HandyCon 2025 | Day 1 - The Upgrade Trap: How to Stay Ahead of Risky Contract Changes - YouTube

Transcript:
(00:01) [Music] [Applause] hey Margie great to see you again to see you oh my gosh I'm so happy to be back to this event yeah we miss everybody like everybody likes we had fun in the last handy couple handy cons and some auctions enry here okay okay I'll start my session can share your do you have slides or you don't need me right I have I do have a slide but I'm just I'm not sure how do I use I think there's a share button I think I need to um put in the content link is that like oh there should be a
(00:47) button that share on the bottom row next to like microphone cam can you see it or no I see your screen it looks super zoomed in on Google it looks like a CH I see something like making me sign into my Google account right is that or huh I think there's some like not sure can somebody fix the ratio that's all good for me somebody say all good for me okay maybe just roll it I'm getting a tie pop up I mean I'm in tie internet but I I I know what you mean like maybe I'm not logged into this on Google that's weird
(01:25) okay okay everybody says they're okay so okay awesome I'll be on call if you need me Warg but I might disappear Okay cool so we are a so after bit me I joined fand it's a web 3 security company which does 247 unchain penetration testing to detect alert and defend against involving threats and as many of you may know that there are so many security incidents happening right now like for example the bit exploit so security has been more and more important than ever so I'll just start by using a little bit of the background
(02:09) smart contract attacks have already led to 100 million plus loss in 2024 and you may have this question like I thought I had audits but why do I still get hacked and the reason is because there new vulnerability can be introduced by state change and the reason that causes State change include user transaction contract upgrades external cost from other contracts reentrancy governance actions token transfers and failed or reverted transactions Etc so if you only do auditing or buck Bounty then there is a lack of protection because you wouldn't
(02:52) be able to know when new vulnerability appear or when Attack start and then when you are in informed it is often too late and the forks won't patch so the question is can smart contract be analyzed or audited on chain 24/7 the the answer is yes that's why we're here we automate audit with Dynamic analysis on chain so one of the product is called EDS it is a snapshot based fuzzing um it is the only solution that support onchain fuzzing to to detect real world vulnerabilities and it is only the only
(03:34) solution that detect cross contract vulnerabilities as well so our fence highlight is the 247 penetration testing so in addition to static audit we do 247 pin testing vulnerability findings and realtime notifications we continuously analyze the smart contracts post deployment to find new vulnerabilities in order to prevent attacks from happening so we found a 250k exploit found in a leading defi lending protocol and then we also at Chan show you can find him on Twitter he stopped a 2.8 million hack targeting Alliance
(04:22) block and if you visit our website f. you can find an article about how we have saved 2 .8 million from hackers so if we work together we will provide you a weekly pentesting security report we will review your security posture identify and summarize risks and the report will look something like this it will include key findings summaries in graph weekly summary critical findings and they're very very clear for you to see and involve it will include key security map complete call graphs and real time testing status so um we can also track
(05:07) realtime status of all your onchain contracts with our product which is called Blaze plus and so this is us we are trusted by 1kx we're trusted by hash key and chain link coinbase story protocol they're using our services and so if you are interested in using web 3 security or just simply get to know us you can follow us on our Twitter and then also you can visit us on land and also contact us or follow me on Twitter as well yeah that's all I'm GNA share today it's yeah it's a sales you can
(05:47) consider it as a sales speech it's Margie it's a Margie update yeah so she's in San Francisco now right the valley I am in palado right now but we also so the other news is that we are like recently acquired by Sol layer so it's another like chapter for us as well how how are you doing how is the event going yeah yeah we're still just starting I mean we had a few great sessions and then break and now your session and there's talking about more mass adoption Mass adoption with various
(06:21) ways to get the domains to work in normal browsers such as buying buying one from the Ian company and paying them their fees so that it would work in browsers that I can integrated with but so Nathan there's some questions about where they can learn more about fuzz land so fuzz. land right yeah fuzz.
