Liquid Stake with compassSOL for an 7.50% APY from staking, MEV + fees

Enjoy the freedom of liquid staking in Solana Defi while delegating your stake to the high performance Solana Compass validator. Stake or unstake at any time here, or with a Jupiter swap.

Benefit from our high staking returns and over 2 years experience operating a Solana validator, and receive additional yield from priority fees + MEV tips

Earn 6.8% APY staking with Solana Compass

Help decentralize and secure the Solana network delegating your stake to us and earn an impressive 6.8% APY yield on your SOL, while supporting us to create new guides and tools. Learn more

Stake your SOL

  1. Click to connect your wallet
  2. Enter the amount you wish to stake
  3. Kick back and enjoy your returns
  4. Unstake from your wallet or our staking dashboard

Earn 6.8% APY staking with Solana Compass

Help decentralize and secure the Solana network delegating your stake to us and earn an impressive 6.8% APY yield on your SOL, while supporting us to create new guides and tools.

Learn more

Breakpoint 2023: Auditor's Panel

Published on 2023-11-09

Insights from leading blockchain auditors on the importance of security in the Solana ecosystem.

The notes below are AI generated and may not be 100% accurate. Watch the video to be sure!

Summary

The Breakpoint 2023 conference brought together a panel of esteemed blockchain auditors who discussed the paramount importance of security auditing in the blockchain ecosystem, particularly within Solana. This panel included insights from Adam Hrazdira of Ackee Blockchain, Peter Cielas from Halborn, Robert Chen of OtterSec, Robert Reith from Neodyme, and Jack from Sec3. These experts delved deep into why auditing is crucial for the safety of decentralized ecosystems, the tools that assist auditors, the collaborative process between developers and auditors, and the exciting potential of AI and machine learning in this domain.

Key Points:

The Necessity of Auditing in Blockchain Security

Through the dialogue, it became clear that auditing is an indispensable part of ensuring the security and integrity of blockchain applications. Auditing acts as a safety net that supplements the use of security tools. Despite the array of tools available to detect vulnerabilities, the panelists emphasized the need for robust manual reviews and one-on-one collaboration with developers to ensure that no stone goes unturned in the pursuit of securing programs.

The Toolbox for Auditors

Auditors utilize a variety of tools to aid in their work, ranging from simple linting programs to compiler messages and more sophisticated scanning and fuzzing tools. These instruments help provide preliminary checks, warning auditors about potential problematic areas that could lead to vulnerabilities. The discussion highlighted the need for high-quality tools to support auditors, including the development of frameworks that streamline processes like fuzzing for developers.

Partnership Between Developers and Auditors

A key takeaway from the panel was the necessity for a collaborative approach between developers and auditors. Developers should come prepared with thorough unit tests and have a robust understanding of their code before approaching auditors. This upfront work helps facilitate the auditing process and enhances program security. The panelists also suggested that developers ensure their code is well-documented and readable to simplify the audit process.

AI and Machine Learning in Security Auditing

Machine learning and artificial intelligence (AI) were presented as promising technologies in the auditing space. However, the panelists also cautioned that while these tools have potential, they require vast amounts of data and may not yet replace the human elements of auditing. They called for responsible usage of AI and highlighted the need for high-quality training datasets to ensure effectiveness.

Post-Launch Security Considerations

Post-launch, continuous monitoring is essential. Watchtower products can alert developers of unusual patterns in smart contract interactions, indicating potential malicious activity. This proactive monitoring can complement the pre-launch preparation and auditing process in maintaining the security of programs.

Facts + Figures

  • Auditing is essential for the safety and total value locked (TVL) in blockchain ecosystems.
  • Manual audits are necessary despite the existence of security tools, as some aspects of security require expert judgment.
  • Developers should write comprehensive unit tests and prepare their code before contacting auditors.
  • Auditors employ a range of tools, including linting programs, compilers, and fuzzers.
  • Effective code documentation and readable code can facilitate the auditing process.
  • The use of AI and machine learning in auditing is growing, with an emphasis on providing good data to train models.
  • Post-launch security tools such as Watchtower can monitor smart contracts for abnormal interactions.

Top quotes

  • "It's important to have someone have another look at your code to basically verify that everything that you have done works correctly."
  • "The correct way to think about auditing is as they pass. They hopefully will find most of the bugs."
  • "Using anchor correctly... you can put insecurity right from the beginning, essentially."
  • "Every contract should be open source."

Questions Answered

What is the role of auditing in blockchain security?

Auditing is fundamental to blockchain security, serving as an extra layer of verification that works alongside security tools to protect blockchain programs. Auditors employ manual and automated practices to scrutinize code, catch potential vulnerabilities, and help developers reinforce their programs against threats.

What tools do auditors use when examining blockchain code?

Auditors have access to a suite of tools that include linters, compilers, scanner programs, and fuzzers. These help them to scan for vulnerabilities, correct code, and rigorously test smart contracts to prevent security breaches.

How do developers and auditors collaborate?

Developers and auditors collaborate in a partnership where developers should first thoroughly test and review their code to ensure a baseline level of quality. Auditors then assist by bringing a fresh perspective, identifying overlooked vulnerabilities, and proposing solutions to strengthen security.

Can AI replace human auditors in blockchain security?

AI has not yet reached a stage where it can replace human auditors in blockchain security. While AI and machine learning technologies offer promise and can assist with some tasks like identifying patterns, intricate knowledge and understanding of code and vulnerabilities still require human insight.

Is open sourcing contracts important in blockchain security?

Open sourcing contracts is considered very important in the blockchain community as it allows for transparency, peer reviews, and community involvement, contributing greatly to the overall security of the blockchain ecosystem.

Related Content

Breakpoint 2023: tBTC comes to Solana

Discussions on the integration of tBTC, a decentralized Bitcoin, into the Solana ecosystem.

Breakpoint 2023: When Are You Going to Get Serious About Security?

A compelling call for developers to prioritize security in the Web3 ecosystem.

Breakpoint 2023: Finding Utility for NFTs

An in-depth look into the expanding utility and application of NFTs in Web3.

Breakpoint 2023: Gaming in Web3 Panel

Leaders in the Web3 gaming space discuss the challenges and opportunities within the industry.

Breakpoint 2023: Stablecoin Panel

Experts from the stablecoin sector discuss the future of money, cryptocurrency interoperability, and regulations.

Breakpoint 2023 Recap - Day 1

Breakpoint 2023 commences with the live launch of Firedancer on testnet.

Breakpoint 2023: Youth in Web3

Exploring the journey, challenges, and advice of young professionals in the Web3 ecosystem.

Breakpoint 2023: Building a Creator Community

Industry experts discuss empowerment and innovation in the NFT creator community.

Breakpoint 2023: Journey to Becoming a Validator

Explore the intriguing world of blockchain validation and the journey of becoming a validator on Solana's network.

Breakpoint 2023: Securing FireDancer

FireDancer's security enhancements and strategies presented at Breakpoint 2023

Breakpoint 2023: Building Blocks of a Regenerative Economy

An insightful discussion on blockchain's role in establishing a regenerative economy.

Breakpoint 2023: How Helium Migrated to Solana

The migration of the Helium network to Solana blockchain.

Breakpoint 2023: Star Atlas Session

A visionary presentation on Star Atlas's intersection of gaming and blockchain on the Solana platform.

Breakpoint 2023: NFT Past & The Future

Max Zhuang, CEO of Sniper Labs, discusses the evolution of NFTs and Sniper's role in the growing market.

Breakpoint 2023: OpenBook v2

Rebuilding Decentralized Finance Post-FTX Crisis: The Launch of OpenBook v2