Space Summary
The Twitter Space Andromeda and Sherlock: ADO Audit Discussion hosted by AndromedaProt. The ADO Audit Discussion by Andromeda Labs delved into the realm of DeFi and development agencies, emphasizing the importance of cross-chain composability, ADO audits for security, and the efficiency of on-chain Operating Systems. This enlightening discussion showcased Andromeda Labs' commitment to enhancing user experiences and shaping future strategies for development agencies, making waves in the DeFi landscape.
For more spaces, visit the DeFi page.
Space Statistics
For more stats visit the full Live report
Questions
Q: How does cross-chain composability benefit blockchain interoperability?
A: Cross-chain compatibility allows assets to move seamlessly across different blockchains, fostering greater connectivity and flexibility in the DeFi space.
Q: Why are ADO audits crucial for decentralized finance projects?
A: ADO audits provide a layer of trust, transparency, and security by thoroughly reviewing smart contracts, code, and project implementations.
Q: What sets on-chain Operating Systems apart in the DeFi landscape?
A: On-chain Operating Systems offer real-time processing, better security, and increased automation, improving overall DeFi project performance.
Q: How does Andromeda Labs aim to enhance user experience in blockchain technologies?
A: Andromeda Labs focuses on creating user-friendly interfaces, efficient processes, and seamless interactions to streamline blockchain operations for users.
Q: In what ways can ADO discussions impact the strategies of development agencies?
A: ADO discussions provide insights into best practices, security measures, and innovation trends that development agencies can leverage to enhance their projects and offerings.
Highlights
Time: 00:15:42
Cross-Chain Composability Advantages Exploring how cross-chain composability revolutionizes blockchain connectivity and interoperability.
Time: 00:28:19
Importance of ADO Audits Understanding the crucial role ADO audits play in ensuring trust and security in DeFi projects.
Time: 00:41:55
Efficiency in On-Chain Operating Systems Highlighting the need for speed, reliability, and efficiency in on-chain Operating Systems for DeFi applications.
Key Takeaways
- The significance of cross-chain composability in enhancing blockchain interoperability.
- The role of ADO audits in ensuring security and reliability in decentralized finance.
- Importance of speed and efficiency in on-chain Operating Systems for DeFi projects.
- Andromeda Labs' innovative approach to creating a better user experience in the blockchain space.
- The impact of ADO discussions on shaping future development agency strategies.
Behind the Mic
Introduction and Welcome
Hello. Hello, everyone. Welcome. Hey, loud and clear. Sounds good. Thank you. Yellow lizard. Let us know if you can speak. Good morning. Good morning, everyone. We're just waiting for a few more people to come in. Hello. Hey, we can hear you loud and clear. Thank you. How you doing? Ardmi? Yeah, doing great. How are you doing? I'm doing well. Doing well. Thank you. Yeah. I think we'll wait just maybe a couple minutes, and we'll join from our official Sherlock account. That sounds good. We'll. We'll hang tight here for a little bit. Yeah. It.
Briefing Newcomers
For all our newcomers. Welcome in. We are just waiting for our other speakers to join, and we'll get started soon. Yep, I think we've joined beautiful. Yeah, we just invited you guys to speak. All right. Hello to all our newcomers. We are just getting our speaker set up, and we're gonna get started here in a minute. All right? Mike check from Sherlock. Yeah, would you just me speaking so generally? Yeah, sounds good. Awareness and all of this stuff. Yeah. And is Jack joining us, or should we get started? No, only me. Okay. All right, all right, all right. Let's get this thing started.
Discussion on Security Partnership
Hello, and welcome today's spaces. As you know, I'm Angela Brazington from andromeda, and I'll be your host for today's discussion about our partnership with Sherlock and how we're ensuring the highest levels of security for developers and users on AOS. We have some great speakers joining us today who will share insights into the work being done to secure Andromeda's ecosystem. And before we dive into today's topics, let me introduce them. First, we have Connor Barr, a core contributor at Andromeda who's been instrumental in our technical growth and development. Welcome, Connor. Hey, guys. How's everyone doing? Good, good. And next, we're also joined by artemy from Sherlock, one of our leading security audit partners. Welcome, Artemiy. Yeah, yeah. Hello. Hello, everyone. Excited to be here.
