Transcript: Anchor Security Focused AMA

Anchor Protocol
Anchor Protocol

Finn 0:42
Hello and welcome to The Ether. Today is Thursday, February 17th 2022. This episode of The Ether is brought to you by Luart. Luart is the first gamified NFT platform built on the Terra network. Luart provides a seamless minting and trading experience all while earning you rewards just for being a user. Be sure to follow them on Twitter and join the community in the Discord server for the most up to date news and announcements regarding all the hot new NFT launches, platform upgrades, and new projects hitting the secondary marketplace. Are you ready to #PutYourHelmetOn and join the movement? Find out more This episode of The Ether is also brought to you by WeFund. WeFund is a community crowdfunding cross-chain incubator on Terra and it’s the first launchpad that implements a milestone funding release system to protect investors. All money raised for projects is deposited in Anchor Protocol and it’s refundable, and all decisions are based on community voting power. WeFund is community focused and designed to be a user friendly experience for both project creators and investors. Be sure to follow them on Twitter and join the Telegram for more information. Links are in the show notes and check them out online at TerraSpaces appreciates the support from all our sponsors. Today on The Ether we have the Anchor Security Focused AMA with Oak, Aperture, Code4rena, & Injective. Let’s take a listen.

Anchor Protocol 2:05
Alright, what’s up everyone? Can you guys hear me good?

bitN8 2:08
Loud and clear?

Anchor Protocol 2:09
Awesome. Yeah, we’re just waiting for a few other people to join us here on the panel. We have some amazing guests today for this community AMA.

bitN8 2:18
Yeah, it’s gonna be exciting. We’ve got a couple security auditors, we’ve got some really great respected names in the space. And this is kind of long overdue reflecting some of the things that have happened lately, with different bridges popping up and the vulnerabilities that pop up there. And as the days go on it shows more and more how much we should be focusing on security. So this should be really exciting. We’re trying to do a higher level to start with and then for those out there that like to get technical, we might drop into some of the more the details on that. And I think we just about have everyone here so we can start introducing the panel.

Fyodor 3:00
Thanks Nate. I’m super excited to be here as a crypto user who’s gotten rugged twice in the past year, hopefully there might be some personal safety tips as well.

bitN8 3:08
Absolutely. All right, I think let’s just start running down through who’s on the call. Let’s start with Oak Security guys. Shout out to who you are and what you’re doing and how you’re working with Terra and then we’ll just kind of go down through the list and get this thing kicked off, or perhaps we’re still waiting for them so… [chuckle] Let’s go with Aperture Finance team that I know it on the call.

Anchor Protocol 3:38
It looks like we might be having some difficulties here, technically wise here.

bitN8 3:43
Yeah, not uncommon.

Lian Zhu 3:43
Oh, hello. This is the Aperture team here, super excited to join this AMA event. My name is Lian Zhu, co-founder and CEO of Aperture. And with me here is Peiqian.

Peiqian 3:45
Yeah, Peiqian here, co-CTOs with Gao. We’re happy to be here.

bitN8 4:02
Awesome. Happy to have you guys here. Now I see some of the Oak guys on, there’s Stefan from Oak. Stefan, why don’t you introduce yourself, tell us what you’re doing.

Stefan Beyer 4:11
Yeah, sorry. Apologies for trouble connecting to this. So yeah, we are Oak Security. Colin is with me on this call as well. Oak Security started last year, but it’s really got a longer history. I personally started auditing in 2017. And we’ve done a lot of Terra related protocols. Recently we’ve audited Anchor in its first version of course, we’ve audited Mirror, Prism, White Whale, Mars, Astroport, Spar, quite a few smaller projects as well. And the Terra blockchain itself, so the Columbus-5 was audited by us. So we are sort of very deep in the Cosmos ecosystem in general and the Terra ecosystem in particular.

bitN8 5:02
Awesome, yeah, it’s great to have you guys here. And then another exciting team we’ve got on here is the Code4rena. They’ve got a unique business model, they’re going to be auditing Anchor in the coming weeks. So why don’t we turn that over to Code4rena, and introduce yourselves.

CloudEllie 5:22
Hi, this is Ellie from Code4rena, I’m really happy to be here. And I love this group of speakers, I think it’s going to be really awesome to compare notes with you all. So for those who don’t know, Code4rena does, essentially, community audits. So we do audit competitions. They’re kind of a crowdsourcing approach to the work of security auditing. And I can talk a little more about that later, but that’s kind of the the TL;DR on that.

bitN8 5:52
Yeah, I think that’ll be great, I think in a bit we’ll maybe drop into just different approaches to security auditing and so the community can get an idea of how that differs and where we’re at and we’ll do that in a bit. We also got Albert on here. He’s part of Injective. He’s also well known. Albert, why don’t you introduce yourself as well, and we’ll get things kicked off.