(06:44) land and also you can follow our axland and yeah it's pretty cool we're we're pretty small we're not like the big players uh right now but we are a group of young and smart people oh my gosh you have this I got it Devcon from you yeah this is a this is a this is something I'm really proud of I booked it on the Chinese to B and it's actually a bottle opener yeah I really like it yeah so yeah we're doing a lot on ethereum and then in the future probably more on salana as well nice yeah all right okay and and so yeah
(07:30) so then it was yeah it's more like an ethereum but we do have some some of our projects are on ethereum like hns.com mism which is allowing people to buy domains we call them slds okay some people like the glasses and then they could because there are smart contracts there some of some of the team is on on this session so basically my interpretation of what you provide is you help monit monitoring for for exploits and hacks so that protect people from losing their money right right we we actively monitor projects
(08:10) just to just to make sure that they're safe you know like you can sleep tight when we monitor for you and there are so many like security incidents happen right now and as the web 3 ecosystem grows bigger I think security is very very important so some people want the glasses they're asking for giveaway in the chat I could where are you guys yeah all over the world I still like my yeah I picked these up with in Bangkok real utility then you were at eth Denver how was eth Denver it was it was great um I went to a lot of events
(08:50) about scale like salana events and ether events as well I think I think people care more about utility like real use cases right now instead of just bragging uh about like empty stuff I think people are more and more practical and they have have something very I think solid in their mind and we're building I think everyone's very passionate about building and everything great yeah I I think I think there's just too many meme coins already in Donald Trump did you buy the Trump coin of course not I don't
(09:30) know I don't I don't like it so I didn't I didn't buy it and yeah it's just I didn't really like it it's just it doesn't have any utility and it's not even cute like I would buy a meme coin if it's really cute like the penguin I really like it but then Trump is not even cute yeah I like yeah it's just didn't even like create an image like the cute thing it's just him and he's not cute yeah right I'll buy for fun I'll buy stuff for fun but like not
(10:08) Trump not even fun yeah but the worst one was this uh the Argentina one well Libra I me I think that was the worst because yeah that was crazy actually our founder chaan he he he he said oh I think he sued them right yeah he posted I think I saw his Twitter his lawsuit or something go check out his tweet it's really fun and then I think he recently joined a Fred rice Dow or something and it's really funny what's his account handle fried rice down oh wait let me try just just just search like sh hou and then his his profile is a dog I
(10:58) have should you have a cat let me it yeah it's he's pretty fun he's like the super super smart about yeah I think heent too much yeah I think he lost a lot on that though right because right and yeah and then he was like really doing like yeah he was like bashing the Libra he was looking into their team so that was funny okay yeah let me just copy paste his tweet and then wait I couldn't copy paste sorry but yeah handshake we're not really into memes there's some people joking but yeah
(11:39) we're always been about utility right personally but I think most of the community here but that's what's the frustrating thing is these these memes that have no utility and just some hype get way more money and no no attention right I didn't I I don't really like it like I really like if they are actually doing something or oh I shared for the for the community and everything so I didn't really yeah I remember seeing it when when Libra okay and as land okay great that's awes yeah I think we're wrapping up now
(12:16) we got the next session coming with Marcus and thanks for coming on Marie is great thank you for inviting me it's always fun to be on this event we feel like a big family here know like we're all friends and we like I'm not even doing like a sales pish right where I'm just like introducing my new company and then like telling you about security so it's really fun thank you for inviting me um yeah I'll be at the next one [Music] bye your identity online should be yours unshakable Untamed censorship
(12:53) [Music] resistant with dox you are Limitless [Music] no middlemen no restrictions just you dox your identity your [Music] rules this event wouldn't be possible without our amazing sponsors our bronze sponsors dweb foundation. X our community sponsors handshake Australia name base DEC centralizers hnsm Market thank you for your support in building a decentralized future