Topics of Discussion
Thanks. So today we'll be covering the security, the role Sherlock plays in auditing our platform, and how this partnership benefits our developers and our users. We'll also leave time at the end for any questions, so feel free to get those ready. Everyone here on this call recognizes the importance of security in blockchain development. With Andromeda rapidly growing, it's crucial that we keep our ecosystem secure for developers and users alike. Security isn't just a feature. It's foundational to, and that's why this partnership with Sherlock is so important to us. So let's talk about how the partnership came about to kick things off.
The Origins of the Partnership
As I mentioned, security has always been a top priority. And as our platform has evolved and continues to evolve, we recognize the need for a partner who could bring deep expertise in blockchain security audits. And Sherlock was a perfect fit. Their meticulous approach to identifying vulnerabilities and their experience with l one s made them an obvious.
Goals of the Partnership
So the goals we have for this partnership are also pretty clear. We want to create a secure environment for developers building on AOS. And by working with Sherlock, we're not just plugging holes, we're proactively securing the platform to provide peace of mind for everyone using it. This partnership also aligns with our broader vision of making AOS the go to platform for safe and innovative blockchain development. Connor, do you want to add anything onto that? No, I think you kind of hit the nail on the head. I definitely think. I'll probably talk to this later. Sherlock's approach to owning is definitely niche and I think kind of generates fantastic findings and very secure results. Thank you. Thank you. Sorry, I got lost there for a minute. From Sherlock, who can walk us through the audit process that they conducted for our validator and vesting ados.
Overview of Sherlock and the Audit Process
Yeah, sure, yeah. So for everyone. My name is Artemiy, I'm doing BD at Sherlock, and I was helping Andrea. Basically, Sherlock and I were helping Andremeter during the contest to give a quick overview about the Sherlock. And what's that? So, basically, Sherlock is one of the leading Oticon desk providers. We've done more than 200 order contests in two years for the teams, like, of course, Andromeda make it out GMX, optimism and a bunch of others. And essentially what we're doing, we are combining the best of the two worlds. On the first hand. On the one hand, we have the 300 order contest participants. On average, on each contest, it really depends on the code base of the contest, but on average, you have a lot of eyes on your codebase. These are like the security experts with different experience, knowledge, and they're trying to submit different bugs during the fixed period of the time, and they only get paid if they find anything, actually.
Structure of the Audit
And on other hand, we have a reserved model. On each contest. We have Alizani Watson, who is joining and leading basically the. And also we reserved several people in Andromeda. For example, we reserved J four X as a reserved auditor because he had the relevant experience. And the lead senior Watson on Andromeda audit was like Bintu chan, who is one of the greatest security researchers on Sherlock and he's a lead senior. Watson. Yeah, this is like a general overview of how Sherlock works. Happy to. But yeah, if you want to add something here, we'd love to hear. Thanks, that sounds great. Conor, did you want to add anything specifically about the work with the ideas? Yes, I think we're going to go a bit in depth later, but the concept of having so many eyes and especially some very experienced people looking at it, generated some great findings on the conversations which anyone can go and view on the GitHub.
Impact of Audits on Developers
We're very in depth and we're very broad as well. Yeah, cool. Thank you. Thank you for this word. Yeah, yeah. So as we mentioned earlier, these audits are crucial for the developers building it on Aos. One of the biggest benefits for our developer community is that they no longer have to worry about building security from scratch. By using pre audited ados, developers can reduce their security burden significantly. And I think that's a really huge point for anybody coming in that's trying to build something new. Another key advantage of these ados is their modularity. Developers can quickly and confidently integrate audited components into their projects without needing to reinvent the wheel. And this approach speeds up development time. While also.
Developer Feedback and Adjustments
Connor, could you share a bit about the developer feedback we've received and how the security audits are impacting their projects? Sure. A lot of the feedback we got in relation to the audit was actually, it was very well scoped. One of the great things that I noticed during this audit is that the auditors realized the use case of what the code was intended to do, because it's not a single chain contract, it's a multi chain. And one of the things that they pointed out was that especially the staking AdO can actually be different depending on the staking parameters on each chain. This allowed us to essentially adjust one of our contracts to be a lot more flexible and avoid any issues. We wouldn't run into any issues no matter what. Awesome. Very cool. So Artemiy, is there anything more that you would like to add on the specifics of the work that you did here?