Albert Chon 6:13
Yeah, sure. Hi, I’m Albert. I’m the CTO and co-founder of Injective. We are building a fully decentralized spot and derivatives exchange protocol on Cosmos SDK. We currently actually have been working with Terra for quite some time already. We actually have the first LUNA perps on our DEX as well as the UST to USDT spot markets. And we’re also going to be integrating Anchor onto our chain as well. So that integrations already underway. And yeah, my role here today is I’m going to be the judge for the auditing competition bounty program, that Code4rena is running. So I previously audited the Gravity Bridge protocol, which was deployed on Cosmos. I had a lot of fun and I’m excited to audit Anchor as well.

bitN8 7:06
Awesome, awesome. So it’s great to have you guys all here. It’s definitely a great panel. So let’s just kind of jump in. And I’ll put this out there for anybody to kind of jump in and talk about but lately security has been highlighted again. If we look back to the previous year, we remember flash loans, right, it was almost every week for a period of time, we’re hearing about a flash loan exploit. And it’s starting to seem like as we now go cross-chain with all the open attack vectors that happen on bridges, that’s gonna be something that comes up and it’s kind of relevant because Anchor is going cross-chain, just as Albert talked about, we’re talking with Injective on how we can move things cross-chain through IBC and other ways. So let’s just kind of throw that out there and get… I definitely want to hear Code4rena’s take on it, Oak’s take on it, I definitely wanna hear your take on it, Albert, on what the cross-chain world is looking like in terms of security. And then maybe we can dive deeper on what we want to look at in terms of how do we solve some of these problems that we’re seeing.

CloudEllie 8:13
Yeah, was that a throw to me? I wasn’t quite sure. [laughter]

bitN8 8:16
Yeah, you can go. You go ahead. And then maybe, Stefan from Oak can maybe follow up.

CloudEllie 8:21
Well, I’ll preface this by saying I am not a security researcher, I just hang around security researchers all day. So I have kind of maybe a less technical, but maybe more… I don’t know, more common-men perspective on all of this, which is here’s what I see. I mean, we’re definitely noticing all the exploits that are happening on bridges, I think it’s just going to be true in any system, that the more complex it is the more vulnerable it can be. And I think, I can say this much, which is the philosophy of Code4rena is really that we really strongly believe in the power of community to pursue and address these major security challenges. And also the power of multi-pronged approaches, right, which is we feel like it’s very, very valuable for projects to have both ongoing efforts in managing security, right, and very, very regular and ongoing efforts in that regard, as well as a broad base of people to draw on and of different kinds of expertise. So I think that’s the very broad brushstroke, which is really the best level at which I can [chuckle] address security questions. So I can’t talk into the deep tech of it, but I can say, what I noticed among our community of researchers, because we have a fairly large and broad community of researchers, is that it’s through the cross-pollination and collaboration among them, that these kinds of major problems get solved, both quickly and thoroughly. So that’s my two cents on that.

bitN8 10:17
Yeah, no. I think that’s a really valid point, right. With the cross-chain bridges, there’s just so many more vectors of attack that get opened up. So yes, we’ve got traditional security auditing firms doing an amazing job, and they’re obviously backlogged a lot of them and can’t keep up. And there’s a lot of really prolific hackers and security auditors out there that might not even be employed by a firm or anything that are just out there for the greater good of the community, always taking a look at this because they have skin in the game, they want to see what they can do to not only protect themselves, but protect others around them, because it makes the whole ecosystem stronger. Stefan, I wanted to get your thought. You guys are definitely heavily ingrained in the Terra ecosystem and other ecosystems and what’s your take on cross-chain bridges and what you guys have been doing to kind of combat the increased security risks that these cause?

Stefan Beyer 11:18
Yeah, it’s a difficult subject. I mean, as a security auditor, I’m personally not too keen on bridge, they’re always very complicated projects when we get them. And we are very careful on what type of bridges we take on because they’re very difficult systems to build correctly. The problem is that it’s there’s usually a number of technologies involved, you’ve got smart contracts, or something similar on either side, you’ve got the particularities of the underlying protocol, but you need to have something in between. And it’s fairly trivial to build a centralized bridge, but that has its own risk and is obviously centralized. And then if you build a decentralized bridge, you have a whole consensus system and economic aspects to deal with. And it becomes so complicated that it’s very hard to issue any form of guarantees on the security there. Maybe my colleague Colin can jump in and talk a bit more about the technical challenges they’re in more specifically.

bitN8 12:40
Yeah, that’d be great, colleges. Yeah, you wanna jump in on that?

Colin 12:46
Yeah, sure. I’m sorry about that. I was cutting in and out pretty bad. So sorry if I repeat anything that Stefan already said. But yeah so as Ellie and Stefan said, the attack surfaces gets opens up when we’re dealing with cross-chain bridges. So if we’re dealing with… I mean, we could have an audit that could span five total chains, for example… An expert on each one of those chains, we have to understand the interactions from… So say for the Ethereum side, we have to understand the Ethereum interaction, cross-chain how that interacts with like Solana, for example. And then kind of we have to have our internal auditors correspond with each other and really make sure that we really understand exactly what’s getting passed across and the level of trust that’s kind of happening on that channel. Because ultimately, what everything boils down to is you really try to look and you analyze kind of like the blast radius, or the scope of trust that these different actions can have. So yeah, I guess that’s just my quick input. And sorry, if I repeat anything. I’m cutting out a bit on my side with my WiFi.

bitN8 14:02
No, no worries. That’s good. I don’t think we want to go too deep there. I mean, just a general overview for the community I think it’s great. So kind of what you’re saying is, some of these bridges are just even too complex for you guys as a security auditing firm to even want to take on that kind of risk. Is that what I’m hearing?

