Dedaub at DeFi Security Summit 2024

DSS 2024 | Dedaub is sponsoring the DeFi Security Summit 2024 in Bangkok, Nov 7-9! 🎉 We're contributing to sessions on secure development and using LLMs for smart contract analysis. Follow @summit_defi for the latest updates.

Dedaub is proud to sponsor the DeFi Security Summit (DSS) 2024, which will be held from November 7th to 9th in Bangkok. The summit aims to enhance the security of smart contracts in decentralized finance. This sponsorship reflects our commitment to bolstering Web3 by elevating blockchain security standards and promoting collaboration within the ecosystem.

In the 2024 edition, we’re contributing to two key sessions:

1. SEAL Panel: “Safer Development: Don’t Get Rekt”

This panel will cover best practices for secure development, with insights from top security leaders. Gain practical strategies to avoid common pitfalls in smart contract development.

2. “Smart Contracts to Embeddings: Using Off-the-Shelf LLMs for Fun and Profit”

Dedaub will demonstrate how Large Language Models (LLMs) can improve smart contract analysis, providing developers with new tools to understand and enhance contract security.

DSS 2024 | About DeFi Security Summit

The DeFi Security Summit (DSS) is an annual, marketing-free event dedicated to advancing the security of decentralized finance (DeFi) applications and blockchain-based technology. Inspired by renowned security conferences like CCC and Defcon, DSS is a platform for white-hat hackers, protocol builders, security researchers, and tool providers to collaborate and share insights. The summit focuses on education, technical advancements, and best practices to secure blockchain applications’ on-chain and off-chain components. DSS 2024 will be the third edition, building on the success of previous years. For more info, visit https://defisecuritysummit.org/.

About Dedaub 

Dedaub is a pioneer in Smart Contract security technology and auditing. We blend cutting-edge program analysis with real-world white-hat hacking. As a founding collaborator of the SEAL 911 initiative, we contribute to emergency response frameworks within the blockchain ecosystem. Trusted by leading protocols, Dedaub is the security partner for Oasis Protocol Sapphire and collaborates with the Chainlink BUILD program. Our role on the ZKSync Security Council and as a security advisor to Arbitrum DAO emphasizes our commitment to safeguarding major Web3 projects.

DEDAUB Supports Privacy4Web3 Hackathon 

Privacy4Web3 Hackathon

The Privacy4Web3 Hackathon, supported by Oasis Network, is an excellent opportunity for developers to use privacy-centric technologies while innovating in Web3. This edition, also known as Hackathon Oasis Network, has a prize pool of $130,000, with contributions from industry players, including Dedaub.

Developers can utilize Oasis’ confidential EVM, Sapphire, and the newly launched Runtime Off-chain Logic (ROFL) framework. ROFL enables off-chain components to interact with the on-chain domain, expanding Sapphire’s capabilities and creating new possibilities for composability. Learn more 

Key Dates

  • Submission Period: September 19 – November 1
  • Judging Period: November 1 – November 10
  • Winner Announcement: November 12

Privacy4Web3 Hackathon | About Dedaub’s Role and Contribution

As a sponsor of the Privacy4Web3 Hackathon, Dedaub is offering $10,000 in audit credits to winning projects that utilize Sapphire and ROFL (Runtime Off-Chain Logic). By offering audit credits, Dedaub wants to emphasize the importance of security when starting new projects.

“Our work with Oasis Network reflects our commitment to Web3 security. We want to ensure developers building privacy-preserving solutions have the right tools and guidance to secure their smart contracts.” Neville Grech, Co-Founder, Dedaub,

Dedaub aims to enhance Web3 safety by employing advanced technology, conducting comprehensive audits, and providing extended security solutions. We have conducted over 200 audits for leading Web3 protocols, securing billions in Total Value Locked (TVL), partnering with industry leaders such as the Ethereum Foundation, EigenLayer, and Liquity. As a part of our commitment, we offer guidance as security advisors for various projects and initiatives. 