Details of the Audit Experience
Yeah, sure. So basically, just to give a quick overview on the audits, basically we started, I think they audit in June. So original setup was like, we have some contest participants and we'll reserve Bintochean as lit senior Watson, who's one of the experienced security researchers in Sherlock, as I said. Also we'll g four X and we'll have others, I think for the whole duration of the contest, the audit went pretty smooth. So basically, overall, in the end, 16 valid issues, 15 mediums and one high, which is actually great results and high severity bug was found by the Bintu chan and by Gladon, which is also like the top. What's on Sherlock? It was quite unique bug and I think it has not been found in the previous audits of Ado, which is great.
Conclusion on the Audit Process
And I'm really glad I that Sherlock's approach, helping protocol teams to define more, find most sophisticated vulnerabilities and be completely prepared for the main ads, because sometimes you can do several audits, but you're not still sure if the code base is safe. And when you're doing this, several traditional audits and then doing an audit contest and this approach actually with every team who's choosing with Sherlock, it's been super efficient basically. And I think overall it was highly valuable. It was first Cosmos audit, official Cosmos audit on Sherlock, but not the first one for the Watsons, of course, on Sherlock, because we have a big community around six, I think, hundred security researchers and they have different experience and for them, it was not the first Cosmos audit, but the Sherlock as a platform.
Closing Thoughts on the Audit Experience
It was the first Cosmos audit and it went super well in my opinion. Hope you guys enjoyed it too.
Support for Future Developments
I hope that we can also support like Andrew Meta's new future development soon. Basically. One also important point now for the developers who is building on top of Andromeda, all the bags that have been found are public you. So you can shock yourself, any vulnerability that have been found. And actually it's really useful to do so, because when you will develop on top of this ado contract, you can just have this acknowledgement of the backstage, potentially be there and not making these mistakes anymore. So this is also a great benefit of doing the order, Charlotte, that all the things on our platform is super transparent.
Auditing Perspectives
Go ahead, jump in for a sec. Yeah, sure. I think the point you made about having so many auditors is a great point. Whenever you're developing things, sometimes you get very locked in your approach to how you're developing it. And a lot of the times the major issues come from not considering another perspective. And even if you go to a standard auditing firm, sometimes they'll only have a few auditors on it and they may get into a similar situation where they're looking at it in one, you know, from one perspective, having so many people kind of take a look at this code gives a lot of different perspectives and a lot of different ways to think of how this stuff could be broken. And it was great reading through the findings with some of the auditors and the lead discussing kind of some of the points that were made and whether or not they considered them valid or whether or not there were issues at all.
Value of Multiple Perspectives
So I think that's. That's a fantastic point, is that having so many eyes on the code gives a lot of different perspectives and finds, you know, a lot of issues that wouldn't be found otherwise. Yeah, yeah, I completely agree. So, in your case, I think it was pretty smooth. So, basically lit senior Watson and, you know, the guys who scored I first three places, they're basically very reserved and, you know, they're well known auditors, so. But also, like, other bugs were submitted by some. Just a lot of other Qantas participants, which is great. But sometimes we had cases where, you know, number one, security researchers who scored the first place in the leaderboard was just some random security researcher. He just decided that he wants to participate, and he found more than anyone else, and it's really a great benefit of the contest approach.
The Shift in Security Protocols
And, yeah, I agree. I think now security in general and every protocols move into this audits and the security approach, where you need to do several traditional audits in the first time, because this is just easier. You can work directly with the team during the audit. Right. You don't need to answer, like, more questions, basically from different watsons, and you can work really smoothly during the process, but you have this limitations of the acknowledgement of the security researchers who's auditing your code base in the traditional audit, and it's just maybe two or three people. So in most of the cases, it's. Right. And the best approach that we see now from the. Almost every team in this space is that they're doing several traditional audit, maybe one or two, and then they're doing a contest, and in this case, it's almost like a 99% chance that you will cover everything in your code base.
