Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Episode 10 - rootrescue
181 Plays1 month ago
riptide and rootrescue discuss his $400,000 bounty find on Enzyme, how out-of-scope assets can land you monster bugs, relayers and forwarders, why to look at deployment scripts, how Army training translates to being a cracked bug hunter, a fat juicy ALPHA DROP, and how to check the chain using your own archive node w/ semgrep, and much, much more ...
Recommended
Transcript
Introduction and Invitation
00:00:07
riptide
welcome to bounty hunters we are here with root rescue what's up my man
00:00:14
rootsiestootsies
Hey, glad to be here. I was totally surprised by your message to ask me to come here.
00:00:19
riptide
you You shouldn't be. You shouldn't be. So Root Rescue, I'm going to start doing a proper intro on people. Root Rescue, this this kind sir agreed to come on the podcast.
Enzyme Finance Bug Discovery
00:00:29
riptide
Top 50 Immune Fi bug hunter.
00:00:32
riptide
Even though I think you have, is it two crits under your belt or was it just the one big one?
00:00:38
rootsiestootsies
Well, ah the other one is from Audit Competition, so yeah.
00:00:41
riptide
Okay, cool. No, still valid, man. But the the point is you got a major crit and you don't get that just by chance. you You have to dive deep. You have to do a lot of research, a lot of time into these things.
00:00:55
riptide
And so I think you're ah you're an absolute valid guest for the podcast. And also ah the scope of your bug, which was ah Enzyme Finance, if everyone's everyone heard of this before,
00:01:09
riptide
I'm actually familiar with with ah kind of the bug details because it deals with gas station network, relayers, forwarders, all
Root Rescue's Background and Career Path
00:01:19
riptide
that kind of stuff. So if anyone's looked at that, check out his enzyme write up.
00:01:24
riptide
I think ImmuneFi did, right?
00:01:25
rootsiestootsies
Yeah, Immunify did, and actually Zero Axe Cage did another one on that one.
00:01:26
riptide
Or did you? Yeah. Yeah.
00:01:31
rootsiestootsies
So there's two public write-ups at them at the moment.
00:01:31
riptide
Yeah.
00:01:34
riptide
Yeah, so I think it's a really great topic, and I think it's something that a lot of people overlook. But um yeah, real quick, though, kind of your background, anything you want to share, like how you... I'm always curious how people get get into bug hunting.
00:01:50
rootsiestootsies
Okay, so ah like I said, I actually have listened to your podcast quite a bit, so I know something about your background, and I think we share some commonalities here and there.
00:02:03
riptide
Like what?
00:02:03
rootsiestootsies
So, ah hello yeah, most likely we were both born in the 80s, so before the internet.
00:02:03
riptide
Tell me.
00:02:08
riptide
There we go. There we go.
00:02:10
rootsiestootsies
Yeah, so all this, like, ah script kiddie hacking during middle school and whatnot, that that was on the on the menu. And after that, I didn't really want to go to high school, so I decided that I'm going to try my stuff on the electronic part and went to vocational school for electronics and or all all the way hacked through it.
00:02:34
rootsiestootsies
Always been tinkering with the computer stuff and all that, and we didn't really have anything else to go on with that. But after the school, you know what? Joined the army.
00:02:45
riptide
Oh, which one can you disclose?
00:02:48
rootsiestootsies
Well, let's just say the time in the
00:02:50
riptide
Spets not.
00:02:52
rootsiestootsies
Oh, no. I'm in the in the nordic Nordic part of Europe, so we have this this thing called mandatory service, but that didn't fulfill my appetite, so I stayed stayed over there for some years.
00:02:55
riptide
Okay. All right.
00:03:06
riptide
Nice.
00:03:07
rootsiestootsies
Yes, so.
00:03:07
riptide
Nice. What was your specialty?
00:03:10
rootsiestootsies
Well, I've been a bit there and here, but I was, of course, in signals, so I'm your camo guy.