Dedaub is a security partner of Oasis Protocol Sapphire, a founding collaborator of Seal 911, and a participant in the Chainlink Build Program. Additionally, we are a member of the zkSync Security Council and serve as a security advisor for the Arbitrium DAO.

Privacy4Web3 Hackathon | About Oasis

Oasis is home to Sapphire, the world’s first confidential EVM network. It also boasts the Oasis Privacy Layer (OPL), a cross-chain privacy solution that any EVM dApp can use. Oasis also has ROFL, a framework that supports off-chain components to runtimes like Oasis Sapphire. 

Oasis is a layer-one blockchain built to support confidential applications at scale. This is done with a unique layered architecture that presents the optimal building and execution environment for DeFi, AI, RWAs, Gaming, NFTs, DAO governance, and more. Learn more

Privacy4Web3 Hackathon | Ocean Protocol

Ocean Protocol was created to democratize data access and ensure fair and secure sharing in the New Data Economy. Its tools enable seamless trading of tokenized data assets and data management throughout the AI model life cycle. Ocean Protocol is also a founding member of the Artificial Superintelligence Alliance. Learn more.

Dedaub coordinated the Secureum RACE-32

Smart contracts are the underpinning of blockchain technology, and they present unique security challenges. To address this, platforms like Secureum have emerged, focusing on training researchers and developers to navigate and mitigate security risks, and we at Dedaub decided we wanted to partner Secureum in this mission.

Why we support the Secureum RACE

We decided to be part of the Secureum RACE because we believe hands-on challenges are the best way to learn. Security isn’t something you can fully grasp from reading papers or attending lectures—you need to get your hands dirty, confront real-world vulnerabilities, and think like an attacker.

The security of smart contracts is challenging due to the inability to modify the code once it goes live. This makes it extremely difficult to fix bugs or vulnerabilities. It’s even more complex, because contracts frequently interact with other contracts and different platforms, which adds even more complexity and multiplies the risk factor.

Secureum platform empowers researchers and developers to help improve their technical skills for what is needed in the challenge to secure Web3 technologies. 

As the designer of RACE-32, we have the privilege of observing Web3 researchers and developers navigate complex security issues that mirror real-world vulnerabilities in Ethereum smart contracts. This allows us to witness firsthand and see how they apply their knowledge to devise creative and effective solutions.

As well as this, we see how researchers and developers grow in their ability to identify risks and exploit weaknesses, both of which are critical  for the security of the Web3 ecosystem.

Why the RACEs are important 

The Secureum RACE aims to create a community of researchers and developers who think critically about security. It’s an opportunity to expand their skills and immerse themselves in the world of Web3 security.

By addressing actual vulnerabilities in smart contracts, participants acquire necessary technical knowledge and develop the mindset to safeguard decentralized applications in real-world scenarios. 

“RACEs are hands-on, immersive, and, frankly, a bit relentless—just like the threats we’re up against.” Yannis Smaragdakis, Dedaub Co-funder 

Designing the RACE-32

We wanted much more than your standard easily graded competition, so we created the Secureum RACE 32 to be an educational challenge. Our main aim, therefore, was to encourage participants to delve deeply into complex smart contract security issues. With this in mind, The RACE is designed to create an experience that participants can refer to for a long time rather than single out the top performers based on scores.

Even though the time constraint made it challenging to understand the depth of the questions thoroughly, we stressed that the competition aims at learning and gaining insights. We urged participants not to feel disheartened if their scores hadn’t met their own high expectations. Instead, we praised some participants for putting together the solutions, pointing out that this would make the RACE a valuable educational resource beyond just the competition.

This focus on education shows Dedaub’s commitment to helping the smart contract developer community grow. This is the backbone of Dedaub’s mantra as our co-founders both have strong academic backgrounds and always value teaching and sharing knowledge. With this in mind, one of the company’s core values is to empower the next generation by educating and supporting future blockchain security experts and help them reach their full potential. 