Stefan Beyer 14:21
Yeah, in a way, I mean, I wouldn’t say we don’t want to take them on because their too complicated. I mean, it’s our job to look at complicated stuff. But there’s a limit on what any security researcher can say about something with so many moving parts. And there was an interesting tweet a few weeks ago by Vitalik on the inherent insecurity on moving assets between different blockchains. And I’m a big fan of the way Cosmos, which underlies Terra, of course, is built in that it’s inherently multi-chain, not cross-chain. So it’s much easier to say something about the security of different Cosmos chains, or Cosmos SDK-built chains that communicate with each other using IBC, or even something homemade, but at least it’s using similar technology. That inherent security risk if a bridge involved, which is larger than if it isn’t involved, and there’s only so much auditing can do to prevent stuff happening.

bitN8 15:43
Absolutely. And I think that’s kind of where… Let’s think about this in two ways, right, that’s kind of where maybe bug bounties come in. And two, that’s kind of… Let’s bring back Code4rena for a minute too, that’s like where security auditing from a community base can come into, right. It’s kind of an augmented, another angle at which people are looking at these things on a continual basis. Would you have any suggestions for projects that are using cross-chain bridges, right? For instance, Anchor is going to build and has been building contracts on top of Wormhole, which we know is recently exploited. And it not only directs contracts cross-chain, but it directs smart contract messaging. What do you guys kind of look at when protocols like Anchor are using cross-chain bridges like this?

Albert Chon 16:37
Yeah, well, I think one of the nice things about IBC is that you can just outsource your security to the IBC protocol for the most part. I mean, basically all the Cosmos chains right now they all import the same IBC transfer module, they all use the same relayers so it’s very easy to get started. With that said, it does make one, I guess, a bit concerned if there is, let’s say, a zero day in IBC. That would kind of wreck the entire ecosystem, right. But it’s a bit of, I guess, a trust in the collective and if something very terrible did happened, there perhaps will be some way to rectify it. And I guess also for that, it’s eventually important to have multi-client implementations for the components. I mean, similar to how there’s a multi-client implementation of Ethereum. It’s like Parity or Geth. For IBC, really, at least there’s multiple, and I think it’d be safe for ecosystem to have less reliance on a single source, and therefore more eyes and more people working on the same thing. I think that’s actually one of the great advantages of something like Code4rena, at least last time, because the community does come in with this hive mind of all of their collective experience on certain things. And they’ll find very minor things that you, as an auditor, may not know about, it could be some small detail about the Cosmos SDK or about Rust or about the EVM. And, yeah, because they’ve encountered it in some other rabbit hole one time, and I think it’s this sort of thing that really makes these community audits shine, because the collective intelligence is much greater than just that have like one or two auditors.

bitN8 18:17
Yeah. And we’ve seen that right with people in the community. I was trying to have Vinny on this call, he wasn’t able to make it. He’s a really well known hacker in the Terra ecosystem. And he’s pointed out certain vulnerabilities in the community as well, just his free will, right, just looking at these things. So yeah, I definitely think that’s important in that aspect. And yeah, it’s interesting with the Cosmos model, right, because they still haven’t moved towards the shared security model yet. And maybe you wanna just quickly touch base on that, Albert, and then we’ll kind of move on a little bit here.

Albert Chon 18:59
Yeah, sure. You mean shared security in the context of a parent chain and child chains?

bitN8 19:05
Yeah, exactly. That the future vision of Cosmos, right, is that that shared security module.

Albert Chon 19:13
Yeah, I think shared security may be a bit of an overloaded term. Instead of like code security, we’re now talking about consensus security and stability, like two thirds POS consensus. But yeah, I guess that fundamentally itself does rely on IBC. And if IBC is broken in some way then the shared security would also break. But yeah, I think separately security is quite interesting as a concept because it’ll essentially allow the validators of one chain, let’s say LUNA, to provide security for other chains. Let’s say if Anchor were to have its own chain, except instead of having to bootstrap a network of validators themselves for this new, let’s say, Anchor chain, Anchor network, they could just lease the security of the base Terra chain. And basically, the staking rewards from this new chain would go to the LUNA holders, or basically the parent chain providers. And in the future, there are even more advanced designs were partial sets of the parent chain and the child chains validators could provide security. And in the V3 of this model, you can have these mesh networks where multiple blockchains can collectively share security on multiple child chains. So as an example, Terra, Injective, Cosmos HUB could all share security in some mesh way for a child chain, which is quite advanced, and perhaps one of the more forward thinking visions of the cosmos ecosystem, but yeah, I’m quite excited to see how that turns out. I would say, though, that this is quite separate from security from an auditing standpoint. [chuckle] Just to not confuse the concepts.

bitN8 21:04
Yeah, no, absolutely. The reason I brought it up is because, and this kind of bridge into the next thing I wanted to talk about is, the way we’re moving in the crypto space is it seems like a lot of bridges are being built, because there’s just so much liquidity in different places that needs to be connected, and has to be connected. And so it sounds like from a security side of things, maybe this isn’t the future iteration. Stefan or maybe the guys at Aperture, do you guys have any thoughts on where this might evolve to? Just because… I’ll give you a good example. Over on the Terra ecosystem, we’re already competing with different UST standards, right. And to try to simplify that for the everyday users here, if you send UST to, let’s say, Avax with Wormhole, you have a different messaging standard for that wrapped UST than if you were to send it over with Axle or any swap. And so then those two USTs that were sent by different bridges can’t be interchanged one for one on the chain that you sent it to. So it gets complex, and then we’re already starting to hear talks about standards being built on top of bridges, right, like a global UST standard, which would then be a swapping mechanism for all of them, which opens up even more attack vectors. It’s just like, are we building a house of cards here? And is the Cosmos, shared security Cosmos HUB, a better model? I just want to kind of get your thoughts on that.