00:03:16
riptide
Uh huh. Mm hmm. Nice.
00:03:18
rootsiestootsies
Yeah. No surprise if you study electronics before you join, you're going to get what you but you get. So no.
00:03:25
riptide
Never know when you need to use Morse code as well.
00:03:28
rootsiestootsies
Yeah. But I was lucky enough to get to join pretty cool units along the way. So that's fun. Fun also. But after the army gig, my 10GF studied.
00:03:43
rootsiestootsies
Studied and I was thinking about what but what am I going to do with my life? So I ended up in a college for software engineering. I did some security jobs on the on the side, like club bouncing and like security guarding and whatnot.
00:04:00
rootsiestootsies
And from there, i was ah getting my real like first real job, which was software engineering for for enterprise software. I was writing a Java.
00:04:11
riptide
waits Wait, so you were you were doing digital security and then outside of that, you were doing physical security, bouncing at clubs?
00:04:19
rootsiestootsies
Yeah, that this was before before the cybersecurity stuff.
00:04:22
riptide
Okay, cool.
00:04:24
rootsiestootsies
Yeah. It wasn't too bad to get a job as a bouncer when you had some years in the army. It was like no-brainer.
00:04:33
riptide
Yeah, most bug hunters, I wouldn't see them being a bouncer at a club when when I meet these guys in person.
00:04:33
rootsiestootsies
And you have to...
00:04:37
rootsiestootsies
Yeah.
00:04:39
riptide
Most don't fit the the stereotype.
00:04:40
rootsiestootsies
Yeah.
00:04:42
rootsiestootsies
Yeah. Me neither anymore. But back 15 years maybe, yeah, but not anymore. Yeah, but anyway so anyways, that's not like the short story.
00:04:56
rootsiestootsies
After I got the first job after the college as like Java developer, I was bored to hell, you know. I was doing some enterprise stuff that had like a lifespan of 10 years or 20 years or something, just fixing tickets, doing this all like regular coating coding stuff and I was bored.
00:05:16
rootsiestootsies
And then one of my former former army mates called me and said, hey, I got a gig for you do you have you. Have you heard about red teaming? And I was like, fuck yeah. That's like the ultimate goal for everyone who's interested in the security side.
00:05:33
rootsiestootsies
So I got recruited by this cybersecurity company that mostly does like a web application pen testing and whatnot, but
00:05:42
riptide
Oh, cool.
00:05:42
rootsiestootsies
I was really privileged to get into a team that actually did all the fun stuff also.
00:05:49
riptide
Okay. and was this Was this global work?
00:05:50
rootsiestootsies
Yeah.
00:05:52
riptide
The pen testing?
00:05:52
rootsiestootsies
ah Mostly domestic, yeah.
00:05:55
riptide
Okay.
00:05:55
rootsiestootsies
There were some some gigs abroad, but mostly over the wires, so.
00:05:59
riptide
And then what was, so what was the the crypto link? Why'd you say, hey, you know what? Did you just see some big bounties? You chased some cash. What was it all about?
Exploration of Ethereum and Vulnerability Discovery
00:06:09
rootsiestootsies
Yeah, so ah we're leaving now like 2017 or something. And I was always like you know curious about stuff, how the these things work.
00:06:20
rootsiestootsies
Always we hacking all all that all the things. And it was ah right about the time for the Ethereum to kick off. So you know I like this idea of passive income.
00:06:33
rootsiestootsies
And then started doing the mining rig stuff on the side. And At that time, I think I was introduced to the smart contracts.
00:06:45
rootsiestootsies
So I was thinking about that, hey, you can hack these things, and I didn't know anything about them pretty much. And then we have to skip couple years more forward, and saw this Immunify. I was doing bounties on HackerOne mostly, and I ran across Immunify, and I was thinking, well, no way, this is going to be a scam.
