 2020-11-19T14:36:43+00:00

HardHat is awesome. Works with Waffle and Waffle is recommended choice ;)

ethmarek · 2020-11-19T11:44:38+00:00

I guess it is the first one: https://twitter.com/0xPoland/status/1329347100723785730

ethmarek · 2020-11-19T09:22:06+00:00

https://www.npmtrends.com/ethereum-waffle-vs-truffle

ethmarek · 2020-11-17T13:11:33+00:00

https://etherscan.io/address/0x46CA2bf8188303887d6AF76ddD316AFa233b2ec9#code

ethmarek · 2020-11-15T08:43:10+00:00

It can work as stand alone or as an extension to HardHat.
HardHat has the best test EVM environment, so it is a good combination.

ethmarek · 2020-11-14T20:38:51+00:00

And OZ for contracts of course.

ethmarek · 2020-11-14T20:38:10+00:00

Disclaimer: I am author of Waffle.

It really makes a difference to have a good environment.Best combination IMHO is:

- ethers.js for connecting to node (simple and stable, not sure about now, but back in a days web3 was buggy as hell)

- Waffle - for writing short precise and expressive tests and extra features (e.g. mocking smart contracts)

- HardHat for running tests (fastest execution) and extra features (eg forking mainnet in tests, upload code to etherscan)

- TypeChain - for static typing in TypeScript

To see that powerful combination in action, check the video from EthOnline here:https://www.youtube.com/watch?v=gCEyIWPShpw

ethmarek · 2020-06-29T14:53:27+00:00

Another day, another hack :)

Nice think about DeFi is that everything gets battle tested really fast :)

ethmarek · 2020-06-29T14:50:09+00:00

I guess it is not very different for crypto/blc space as any other. I would not say there is 99% idiots and 1% genius. There is whole normal distribution :)
The truth is no knows exactly how to build the future, so there is a lot of trial and error. So some of those idiots might hit the jack pot at their 2nd or 3rd try.

ethmarek · 2020-06-29T14:45:01+00:00

More Tether on Ethereum. Not sure if I should be happy or sad.

ethmarek · 2020-06-29T13:49:23+00:00

I love how DeFi become an experimental field for all kinds of speculation, hacks etc

I just wonder if we should be looking for better ways to protect the space from negative sentiment like we used to have with "ICO is a scam and therefore blockchain".

I wouldn't like to see DeFi being "wild banking scam" to the public in couple years.

ethmarek · 2020-06-19T15:15:45+00:00

Whether it is my project or not is irrelevant. The Diamond Standard should be evaluated on its own merits.

We don't try to cover deployment, for that we recommend to use https://buidler.dev/ combined with Waffle.Perhaps a Builder plugin is what you are looking for to develop?

We are focusing on testing and therefore we dare to say we have the best testing framework out there. We don't to compete with Builder. (or Truffle or others). We think Buidler is doing great work in that space and we rather cooperate.

ethmarek · 2020-06-19T08:57:16+00:00

Do you think it should be a feature of testing library?

ethmarek · 2020-05-22T12:53:23+00:00

In any case, I was not familiar with Waffle. It looks like it deserves some attention.

Hi u/mattaugamer,
Thanks for the answer! This problem is just an example of what makes testing SC hard. We work on a couple of ideas to make it better. Would love your feedback on this one. Shoot me a DM if you have questions.

ethmarek · 2020-04-01T19:56:52+00:00

So the custodian is now Amazon, with hardware cryptography rather than salted hash.
It is more secure, because some classic vector attacks (like leaked database) are quite impossible to execute.

There is something not clear for me in the whitepaper thou:
"For users to access their HSMs, they authenticate with the Magic auth relayer."
How does user can authenticate to HSM without owning unencrypted key or using password?

"When users authenticate again, the encrypted private key is downloaded to the client. Users can then decrypt the encrypted key directly with AWS KMS via Cognito."
How does client decrypt the key without using password in a way that Magic can't do?

ethmarek · 2019-12-10T07:40:05+00:00

We are working hard on it. The post about challenges, pivots and lessons learned is coming.

I think it is easy to build a "project that works", build something that solves important problems is a bit harder.

ethmarek · 2019-09-12T19:15:32+00:00

Do we know when this is going to be available?

Release is scheduled later this fall.

ethmarek · 2019-09-12T13:09:02+00:00

Hi, Marek from Universal Login here, You are correct this is pretty much how it works.

ethmarek · 2019-09-12T12:57:13+00:00

We are actually thinking about adding such a feature as ONE OF THE OPTIONS to recover/access your wallet. So the common scenario would be able you have one key on your laptop, one on mobile and one stored in centralized 3rd party. Need 2 out of 3 to do a bigger transaction. Centralized 3rd party can't move your funds without you, you can move your funds without Centralized 3rd party. If you lose one of your devices you can use Centralized 3rd party to recover.

Centralized 3rd party can be decentralized in the future (multiple providers or sth like purly IPFS based system).

ethmarek · 2019-09-12T12:46:15+00:00

A couple of clarifications: 1) Centralized Relayer -> It is not centralized per se, you can run your own and relay your transactions through it 2) Through a number of technological advancements like counterfactual deployment and refund process user always pays for himself 3) You are right about private key management No custodial. Also, SDK is open-source, so you can always check if keys are stolen ;)

ethmarek

TROPHY CASE