Stefan Beyer 22:50
Yeah, I mean, that’s a very big question and a can of worms, really, but I mean, ideally, something like the Cosmos model, where you have IBC is much cleaner than having different bridges that have different wrapped assets on different chains that are completely different from each other. But obviously, the reality is not like that. We want to be able to work with Ethereum and we want to be able to work on other blockchains and Solana obviously has a different model. So we need these bridges. I don’t think there’s a good answer to the problem of having two wUST tokens on Ethereum, for example, and then maybe competing with each other. The only problem that arises from this is when arbitrage gets out of hand and end users get confused. And you have some form of wrapped UST with very low liquidity that doesn’t react well to market changes and things like this. And the average end user might have problems with slippage on different pools or things like this. But I don’t think another layer of standards can be a solution to this. It’s just a very decentralized and open system and that’s unfortunately one of the side effects. But eventually, I suppose everything will go sort of the biggest project wins, or a few big players will be able to work nicely together. I don’t know. I don’t know how to answer that in a better way.

bitN8 24:44
No, no, it’s like you said, a can of worms, right. And it ties right into this security talk that we’re having because this is just the direction we’re going right now. And from everybody I’ve talked to, really smart minds, right, there’s just no good solution on the table right now. Everyone I’ve talked to, to A, address the different standards that these tokens end up on on the other chains, right. Liquidity fragmentation kind of defeats the purpose of going cross-chain in a certain way, if you’ve got five different standards of one token on a different chain, which then lowers the effect of the liquidity because it’s fragmented. And then on top of that, you add attack vectors that put each one of those coins at risk. Yeah, it’s an interesting world that we’re in. And that’s kind of why we’re having these talks today is why we have to continually have security audits. I wanted to throw an idea out there that I had been talking with some certain firms, security auditing firms, about… I ran my own tech company for many years, and we had what was called a continuing service contract where we gave a discounted rate to our client to continually maintain the network. And it was kind of a win-win for everybody because we had skin in the game because we had to make sure we maintain the network because if we didn’t, we weren’t making good on the money we were getting paid. And they had an inherent interest to want to pay for that continuing service, because it meant that their network was in good shape for the whole time that we worked on it. With bridges, do you think that possibly having a continuing contract, like a retainer style agreement, where audit firms continually look at this code, so they’re inherently more in touch with it, more in tune with it, and can in more real-time react to when they see a vulnerability pop up, a certain monitoring system that can monitor if attack vectors are starting to be breached? Is that something that you think that might be somewhat of a good response to this new style bridging that we’re seeing? And anyone can take that.

Stefan Beyer 27:08
Yeah, can I take that? Because I’ve got quite strong opinions on retainers.

bitN8 27:14
Yeah, absolutely.

Stefan Beyer 27:16
I know… Well I mean, we’ve experimented with them. And obviously from our business perspective, retainer contract with big projects like Anchor would be great, right. So we would have continuous money coming and for business it would be great. But in practice, it hasn’t worked out that well. The problem with this type of continuous audit is that you end up looking at PRs on GitHub, and you forget the whole picture. And it’s also very difficult to coordinate the timing of these things. What does make much more… I know some audit companies are pushing retainers and continuous audits quite heavily, because they’re obviously good for business. We’ve gone away from this, because it didn’t work out that well in practice. What tends to work well is to have several reliable audit partners. We are obviously competing with each other as audit firms, but we also collaborating a lot and we are quite used to working in parallel with different companies or one after the other. And then have audits or frequent audits have full logic components that makes sense. Because the problem if you’re on a continuous audit and you review pool requests, some small change might affect something you’ve previously audited and you don’t realize. So what we like to do is we like to get involved early. It’s a good idea for teams to get us involved before they even start coding. And we can teach them how to set up a good internal security infrastructure and practices and how to set up testing correctly and help it identify test cases. That’s something we can do, and then we can come in again at certain frequencies and do audits of full blocks and even re-audit certain things again, as we are doing now with Anchor. We audited Anchor, there have been updates, now we are auditing the whole thing again. Why? Because it doesn’t just make sense to audit the updates because independently there might not be a problem, but the whole thing might need to be looked at.

Stefan Beyer 29:54
Yeah, and also projects should set up the internal auditing. External eyes are very important. But a continuous auditing approach works good if you have security experts within the team, and someone who just reviews code and just looks at procedures, protocols and other stuff like operational security.

bitN8 30:18

CloudEllie 30:19
If I could jump in, I would 100%…

bitN8 30:20
Yeah, go ahead. Yeah.

CloudEllie 30:22
First of all, I absolutely echo everything that Stefan’s saying, and also underline and yellow highlight, because I think there are different strengths to every approach to security, right. And I think what the… There’s a depth that exists within auditing firms like his and I think… First of all, underlying the piece around collaboration, I think it is 100% true that… Of course, there’s some kind of competition amongst the businesses, but there’s so much… I think we all see each other as collaborators towards the same end goal and also really respect each other’s strengths. We deeply respect the depth of expertise, and also the thoroughness that traditional audit firms can provide. And Code4rena has no interest in uprooting that, or supplanting it, or replacing it, because that has undeniable value, right. But I do agree the… It’s really tricky to align all of the incentives around a retainer model. [chuckle] And also there’s elements of human nature here at play. Security is a lot about psychology and human nature. And one of the things that I think what we found at Code4rena is that it’s highly motivating to have a time constraint, right. We run contests, they are events, they have a start date and an end date. And that is not always going to produce… It’s a very different model than an ongoing retainer agreement, right. It’s kind of the inverse of it. But what it does do is it highly incentivizes a deep dive for a committed period of time, a specific period of time. And then we bring a breadth. Where the traditional audit firms have depth, we bring breadth.