With challenges like Secureum RACE 32, we create real-world learning opportunities that give researchers and developers practical skills and deeper understanding. Our aim is to help them succeed in the Web3 space.

What is Secureum?

Secureum is a portmanteau of “Security” and “Ethereum” and their focus is safeguarding the Ethereum ecosystem through expert training and challenges. It’s an extensive educational platform that focuses on Ethereum smart contract security, providing a variety of resources and training programs. These include:

Secureum RACEs: Interactive quizzes that assess participants’ understanding of smart contract vulnerabilities. These quizzes are part of Secureum’s efforts to enhance practical security skills.

Community and Events: Secureum hosts events like TrustX to advance the Ethereum security ecosystem.

In summary, Secureum is committed to educating and preparing individuals for roles in Ethereum security through structured learning and practical challenges. Learn more 

Dedaub Named Member of ZKsync Security Council

We’re thrilled to announce that Dedaub is now a member of the ZKsync Security Council. We’re grateful for the community’s recognition of our efforts to play an active role in securing and maintaining the integrity of the Web3 space.

What is the ZKsync Security Council?

The ZKsync Security Council is a governance body tasked with safeguarding the security of the ZKsync protocol (ZKsync ERA, ZK Chains, and other components of ZKsync). Comprised of at least nine technical experts, the council has the authority to perform both standard and emergency actions to address security threats. Members are Signers of a multisig wallet, giving them the power to execute critical decisions that protect the protocol. Read more

Emergency Responses

The Security Council can freeze the ZKsync protocol in response to security threats, such as critical bugs or exploits. A Soft Freeze lasts for 12 hours and requires approval from three Security Council Members. A Hard Freeze lasts for seven days and requires approval from nine Security Council members. 

An Emergency Upgrade can be implemented during a freeze to address the threat. Any Security Council Member may initiate an Emergency Upgrade without the approval of the Token Assembly.

Why Dedaub Was Selected

Dedaub was selected for the ZKsync Security Council because of its extensive expertise in smart contract security. The company has successfully completed over 200 security audits, conducted impact studies for the Ethereum Foundation, and developed innovative security Web3 technologies as part of its security suite.  

The Dedaub team boasts exceptional academic credentials, with most members holding relevant PhDs, providing a solid foundation for our rigorous approach to Web3 security. ZKsync Security Council is one of many entities that trust Dedaub to increase its security expertise for its initiatives. Dedaub is also a founding member of the Security Alliance (SEAL), Arbitrum DAO Security Advisor, Oasis, and Chainlink Security Partners.

The Importance of Being Part of the ZKsync Security Council

Dedaub’s role in the ZKsync Security Council is actively protecting the ZKsync protocol. We our commitment to enhancing smart contract security and building trust in decentralized platforms and ZK rollups. 

Dedaub has invested heavily in preparing for ZK technologies and sponsored the House of ZK event in Brussels, which featured discussions on Zero Knowledge technology and networking opportunities. Neville Grech, Dedaub’s co-founder, participated in a panel on “Trustless Interoperability Using ZK,” along with other industry experts.

Strengthening Legal Protections for White Hat Hackers

White Hat Hackers in the Crosshair

As a white hat hacker and educator, I’ve seen first hand how legal frameworks can fail to protect those who devote their lives to secure software systems.

A case that strikes close to home is a case involving a couple of my University students, who were arrested and were now summoned in court for responsibly disclosing a vulnerability, in Malta. A copy of the leaked vulnerability disclosure email is available here. Two of the students, Michael Debono and Giorgio Grigolo, were subsequently hired by Dedaub. We also extended financial aid to cover part of their legal fees. The arrests occurred after they found and exposed a security flaw in Malta’s largest student application and suggested a bug bounty. This incident shows how the law can treat these good-faith efforts no differently from malicious hacking.

