Defisafety: Quality Audits on Smart Contracts in the Ethereum Community With Rex Hygate
I actually started looking at three right after the Dow which was really cool. But and I just looked and then in early twenty, eighteen, some People from consensus reached out to me, and we were chatting about unrelated things. But they said if I wanted to do something I should go to Hath on. So I went to at Denver in two, thousand, eighteen and there I meant Bryant and we started secure dot org which was focused on software process. Documentation for making. blockchain software because we saw a lot of similarity some an aerospace guy. We saw a lot of similarities between aerospace and we started focusing on that. and. That went through twenty eighteen and then kind of fizzled crypto winter and such, and then defy safety. Dot Com is a covid inspired business because I got. Finished with my day job and suddenly had a whole bunch of time and. I wanted to see how I could contribute in. In blockchain as it was coming up and I'm not really a financial guy, I'm not a coder. So I took the roots of. The. Concept of secure breath looking at the the the testing process in the coating process and the documentation process and from that I came up with. The idea of defy. Safety. Score through a device safety audit and I invented the process and in July we went live and I think we've got twenty three audits completed now. What's in these audits? Can you tell us so? The audits are a sequence off questions in four sections. I look at the executing code, the code on the blockchain, and it's things like is the code there can people see the addresses and I only look at publicly available? On its publicly available information. So information on the website on the get hub medium articles but stuff that. A user can easily find if So I. DON'T I try not to look at private stuff and then it's is the code being used as it verified does it match what's in the Software repository is a software repository healthy that's one section. And then encodes in documentation rather it's like. Is there a white paper? Are the requirements documented like have? They said this is what the thing does it a separate document other than the code. And does the requirements or that that documentation fully relate to the code? And then is sufficiently detailed in in comments in the code and is possible the. Aerospace real aerospace like thing. Can you trace from the software from the requirements to the code and to the test like did they put it traceability and that's something that I would say most people don't do yet. And then I have a set of questions for testing and a set of questions for arts. and. And who's the main audience for both like consuming these things as well as going out in like purchasing these things. So, the main audience are users of defiant products and it gives a level of trustworthiness of the code and down in one number percentage and a color red yellow green. So. That's my main target market. So that people have an idea of whether or not you should trust A. Particular application are they being public? Are they showing their? all the information that a normal. As during product would show. and. The obvious question here, which I would ask if I was listening to this or thinking about getting one is, what's the turnaround price of something like this like what was as a user? If I, if I care about our project I, don't understand. Potentially due diligence, but I'd like someone to help me do it. And I want to maybe invest I would like some stronger confidence interval. On something like that like. How soon, I'm going to be able to get that if I come to you and how much it cost is it worth it for me to do that if I'm going to invest in something. So we're still we've only been doing this for two months. So wouldn't say we've got a real market price. It will be under five. K.. And generally results can be done in about a week. Depending on how many people in what I'm working on at the time big. Roughly, so it's a relatively quick process and it's not a an awful lot of money in order to be able to go through the whole process and what comes out is a report. Detailed report looking at each one and then You know you can for a developer wants to improve. You can sit back and talk about it and and. Often there's very simple ways to improve. Sometimes if you're looking at adding documentation to your code, it's we'll take a real investment in.