CloudEllie 32:32
And then again, I would also underline what Stefan said about the value of having a security expert in-house. And I think it’s probably not surprising to know that Code4rena is relatively young. We launched our first contest last February. And so a lot of the initial sponsors that came to us to get their code reviewed were people who understood the value of security because they were founded by very security-conscious teams. And so we’ve had this really wonderful insight into how those teams operate because they immediately got the value of what we were bringing. And so when we ran… We ran a contest for Gravity Bridge, which was our first Cosmos contests. And they have a great team and a really security-conscious team. And they were really surprised and excited by the things that were found by our community. And that’s the thing that the sponsors appreciate. The sponsors who are security conscious, first of all, appreciate and are receptive to [chuckle] having those vulnerabilities uncovered early and get the value of it and are receptive and open to hearing about it. But also just are also very aware of just the human psychology aspect of it, which is like, we all have cognitive biases and we all have blind spots, and there’s just always going to be things that we can’t or don’t see especially, and I think we’ve all experienced this, when we’ve been looking at our code base for so long that certain things just start being invisible to us. So I think there’s value from all these different angles. And it really is the multi-angle approach that is going to always be the most effective in my view.

bitN8 34:22
Yeah, I love that. That’s really what’s said, I was just gonna kick it over to Albert too. So go ahead Albert, jump in.

Albert Chon 34:28
Yeah, I would say that rather than the retainer model, it’s probably much more capital efficient to just hire more people who focus on testing and security in your own team, right. I would say the majority of our time is spent in testing and thinking about how things could break, which I think is quite different from other, maybe, projects that just want to get something launched and get it out as soon as they can, right. But that comes at the expense of thinking about these different attack vectors, which can then lead to some unintended use or exploit. And yeah, so I would just say, really double down on investing in proper testing. Because even in the Gravity Bridge example, I was following their development for over a year. And I would definitely say that even though that they were definitely very security-conscious team, there were definitely things that could have been tested a lot more deeply. And that was always one tension that I felt internally. Because, yes, it’s either you can improve, actually build stuff, or you can spend time testing things. But if there were just more hands on deck, this could have been tested more thoroughly. And the small things that were missed that were uncovered in the audit, in the Code4rena community audit, for example, would have been found sooner.

bitN8 35:57
Yeah, I love that. That’s kind of what I was thinking of when we pulled Code4rena in to do a parallel audit with Oak doing some of the security auditing that they had done before. I think the breadth and depth that was mentioned there is truly important. And I see it as… I mean, right now I don’t see how there is much competition in this sense, because it’s just so hard to get security auditors right now, they’re just so backed up. And the shortage of security auditors in the space just shows how rapidly we’re growing and how much we still need to really focus on it. And I really do like that idea of having in-house security auditors for the continuing audit side of things. And I think, if they could work in parallel, right, there would be a specialist that could then work in parallel with the different types of security auditing firms that are hired, right. That enhances the audit that’s being done, right, because not only can that person have a great in-depth knowledge of code, they can explain how the code works, and save a lot of time so that they can really focus in on some of these attack vector areas and areas of weakness. So I really like that idea. I kind of wanted to… Yeah, go ahead.

Peiqian 37:09
Yeah, if I can quickly jump in again. This is Peiqian from Aperture. From a smart contract engineer’s perspective, we always strive to optimize for faster iteration speed to be able to bring new features to users sooner. But at the same time it’s interesting to hear all the auditors’ perspectives on the retainer model constantly reviewing pool requests. It’s easy to focus on the new change, and even a small change can have a huge impact on the overall security of the protocol. So I just wanted to kind of emphasize the importance of keeping security in mind when writing the code, having better code quality, and having a good test coverage, I think makes the auditors’ job easier in terms of understanding the code better, then there’s a much better chance that vulnerabilities can be found more easily. So, yeah, to me it has been interesting to hear all the perspectives. And also if I can quickly jump back to a point earlier on the different wrapped versions of UST and other tokens. We have Wormhole wrap and… I think it would be great if they can come up as a global standard that is secure so all different interop solutions can have the same wrapped version, but I know it’s a very challenging undertaking, because some of the wrapped tokens are built on top of generic messaging protocols and particular bridge so it will be hard to kind of standardize this across the board. But in the short to medium term, I think something like a Curve Finance’s stable swapping variant, where we have multiple wrapped versions of UST in a single Curve pool, that could help with the slippage issue. And another idea I can think of is to bridge back a particular wrapped UST to Terra to get native UST and then use another bridge to get the new wrapped version. And Aperture can actually help make that a lot easier for users because Aperture is being a cross-chain app so one app can easily achieve that without the user having to manually go through this entire process.

bitN8 40:11
Yeah, I appreciate that and it’s definitely a different angle to look at too. We definitely need more solutions like that, we need more smart protocols [chuckle] thinking about how to simplify some of this mess that cross-chain bridges bring, kind of the necessary evil. I wanted to kind of change gears just quickly, because it’s not often that the community gets a chance to talk with so many bright-minded security auditors, a lot of user base security and maybe a few quick best pointers would probably be good. And maybe we can turn it over to questions, right. As we all know, as DeFi people who have been in the space a long time, we see mock websites, just like last week we had, which was an exact mirror of the actual Anchor site, and it took people to actually put in their seed phrase, and we saw some people lose funds in that sense. Any pointers to users on best practices in that sense that they should be following maybe? Anyone want to chime in there?