In addition to these students, Mark Vella, a Professor who’s coincidentally a colleague of mine at the University of Malta, is also being charged as an accomplice.

The leaked list of charges (translated into English) includes very serious accusations, so let’s look at a couple of these and try to understand the absurdity of why these were levied. In doing so, I’m keeping in mind transcripts of their interrogation questions and emails that were exchanged.

Accusation leviedLikely reason why
1,2, 5 – 7: Unauthorized access to a computer, remotely, and copying part of its data.As part of the responsible disclosure, the students allegedly included a screenshot demonstrating the issue (via a curl command).
9, 10: Intent to make an illicit gain, financial or otherwise.The students, in their bug report, suggest that they would be eligible for a bug bounty.
9: Forcing the “victim” (the author of the software) to do (or omit) some action.The students kindly asked for promotion of their CTF team.
8: With respect to Vella (University Professor) – having prepared the rest of the accused to commit crimes.Allegedly, their Professor saw the email exchange and advised them to make some changes to the wording of their responsible disclosure.

Another interesting thing that struck me is that during the interrogation of Vella, the interrogator seemed to be toying with the idea of presenting him as a head of this (criminal) organization, with the students acting in his direction, which is obviously absurd.

Implications of this case

This case highlights the significant risks that white hat hackers face, particularly under outdated and rigid cybercrime laws. While the situation has been prominently demonstrated in Malta, it serves as a broader warning that such challenges could arise elsewhere. Malta’s cybercrime regulations, particularly Article 337C, are largely modeled after the Computer Misuse Act 1990 (CMA) from England and Wales. The CMA has not only shaped Maltese law but also influenced legislation in many Commonwealth countries, such as Australia’s Crimes Legislation Amendment Act 2001. Similarly, while the Computer Fraud and Abuse Act (CFAA) in the United States predates the CMA, it has been updated to include provisions strikingly similar to those in the CMA.

The crux of the problem in Malta stems from an excessively strict interpretation of these laws by the Attorney General. This rigid enforcement fails to account for the differences between malicious actors and ethical hackers, leaving well-intentioned individuals vulnerable to prosecution. But why should white hat hackers be penalized due to outdated laws and overly strict interpretations?

One potential solution is the implementation of Safe Harbor frameworks, such as the one proposed by the Security Alliance (SEAL), a leading security coalition in the Web3 space, of which we (Dedaub) are a founding member. The Safe Harbor framework provides legal protection to ethical hackers who responsibly disclose vulnerabilities. While it may not be a perfect solution, Safe Harbor offers a starting point for updating Malta’s outdated cybercrime legislation, aligning it more closely with the realities of modern cybersecurity.

The allegations against white hat hackers like Debono and his peers should serve as a wake-up call for lawmakers. It’s crucial that legislators rethink their approach to cybersecurity and ensure that ethical hackers—those acting in good faith to safeguard digital systems—are protected from prosecution.

Coincidental Visit of Malta’s Prime Minister

Finally, the story ends with a silver lining. The charges we discussed in this article were (ironically) served to the students at almost the same time that the Prime Minister and the Minister of the Economy came to the Dedaub offices. There, the students, as well as myself, had the opportunity to exchange views on the topic. The Ministers vowed to help and to set up better legal frameworks so as to avoid cases like this in the future. The Ministers clearly understood that the activities of white hat hackers are beneficial to society. I sincerely hope we will see more progressive legal changes that protect and promote the activities of white hat hackers over the next few months.

Dedaub at SPLASH 2024 

Dedaub at SPLASH 2024 

Dedaub is proud to sponsor the SPLASH 2024 conference, helping unite top thinkers in software, programming languages, and systems. We support the community’s advancement of computer science, extending beyond our Web3 security work. 

