This is the Monday Medley, a newsletter that goes out, you guessed it, every Monday. I republish it here for sharing and referencing, but if you'd like to sign up you can do so right here:
Nothing new this week really, so we'll dive right into the Medley.
Yesterday morning I got an exciting DM: there was a vulnerability in one of the contracts I wrote making it possible for a sophisticated attacker to drain our funds from it.
It didn't affect the funds anyone else had deposited into the contract, just the rewards we added to it for our users to collect. But it was still almost $2,000,000 of our tokens on the line, so not the happiest message to receive.
Luckily the message was from a team of devs who go around the crypto universe looking for these kinds of things. They have the skills to exploit these vulnerabilities themselves, but they use their powers for good to help make everyone else's projects more secure.
Within a couple hours of them messaging us we'd reduced the vulnerability substantially, and as of this morning, patched it entirely without any loss of funds for us or our players. It was a whirlwind 24 hours, but it put us in a stronger spot than we were yesterday, and I'm extremely grateful for the help.
The crypto and defi world is full of massive hacks and exploits. The REKT leaderboard can be a little terrifying to look at if you want to build anything in the space.
Some of these happened after over a year of things running smoothly without any cause for alarm. And they happened in code that was written by top tier crypto developers, with tons of other eyes on their work and plenty of security audits.
It's absolutely still the wild west, and anyone getting into crypto more than just having some Ethereum on Coinbase has to be prepared for those kinds of risks. There are bad actors out there constantly looking for ways to take peoples' money.
But it's also predominantly friendly, altruistic people. The amount of mutual support you see in Discord servers from more experienced people helping newcomers is inspiring. And there are plenty of people out there checking out each others code in their free time because it's fun, and because they want to make crypto a safer more secure place.
It kinda reminds me of the issue with the old "stranger danger" narrative. Most strangers are nice people who want to help. And if we're talking about avoiding child abductions, that apparently is most likely to involve someone you already know. Not a stranger.
I'm not sure where I'm going with this at this point, but it's nice to know there are strangers out there looking out for each other, especially in a space that can get unfairly maligned as hostile and dangerous. It's the wild west, but still pretty friendly.
Have a great week,