Audience Engagement
So, yeah, I. Phenomenal. That's really great point to bring up, Connor, and great way to look at these things, Sherlock and Artemiy. So I want to take a pause and see if we have any questions from the audience. I think we'll have more listeners later, but in the meantime, if anyone here would like to raise your hand, please do so now. Bring us your questions. If you have any questions about the partnership between Andromeda and raise your hand, drop a question in the comments, or if you just want to come say hi, we're here to answer anything you guys want to know, whether it's about the technical side of things the developer benefits or the future of Andromeda security benefits, security efforts and Sherlock, thank you so much.
Understanding Audit Processes
It's really great to kind of hear and understand from a deeper point of view what goes on right behind the scenes of an audit and what that does for our developers, for our users, for our platform. Really, really great. Is there anything that we didn't cover yet that you guys would like to add about the work that's been done? I'd like to complement the UI that you guys put together. I've been through a few audits now, and I have to say using that UI made things substantially simpler from a management perspective and also tracking the issues and what the fixes were. So, yeah, big props there.
Updates on Judging and Development
Yeah, thank you. I think we just recently, like a month ago, released a new judging system. So basically it's no escalations anymore and the judging process will be even more faster for the next audit contest. So the whole period of the audit will take less time. So, which is also like a recent update, but I think, yeah, thank you for this word. I think, for example, if you will have the next development updates also, one more cool thing of the order contest that we can do, an update order contest is basically we just add in new smart contracts to the contract that we already audited, and you can have the same people who already looked at the codebase and scored top places.
Engagement and Future Developments
You can see it. You can invite them to participate in the new update contest, which is also great. And yeah, I think for the general Andromeda ecosystem, yeah, I would love to support the new future developments with that also. Likewise, likewise. And I just wanted to add Mant, who's on this call, and that was Edith Denver, that more eyes on the audit in an open source environment is a perfect fit for the Andromeda business model. I just wanted to shout that out because it very much does fit in line with who Andromeda is and what our core ethos is from the start.
Looking Forward
So. Very well said, mant. Yeah. I'm curious to know, guys, about your next plans, like what's next for Andromeda? Yeah, what are the next exciting things that we're going to see? We have a lot in work. I'm going to let Connor speak to the more technical stuff. We did just launch our ambassador program last week, so we're excited for the community to get more involved and more engaged and really play a bigger part in the future of Andromeda.
Technical Advances
Connor, what would you like to add from your end? Yeah, so the biggest thing on our plate pretty near future, we've been working on fully enabling IBC. Our copious has IPC functionality, but it's currently disabled because we found some potential security issues. So we've been kind of working through that. We're also dealing with kind of older versions of cosmosm. Anyone who's a smart contract developer knows that dealing with IBC and Cosmosm is not the easiest thing, at least in terms of a generic approach. They've been taking steps to remedy that in more recent versions, like with 2.0 and 2.1 bringing in ADR eight.
Future Solutions and Demos
So we've been trying to figure out a solution, essentially, that works with any chain, because not every chain has these new versions. So we're hoping to launch that pretty soon. After that, we're going to look at different methods of automation, and we're hoping to put together a very nice demo for you guys that can demonstrate.
Introduction and Invitation
Got it. That's super cool. I also wanted to invite Mant up to speak. I saw you raised your hand. I wasn't sure if that was before or after, but I just got the request, and you have the floor. Thanks. Hello, everyone. So this question of what's next? So back to this business model of Andromeda. The Andromeda business model is to. I think that we can hear you. You cannot hear me. I can. I can hear you, man. Okay, maybe it's on my side. Sorry, Angela, you can hear me too? Yes, I can hear you. So I guess the question. We'll replay it back for you after Mance gets his answer out.
Community Development Model
Yeah, so the idea here is our business model is create a community of what you know, when you look at the electric capital report of developers, they break it down into full time, part time, and one time developers. We're looking to build a community of open source developers and really redefine the full time, part time, one time developer community. Turn it into an open source community that develops using Aos on any chain to build ados and apps and be rewarded for that. So the idea here, which is the perfect fit here for Sherlock, is that the larger our community grows on any chain, it full time, part time, or what we call open source, eventually evolving to open source, is that more and more developers build quickly cross chain using IBC, like Conor mentioned, to build ados and apps.