The Doctoral Symposium, where mid-stage doctoral students receive vital research guidance, aligns with our academic roots. Led by university professors, our team is a powerhouse of expertise, with most members holding PhDs. We believe advanced knowledge is vital to delivering exceptional solutions and are excited to foster future tech leaders.

“SPLASH 2024 is where ideas meet action. At Dedaub, we push boundaries—whether in blockchain security or academic thought. By backing SPLASH 2024 , we’re investing in the minds that will define our industry. It’s about innovation, integrity, and preparing the next generation to lead.” Yannis Smaragdakis, Co-founder of Dedaub

Dedaub’s co-founders and senior researchers will attend, supporting open dialogue and contributing to the development of innovative solutions for technology’s future.

Sponsoring SPLASH 2024 emphasizes our commitment to expanding knowledge and empowering the next generation of technology leaders. We see this conference as a platform for pushing the boundaries of blockchain and smart contract security while nurturing emerging talents.

For those attending SPLASH 2024, we look forward to engaging with you, exchanging ideas, and exploring the future of programming together.

About SPLASH 2024

SPLASH (ACM SIGPLAN International Conference on Systems, Programming, Languages, and Applications: Software for Humanity) covers various software creation and delivery aspects. It’s a leading conference at the crossroads of programming languages and software engineering. SPLASH 2024 will feature the co-located OOPSLA, Onward!, SAS, GPCE, and SLE conferences, as well as SPLASH-E and other engaging workshops and events. 
SPLASH 2024 will bring together researchers and practitioners worldwide to explore the latest advancements and trends in software and programming languages. We are excited to be part of this dynamic event and to contribute to the ongoing dialogue on shaping the future of software development. Learn more.

SEAL 911: A Few Lessons from the Frontlines 

SEAL 911

Today, I’d like to share my personal experience as a member of SEAL 911, the emergency hotline that assists Web3 projects in protecting their assets in case of hacks or malicious attacks.

I’ve been part of SEAL 911 since October 2023 and I witnessed:

  • Numerous vulnerability disclosures.
  • War rooms were set up to prevent the exploitation of live vulnerabilities or help protocols that were actively being exploited.
  • Many cases where individuals’ funds were stolen either because of investment scams, phishing attacks, or even drainer malware.

I had the opportunity to see many of the industry’s top security experts in action and gain useful insights. 

Aside from addressing code vulnerabilities, SEAL 911 can also provide significant assistance in the area of on-chain forensics. Although this requires considerable time and effort, members of SEAL have been able to track the movement of stolen funds and provide victims with helpful information to report to law enforcement authorities. By effectively coordinating with authorities, the victim can often freeze stolen funds and even identify the perpetrators of the malicious activities.

With the increase in cryptocurrency capitalization, bad actors will continue attempting to steal funds from users by exploiting code vulnerabilities, stealing users’ wallet information, or even tricking users into sending the funds themselves.  This poses a threat to the security of De.FI. As we have seen repeatedly, the most vulnerable group is non-tech-savvy regular users, so it is important to spread good operational security (op-sec) practices and fundamental cryptocurrency knowledge to the public. 

What is Security Alliance (SEAL)

Security Alliance (SEAL), established with the support of blockchain innovators, has rapidly become a key asset of Web3 security. Before its public debut on February 14, 2024, SEAL connected users, developers, and experts to offer free Web3 simulation exercises.

Seal’s goal is to improve the security of the blockchain and cryptocurrency system by supporting security researchers and removing barriers that could prevent them from taking immediate action to safeguard protocols. The initial members include security teams at Paradigm, a16z crypto, and Dedaub, who have played a key role in significant recovery efforts. Seal’s programs include rapid response, legal assistance, and developer security training.