Fyodor 41:26
I can start. From personal experience certainly, as Nate said, right, always check the URL. As someone who literally understand what I’m signing 0% of the time, making sure you’re in the right place is obviously one of the biggest things. Anytime you think that something feels uncomfortable, you should probably double check, it might be, certainly never give out your seed phrase when you’re in your Discord and other social media channels be very weary of anyone reaching out to help you. Generally the people trying the hardest to help you are probably the ones least likely to help you. So those are just a couple of the ones that I found from my time in the space.

bitN8 42:03
Thanks, fam. Anyone else want to throw anything else out there? Just because it seems like as we move further and further, the more the attacks are ramping up and phishing websites. So I just wanted to add some help to our users out there.

Colin 42:22
Sorry, Stefan. Go ahead.

Stefan Beyer 42:24
Yeah go ahead, Colin, you probably were gonna say the same thing as I was.

Colin 42:29
So I guess one of the things that I kind of wanted to point out here is… So I have a background in traditional cybersecurity, so like educating users in a similar fashion. Obviously with the DeFi game we’re kind of dealing with higher stakes here, right. And it really presents a landscape where hackers can get their rewards, or their payouts a lot more easily when we’re dealing with transactions, and we’re dealing with a sense of scarcity and a lot of sense. So I think it’s really important to educate users to go back on the principles of social engineering. So that would be like authority, intimidation, scarcity, and trust. And if you feel like any of those four quadrants are overpowering each other, in for example your interaction with a person or your interaction with a website, take a step back. It never hurts you to just take a step back and actually think about what you’re signing, for example. That’s really all I wanted to say with that.

bitN8 43:35
I think that’s an awesome perspective to look at it through, kind of like what Sam was getting at. It just doesn’t feel right. Typically, no one really is out there to help you get your funds back. Let’s just be real. The majority of people out there that are trying to help you get your funds back are people that are looking to take your funds. So yeah, I think the number one thing we see here lately is the web URL not being correct. Make sure you bookmark that, don’t type it into your browser. I know it’s really easy. Clear your cache, clear your browsing history, set a… Use Brave browser, right, you can set it to auto clear every day that way. That doesn’t… You’re not typing in an address, you’re forced to use the bookmark there. So yeah, I think those are some of the things. Zion, do you think we should turn this over for questions? We’re nearing 15 minutes left here. I think we’ll go ahead and do that, open it up for questions. So if anyone has a question, go ahead and request to be a speaker and we can add you up here and take your question. Looks like it’s having some technical difficulty here. Sorry, guys. Can you all still hear me?

Stefan Beyer 44:12

bitN8 44:35
Okay, cool. No requested to be a speaker. Well then, I think, on that sense then how about we just give each of our speakers a chance to kind of wrap it up, and then we’ll kind of close this out.

Anchor Protocol 45:10
We did get one request, Nate. Yeah.

bitN8 45:12
Yeah, go ahead. Let them up.

Anchor Protocol 45:14
Hey, Titan, can you…

Yes, I do. I’m a complete noob to the echo system. I just happened to do some business in it, and I made some money. But I want to ask you guys, what is the correlation between Cosmos, Terra… And LUNA and UST? I know that LUNA and UST… UST is the stablecoin. And LUNA is… Well can you explain it to me like I’m a five year old?

bitN8 45:43
Sure. And I know Albert can sort of chime in. So the thing to keep in mind is that LUNA, the Terra ecosystem, is built on the Cosmos HUB. So that that’s built on the Cosmos Software Development Kit, the SDK, and so that’s built on a Tendermint layer chain. What that really means is that through the way that it’s built, it allows you to spin up a chain really quick and it allows you to tie into the network security, the network effects. And so essentially now that IBC, the inner bridge chain that pops up, it allows us to a lot more seamlessly send assets back and forth, because they’re all part of the same core ecosystem. I know that’s probably not as simple as it can be. But that’s a very eloquent model. Okay, cool.

No, it’s really good. And thank you for that. And I wanted to ask the Anchor Protocol, because as far as I’ve seen, the returns, I think you’ve got like 19.50%, or something like that. The returns are the best that I’ve seen in this space. Can you explain to me like a five year old how you do that? How you can afford to have such a good percentage?

bitN8 47:01
Yeah. When Anchor launched, it was kind of a novel model. This was before there was really a lot of liquid staking derivatives. And what that means is when you lock your proof of stake coin, that’s getting a yield from validating transactions on the network, it would be locked for a period of time and there wasn’t anything you could do with it. It was a very illiquid token at that point. So protocols started creating liquid staking derivatives. That’s what bLUNA was. And so that then allowed you to keep your staking returns or redirect your staking returns, and then have an asset that represented that to be able to use. So Anchor allowed you to borrow against that, and to use your staking returns to help subsidize your borrow rate. And so that’s really how the yield reserve gains money is when people borrow not only do they pay a borrower rate they get incentivized to borrow, and part of how we do that is through the yield from their staking returns. And part of that staking return also goes to pay depositors a higher rate to keep that pool of depositors high.

Right. Thank you. I know, these were a bit noob questions, but great space. Glad to be here.

bitN8 48:26
No, thanks for coming up.