Open Source Initiative
And what's happening right now is we're working on a developer community program to build more of those open source developers and focus them on specific projects so that using our hacker board concept, we can take a project called a real world Asset Tokenization project, which could be for five categories of that. We'll start off early with just one and then have several different categories of build this open source community, come in here and help us build this to create and enable ados that can be plugged into anything, cross change. But, you know, starting first on maybe three to five different projects that have the interoperability to be. To be mismatched. That's probably the wrong way to say it. Aggregated in different ways, like Lego blocks build it in different ways across chain to do different types of projects.
Key Fundamental Projects
So start off with some key fundamental projects that are now adaptable into many other projects. Although the key there for sure, lock, is if we are able to create this in such a way that more developers are coming in, that gives us more audit opportunities for Sherlock to be able to put more eyes on auditing opportunities to create these ados or apps quicker, if that makes sense, or. Could you hear me? Yeah, yeah, I can hear you. Yeah, I think it's super interesting idea and I really. So it's my, you know, I'm really excited when the protocols that we've audited, when one of the main goals in Sherlock originally was basically the same.
Engaging Security Researchers
So we wanted to attract a lot of security researchers, developers, and just a lot of people to the code base. And they can see it, they can take a look at the code base. And we had cases where someone just ordered the protocol or participated in the contest, and he said, okay, that's a cool thing. I want to build on top of this. And, you know, he or she joined the ecosystem and started building projects there. So, yeah, I think it's definitely a great. And I would love to discuss it further. The thing that we like, and Connor touched on that early on in his comments, is having as many auditors with as many eyes on, I'm gonna call it the product, whatever that product is.
Incentivizing Auditors
What we want to do is incentivize those auditors with the great ideas about, oh, I see. How this works is to build their own, not just do the auditing process, but also get involved with our hacker board project or our hacker board, but also these other projects to make that even better. So we think Sherlock is really the beginning or could be a beginning of this larger open source community that maybe in the end, and I'm speaking theoretically, I'm predicting the future, which I know better than to do, but I'm going to throw my arm in there at it, is that maybe the Sherlock model is the beginning of this open source community that is able to not only do development, but a piece of that open source community is also doing auditing.
Collaborative Ecosystem
So Sherlock plays a key position. There is that maybe there's a community around the Sherlock world that maybe some normal Sherlock auditors are doing audits while some other folks that also are associated with Sherlock are doing development and then their colleagues are auditing and it's a back and forth kind of set up. Does that make sense? Yeah, I think that completely makes sense. And I really love this idea. Basically, we already thought about this in some way, like doing like a hackathons or the audio and plus hackathons to involve not just only security researchers but also developers to the ecosystem, because it's definitely one of the actual good points about Sherlock that you have a lot of eyes and as you mentioned, you can also involve these guys to the ecosystem.
Community Engagement and Future Prospects
So, yeah, I think it definitely makes sense. And I would love, you know, to basically to do everything on my side to be this audit for the Ado, just the first step in the future, you know, negotiations. Excellent. Excellent is right. I love the sounds of that. My brain is spinning. So we'll be in touch on that. If anybody has any hands to raise questions to ask, please, some thanks and recap for us. So I just wanted to thank everyone who joined us here in the audience, as well as a special thanks to rt me from Sherlock and Connor, our core contributor, for sharing your insights and really getting deeper into what goes on with the audit process.
Conclusion and Future Focus
And to recap, today we discussed how our partnership with Sherlock is enhancing the security of aos, especially through the audits of our staking, investing, Ados and more in the future. These audits are critical in ensuring that developers building on our platform can do so securely and efficiently. And as we look ahead, we'll continue to focus on security as a core priority. And you can expect more audits, more security partnerships and of course, a continued commitment to creating a safe environment for developers and users. And be sure to follow Andromeda and Sherlock on Twitter or X if you're an Xer, for updates on new audits, development milestones and more opportunities to engage with our community.
Community Involvement and Closing Remarks
If you are in our community already, I hope you are joining our ambassador program and climbing the ranks there. Reach out to us if you have any questions on that. And of course, check out the link tree in our bio. Join our ambassador program, build on aos, get active, drink water, GM. And that's all I have. A great day, everyone. Thank you everyone.