The Security Alliance (SEAL) offers several initiatives to enhance security. These include SEAL 911, a 24/7 emergency response hotline, and SEAL Wargames team exercises designed to identify and address vulnerabilities. Additionally, the Whitehat Safe Harbor Agreement provides legal protection for white-hat hackers participating in fund rescues, and the Legal Defense Fund supports researchers dealing with legal challenges. SEAL operates as a US 501(c)(3) nonprofit organization with the mission to protect the decentralized internet. For more information, please visit the Security Alliance.

What is SEAL 911?

SEAL 911 is a 24/7 emergency hotline for incident response, vulnerability disclosures, and other security issues in blockchain and crypto. It provides immediate assistance to address security threats quickly, ensuring expert help is available to mitigate risks and prevent damage.  

  • Collaborative Defense: Working quickly with platform teams to temporarily pause contracts that have been hacked, when applicable.
  • Evolving Threats: Growing sophistication in cyberattacks requiring advanced strategies.
  • Rapid Response: Speed and coordination prevent losses and restore confidence.

What Are the SEAL Wargames?

SEAL conducts SEAL Wargames and red team exercises to help developers prepare for security incidents. These simulated attacks help identify weaknesses and improve defense strategies. Many developers have never experienced the high-intensity environment of a security incident before. It can be challenging to stay focused and productive when every second could potentially mean millions of additional dollars lost to attackers. The SEAL Chaos Team provides projects with the resources and training to respond to the worst-case scenarios.

Each wargame consists of two phases:

1. A tabletop exercise in which the Chaos Team presents hypothetical attack scenarios to project developers and notes potential weaknesses.

2. A simulated attack in which the Chaos Team exploits a vulnerability on a test network and challenges the project developers to set up an incident war room, triage the exploit, and remediate the situation.

Yannis Smaragdakis and I from the Dedaub Security search team are currently active members of SEAL 911.

Conclusion

As a member of SEAL 911, I have seen firsthand how critical our role is in securing the Web3 ecosystem. The collaborative efforts and rapid response capabilities we’ve developed are essential in combating the evolving threats in the crypto space. Working with some of the brightest minds in the field has been invaluable, and I’m proud to contribute to a safer, more resilient blockchain community.

Key Updates and New Features in Dedaub Security Suite

Dedaub Security Suite is renowned for its powerful EVM bytecode decompiler, which users have hailed as the best in the industry. Just as a quick sample of how much it’s appreciated, one testimonial reads, “I love the Dedaub decompiler—No other tool even comes close to what Dedaub has created.” The Dedaub Security Suite is a collection of web3 security technology tools, with the decompiler being the most popular in the community. In this blog post, we share our suite’s latest milestones, new features, and platform improvements.

Enhanced EVM bytecode Decompiler Insights

Our decompiler now extracts additional information about high-level storage and memory structures, such as mappings, arrays, and structs. This enhancement provides deeper insights into your contract’s storage and memory, enabling a more thorough analysis and understanding of on-chain bytecode.

Expanding Our Chain Support

We’re proud to announce the recent addition of Binance (@BNBCHAIN), Blast (@blast-l2), and Polygon (@0xPolygon) to our Dedaub Security Suite, which now fully supports eight major EVM chains. 

Our ongoing expansion aims to provide a comprehensive security technology solution for all EVM-compatible ecosystems, ensuring your projects remain secure across multiple platforms.

Advanced Pre-Deployment Analysis

Our platform now includes enhanced analysis capabilities, particularly for pre-deployment “Projects.” This feature enables precise fuzzing of undeployed contracts, which significantly improves our static analysis engine. 

These improvements drastically reduce analysis timeouts without compromising precision and completeness, ensuring faster and more accurate results. Learn more.

EVM Bytecode Decompiler

On-Demand Analysis with GPT Integration

Dedaub Security Suite now offers on-demand analysis of project contracts using GPT technology. Leveraging advanced GPT prompts, our platform provides detailed insights that complement our traditional static analyses. This feature helps uncover hidden issues and suggests improvements, presenting findings succinctly with inline code snippets for easy inspection. Learn more.