Albert Chon 48:27
I actually have a question. Do you think that Anchor is too big to fail? It’s the flagship application of Terra. And I thought back to the whole Wormhole bridge hack when Jump came in and saved the day. And it’s a bit like… I don’t know the exact details, but I think Terraform Labs is upping the yield reserve. And at the end of day, that’s good for the Terra ecosystem just as Jump coming in was good for Wormhole, but it does seem a little bit less, I guess, like a pure free market. And maybe in the beginning, that’s fine, because things are less mature. But I’m curious about what’s your take on that?

bitN8 49:10
Yeah. I mean, there’s definitely some truth to the fact that Anchor is now a pillar of Terra ecosystem. Right now it’s around 50% of UST has been locked up into deposits in Anchor, it’s not quite 50 now, but at one point it was. And so that’s a huge amount of UST to be in there. It within eight months, it has rivaled what it took Aave to do in four years. That kind of growth is really hard to even imagine, right. If you told somebody that Anchor would hit over 12 billion and total value on-chain in less than a year, people would tell you you were ridiculously crazy. And so I think there is a lot of truth to the first mover advantage, right, having that… It’s kind of a barrier now, right, to a lot of other protocols and having the support of the ecosystem behind it definitely makes it a really stable protocol. That said, no, I don’t think you can assume anything is too big to fail. We’re working as hard as possible to diversify borrowing, to evolve the protocol to the lightning speed at which DeFi evolves, because if you just sit idle, doesn’t matter how much money you throw at it, if you’re not constantly innovating and evolving to monetize your user base, nothing’s too big to fail. Well, I think we’re almost an hour here. Zion…

Anchor Protocol 50:49
We do have one more question from someone that came up. Alphacritic, you have a question?

alphacritic 50:55
Oh, yeah. Thank you. I had a question. I don’t know if you guys answered this already. But it’s in regards to the Anchor Protocol security audits. Are you guys looking to do any further auditing?

bitN8 51:12
Further auditing in the sense of… Well, yeah, I mean, I can answer that regardless of what you’re really asking. [chuckle] Yeah. So this is kind of the point. That’s why we brought on Oak to do securities and audits, and Code4rena as well. This is part of our ongoing effort to do continuous security audits, right, to always be looking into the future. Anchor is going to be building a lot of things. And just back to what I just said, we’re going to be constantly evolving, that means new contracts, that means constant relationships with these code auditing firms to make sure that they’re looking at this new code, making sure that it’s audited, making sure that it’s ready to go. And so yeah, security is something that we don’t take lightly over here, and something that we’re going to continue to try to expand and evolve our approach to.

alphacritic 52:07
Awesome, thank you.

Anchor Protocol 52:08
All right, we got another one here. DeFi Zealot?

Defi Zealot 52:12
Yeah, actually, thanks for all that you guys do. I have a two part question. One is around… It sounds like a lot of other bAssets are coming through slowly, like bSOL, and that kind of stuff that you will provide to increase the borrowing fees so that we can stabilize the UST, I guess, the interest rate, right. And so my first question is around what prevents us from opening it up to any of the IBC chain assets to come over as bAssets, right, so that people can borrow against them. So for example, I have five different asset classes that are all staked on the different layer ones on the IBC. Why couldn’t I just bring them all instead of just staking there? Why couldn’t I bring them all over to Anchor? Is there a way to blanket have all assets somehow? Because they’re on there? And then, I guess, the second part of the question is about, if you could share your thoughts around how come it’s only the bETH and not bBTC so that we can capture a lot of the OG BTC holders to come into this ecosystem. So I want to understand, it sounds like it’s a big lift, right, to kind of bring all these new assets over. But can you comment on those a little bit more?

bitN8 54:02
Yeah, absolutely. The main thing is liquidity and actually having a liquid staking derivative, right, to fit into that model, where you have to stake some kind of liquid staking derivative means that these assets have to have it and we’re in talks with different chains on the Cosmos ecosystem, there’s been proposals put up. So really, it’s making sure that there’s a liquid staking derivative, and then making sure that that’s able to be sent through the Cosmos IBC module. And so maybe Albert can mention a bit more technical details on that. From my understanding, not all coins have been whitelisted to go through that IBC module. So if you were to create a new liquid staking derivative, that would have to be then added to that IBC module. Is that correct, Albert?

Albert Chon 55:00
Well, I mean, currently there is no canonical way that you would even have a staking derivative of your token. Keep in mind that the assets that you can deposit into Anchor have to be yield bearing assets, right. You can’t just deposit BTC because BTC doesn’t naturally just compound. So you have to have the standard. And I think there’s some competing efforts now, for example, by pSTAKE from persistence, as well as… Even just from the Cosmos, Zaki, himself is working on a liquid staking implementation. Of course, Terra has their own. And it’s a bit similar to this bridging thing where you also have a lack of standardization in your liquid staking implementation, and whether these will have different assumptions, etcetera, and communication messaging format. But assuming that all of that can be solved, and it very soon will be, then we can transfer these be assets, like bINJ, bATOM, etcetera, and use them in Anchor, right, as well as have a multi-chain Anchor. So you can have it more tightly coupled with a different chain.

bitN8 56:07
Yeah, exactly. Exactly right. And we’ve been talking with Injective about getting their coin over as well. So we definitely have that in mind. Great question. And the DeFi space is evolving and it’s not where it needs to be right now to make it quick, easy and seamless. But eventually it will be. Thanks for that great question.

alphacritic 56:30
Yeah, thanks. Thanks a lot. And yeah, I think I really appreciate the speed at which you guys have been putting things out. And there’s also that balance of people always asking when, and putting pressure on devs. But then also, in order to build really good protocols, you need a lot of time, right. I come from the software industry. And I know that whole dilemma. So thanks.

bitN8 56:55
Thank you.