Customizable On-Chain Transaction Monitoring

Our customizable blockchain monitoring solution utilizes an enhanced PostgreSQL database to detect on-chain activities, establish periodic executions, and create custom alerts. For instance, you can set up a monitoring agent to identify large fund transfers to or from a yield farming vault. Learn more.

EVM Bytecode Decompiler

Create Your Free Account and Access the Dedaub Decompiler

Sticking to our mission, “… to ensure the integrity of the blockchain ecosystem by transforming complex smart contracts into clear, secure, and reliable systems,” Dedaub is committed to contributing to web3 security by offering the entire community free access to our advanced technology. Create your free account today and access the powerful Dedaub decompiler. 

Ethdenver 2024 | Dedaub Showcases Its Web3 Security Technology

Dedaub is excited to participate in ETHDenver 2024. During the conference, Dedaub will showcase its advanced security technology solutions. Its team will members discuss the safety of Web3 applications, build partnerships, and share insights to enhance security standards within the Web3 ecosystem.

Visit Dedaub at Booth #251 in Devtopia at ETHDenver 2024!

Dedaub’s booth, #251, is in the vibrant Devtopia space. We invite technology enthusiasts to visit and attend one of the Suite demos, where we’ll explore the cutting-edge capabilities of static analysis, formal verification, Monitoring, and Alerting service.

In the demo, you will have the opportunity to learn about our tools that utilize formal analysis and statistical learning to examine possible states and paths of Smart Contracts, efficiently identifying vulnerabilities. Additionally, you will see how our customizable agents can provide essential insights into on-chain activities. Check out the Demo calendar on our Dedaub booth playbook.

Moreover, it is an excellent opportunity to interact with our team and discover how we can safeguard your Web3 projects.

Ethdenver 2024 | Dedaub

Spotlight | Dedaub Talk

One of the main events during Dedaub’s participation at ETHDenver 2024 will be a talk by co-founder Yannis Smaragdakis, a respected authority on blockchain security. The presentation is scheduled for February 29, 2024, at 4:25 PM: “All Your Contract Are Belong to Us: Analyzing All Deployed SCs”

Every time there is a need to analyze a large number of Smart Contracts, Dedaub is the default partner–in war rooms, Ethereum Foundation impact studies, and widespread bugs.

Dedaub has built on its leading EVM decompiler to produce technology for querying all EVM smart contracts ever deployed. The talk will go over cool recent cases:

  • Solidity compiler bug: “most deployed contract addresses contain mostly junk code!”
  • Helping the Ethereum Foundation study EVM changes
  • Ecosystem-level threats: use in major “war rooms,” e.g., ThirdWeb vulnerability.

About @EthereumDenver 2024

ETHDenver 2024, known as the Year of the SporkWhale, will occur in Denver from February 23 to March 3, 2024. It aims to turn the city into a hub for blockchain innovation. ETHDenver is a community-owned innovation festival powered by SporkDAO that offers a variety of activities, including workshops, technical presentations, bootcamps, and networking parties. Learn more.

Dedaub Celebrates Seal’s Public Debut and the Launch of the Safe Harbor Initiative

As a founding collaborator of the Security Alliance (SEAL), Dedaub celebrates SEAL’s public debut, a significant milestone in crypto security. The alliance consists of more than 50 Web3 and cybersecurity organizations. Its goal is to strengthen the security of the cryptocurrency ecosystem. Before its public debut, SEAL connected users, developers, and experts and offered free Web3 simulation exercises.

Seal's Public Debut |

SEAL’s dedication to setting high-security benchmarks within the crypto ecosystem aligns with our core capabilities. Dedaub is bringing to the table world-leading technologies and expertise in static and dynamic program analysis, reverse engineering, and ethical hacking. In the context of SEAL, we can contribute to developing more robust defense mechanisms against threats and ensure the blockchain ecosystem’s safety.

Dedaub supports the Whitehat Safe Harbor initiative and SEAL proactivity. This empowers ethical hackers to use cutting-edge tools like MEV bots to monitor and safeguard projects easily. The goal is to respond to challenges and incidents like the Nomad bridge hack.

Dedaub is proud to be part of SEAL, driving towards a more secure decentralized future.

Seal’s Public Debut | The security culture

By its very nature, the crypto market fosters a rigorous security culture. Its foundation on blockchain technology—a bastion of decentralized security—demands constant vigilance and innovation from its participants. It encourages the development of sophisticated security measures designed to protect against a wide range of threats.

Crypto security constantly changes and adapts to meet the challenges of advanced threats. Its strength relies on its community’sdge and expertise, including developers, researchers, and users, who work together to protect the infrastructure. Their collective efforts safeguard the system, embodying the core values that make Web3 a unique, resilient, and ever-growing reality.

Seal’s Public Debut | The security researchers’ playground

Crypto offers an exciting platform for security researchers, including those from web2 backgrounds, due to its complex challenges, high stakes, and the immediate impact of their work. This field merges theoretical knowledge with practical application, creating a rich environment for problem-solving.

Collaborating with SEAL through initiatives like SEAL Drills allows researchers to contribute while expanding their skill set significantly. These drills offer hands-on experience in real-world scenarios, enhancing their technical skills and understanding of blockchain intricacies. SEAL Drills prepare them to face formidable challenges and fosters a collaborative learning atmosphere with seasoned experts, making an ideal space for deploying and honing their security skills.

The collective and hands-on approach is crucial, especially when considering the advanced tools at our disposal, such as MEV bots, and the legal complexities surrounding their use.

Seal’s Public Debut | The Impact of MEV Bots under the Safe Harbor Agreement

The Whitehat Safe Harbor Agreement that SEAL promotes provides a legal framework for ethical hackers to conduct emergency rescues, primarily using MEV bots. This allows the community to monitor suspicious activities and take protection actions (when a protocol is under attack) without facing legal consequences.

The open and decentralized nature of cryptocurrency, which includes public code and lack of gatekeepers, makes it susceptible to hacking attempts. Therefore, it is important that security researchers are incentivized to protect it as much as attackers are motivated to steal funds.

In the past, many developers and security researchers were discouraged from assisting due to legal ambiguity with their employers. SEAL is promoting this initiative following its community members who regretted that more people would help if a legal framework existed.

Dedaub is committed to SEAL’s mission to protect decentralization and urges the community to join the cause.

About Security Alliance (SEAL)

Security Alliance (SEAL), established with the support of blockchain innovators, has quickly become a cornerstone in the advancement of Web3 security. This alliance represents a collaborative effort among premier experts, from audit firms to ethical hackers. It is dedicated to pushing the security boundaries in the Web3 space. As one of its founding members, Dedaub has been at the forefront of this initiative, driven by a mutual commitment to bolster Web3 security.

SEAL operates as a US 501(c)(3) nonprofit organization with the mission to protect the decentralized internet. Bringing together a diverse group of security experts—including auditors, bug bounty hunters, foundation security leaders, security researchers, and ethical hackers—marks a significant step in social coordination across different web3/crypto ecosystem sectors.

The alliance innovates with several key initiatives in the crypto ecosystem’s security framework. SEAL911 and SEAL Drills, for instance, are designed to provide immediate assistance and training against security threats, showcasing SEAL’s proactive approach to community support.

Additionally, the Safe Harbor Agreement for Whitehats, spearheaded by SEAL, emphasizes the alliance’s forward-thinking strategy to prepare for and mitigate future security threats. This agreement lays down a legal framework enabling ethical hackers to contribute to the crypto ecosystem’s security without fearing legal repercussions.

We invite the community to engage and provide feedback on the Whitehat Safe Harbor Agreement proposal hosted on Github. We welcome your insights until Pi Day, March 14, 2024.