Anchor Protocol 56:57
Yeah, great question. Maybe, Nate, should we take one more? And then we can close it out?

bitN8 57:01
Yeah, let’s take one more. And then I want to give each speaker a chance to just quickly wrap their talk up as well. I think that would be great. So one more, and then we’ll just kind of go through closing thoughts.

Cryptopi@n 57:12
Can I ask a question?

Anchor Protocol 57:14
Yeah, go ahead.

Cryptopi@n 57:15
Okay. My question is, actually, if one of the Anchor persons would reach out to me? Because I’m actually right now building a product, where I would like to include Anchor in.

bitN8 57:29
So just to be clear, Anchor is a completely decentralized protocol. So TFL has developers that work on it, but for any kind of integration and things like that, it’s great to post something on the forum there to have it talked about and pollinated open in the community.

Cryptopi@n 57:47
Okay. So that would be the approach to take that.

bitN8 57:51
Yeah, correct.

Cryptopi@n 57:52
Okay. Thank you for that. Thank you.

bitN8 57:55
You’re welcome. Cool. Well, I think that kind of wraps it up. If anyone has closing thoughts, we’ll kind of give you a chance to go, maybe start with Albert, work to Stefan, Aperture, and Code4rena to kind of wrap the call up?

Anchor Protocol 58:10
Yeah, sure. I was just thinking back, I actually knew the Anchor people, the guys from Korea, even before they joined Terraform Labs, and it was actually just around two years ago, this time. And it is pretty astounding how quickly this has become one of the biggest, like 12 billion UST assets under management, yeah, protocols, it’s so quickly. And I guess, it’s really exciting to be working with you guys, on integrating with Injective. And yeah, looking forward to how this will look like in a multi-chain world.

bitN8 58:44
Yeah, me too, it’s really exciting. It gets really exciting, doesn’t it? I’m happy to have you on board, both with Anchor and doing the security for Code4rena. Stefan, thoughts? Closing thoughts?

Stefan Beyer 58:57
Yeah, so closeing thoughts would just be to remind protocols and Anchor is of course very aware of this, that what you’re building is a financial critical software. So that has to be treated as such. And that means… And this is a message to all the users out there, that things have to move slightly slower than in other parts of software development. So please be patient and if you want this to grow quickly, but it also needs to grow securely.

bitN8 59:36
Yeah, absolutely, absolutely. Aperture guys and causing thoughts?

Lian Zhu 59:42
We would like to thank everybody for this wonderful conversation. At Aperture, we are trying to build this DeFi investment ecosystem with built in bridge solutions. So security is naturally on the top of our mind. We look forward to further collaborating with security audit firms to make sure we develop a way to deliver a secure product for users? Thank you.

bitN8 1:00:04
Thanks, guys. And Ellie, Code4rena, I think it’d be great to wrap up and let the community know how they can get involved in this upcoming audit that’s going to happen on the 24th.

CloudEllie 1:00:17
Well, thank you for setting me up so nicely for that, because I felt like… I was like, “Well, I can’t really close on any other note than to say…” We’re one week away from this contest starting at Code4rena. So it’s going to be a two week contest, so 14 days. That’s Code4rena’s version of taking it really slow, Stefan. [chuckle] A two week contest is a longer contest for us. So lots of time for researchers to get in there and really dig in. The prize pool is a nice and healthy 170,000 UST. We’re super excited to have you on board. And we’ve already been hearing a lot of hype among our ward and community, that’s what we call our security researchers. And yeah, we welcome anyone who wants to try their hand and participate in the contest. So it’s a very low barrier to entry, just come in, raise your hand. Come to our website, you’ll find all the docs for how to register and participate in the competition. So sign on up, tell your friends.

bitN8 1:01:26
Super excited…

CloudEllie 1:01:28
This was awesome, by the way. Sorry. I’ll just add on the side, I just want to say thanks to all the other speakers. This was just such a great conversation and I learned a lot. And I appreciate you all having me.

bitN8 1:01:38
Thanks. Yeah. Thanks, everybody. This has been great. And yeah, for the upcoming audit, anyone. As we talked about security right now, maybe this is your chance to get involved. So head over there, try to check it out, see how you can get involved. We look forward to having you there. And yeah, thanks everyone for having a great conversation and look forward to our upcoming AMA. Next week we’re going to be talking about Terra tokenomics, some interesting stuff that’ll come out of that one.

Finn 1:02:08
Thanks for checking out another episode of The Ether. That was the Anchor Security Focused AMA with Oak, Aperture, Code4rena, and Injective. Recorded on Thursday, February 17th 2022. This episode of The Ether was brought to you by Talis. Talis Protocol is the NFT platform for independent artists on Terra. Talis helps to provide artists with the tools and resources needed to transition from traditional arts into the NFT world. With their V1 launch coming soon, Talis will be the place to see real world art reflected on Terra. Be sure to join their Telegram and follow Talis on Twitter for updates on their roadmap, validator, and other Talis news. Find your next favorite artist on This episode of The Ether is also brought to you by Orbital Command, a community validator on Terra dedicated to educating, expanding, and promoting the LUNAtic community. Follow Orbital Command on Twitter using the link in the show notes to receive regular threads on Terra protocols and yield strategies, news, resources, and Twitter Space discussions. You can also support their community efforts by considering them next time you’re delegating or re-delegating your LUNA. Find out more at TerraSpaces appreciates the support from all our sponsors. For, I’m Finn. Thanks for listening.