00:07:03
rootsiestootsies
Like, no way you are going to give out the like a million bucks for for some bug.
00:07:09
riptide
it It does look like a scam when you first see it. Yeah.
00:07:12
rootsiestootsies
Yeah. So ah anyway, I started thinking around with the smart contracts since I already had the mining rig. And after the Ethereum mining started to die down or you had to invest a lot of it in it, i run ah started to run my own node just just because, like for funsies.
00:07:29
rootsiestootsies
And then I got into the smart contracts, like, let's let's check it check it out. Like, how does this work, this thing? And for the passive income stuff, I was looking at the OpenGNS network, the gas station network, because you can run a relay. You can earn some passive income when you run a relay.
00:07:48
rootsiestootsies
That was the thing.
00:07:49
riptide
And what did your what did your financial analysis come out? Like when you looked at running a relayer, was it was it actually worth the time?
00:07:57
rootsiestootsies
No, absolutely not.
00:07:58
riptide
Okay. What would you have made? You remember?
00:08:01
rootsiestootsies
I think the whole relay system passed maybe 10 or 15 transactions. And you get like maybe 2 to 5% of the gas fees for single transaction.
00:08:14
riptide
Yeah, you get nothing.
00:08:15
rootsiestootsies
So so absolutely not.
00:08:16
riptide
Yeah.
00:08:20
riptide
i think and I think GSN, i mean it's it's still out there. right i you i I pulled up the contracts because it's a thing. like I think it was was a cool idea. and and Obviously, things just things pop up in the blockchain and then they go to die in the blockchain too.
00:08:37
riptide
and Then some that are dead never die. and they just keep going on these ancient versions and some contract over there is still still using it but uh i mean so enzyme was using that and so you so you're looking at gsn to make money and then suddenly you you i guess you're browsing the blockchain then you found this contract and then you linked it to immunify or you went through immunify first
00:09:05
rootsiestootsies
So basically how it happened, i was playing around with this idea of of passive income. And also at the same time, I was playing around with the bounties for smart contracts. And I was just browsing around Immunify and I ran across the enzyme.
00:09:21
rootsiestootsies
I checked the code base for a brief moment and just ditch it because it's actually pretty pretty good code code base. And then I started tinkering with the OpenGNS. And after I noticed that, hey, there could be oversights that the developers might do when they implement this thing, I went through all the bounties on Immunify and checked who has implemented this thing.
00:09:45
rootsiestootsies
And I remember that, hey, Enzyme has this thing on. Let's check them if they have this like ah vulnerability or the oversight on their code. And well, that happened to be true sure in this case.
00:09:59
riptide
And when you say vulnerability, you're talking about they they decided not to check if it was a trusted forwarder, right?
00:10:06
rootsiestootsies
Yeah, yeah. And that's an oversight. The documentation actually says that, hey, this whole purpose of this verifying contract is to check that the caller is privileged to do the action that they are doing on the transaction.
00:10:18
rootsiestootsies
But for some reason, it was probably easy to miss miss or implement or but whatever the reason is. I don't know. But yeah.
00:10:27
riptide
Now, what about audits, though? Did audits... Was this in scope for their audits?
00:10:32
rootsiestootsies
Yeah, it was. It was.
00:10:33
riptide
It was in scope. And they missed that. I would think that this would be out of scope because they black boxed it. Oh, we don't look at GSN. We're not going to look at any external forward or blah, blah, blah, blah. blah But you say they did.
00:10:46
riptide
And they missed this one.
00:10:47
rootsiestootsies
Yeah, i I hope I'm not just lying up for you. I can check it out, but I'm pretty certain that it it was in scope.
00:10:55
riptide
Ah. Dude, this, this is a, that was a really good find. This is a good vector that I'd like to put out there for new guys check out and experienced guys too. It's like, and, and I mean, you say they checked it and they missed it. That's, that's cool too. But this is something that's like, cause I found a critical related to and I still can't disclose that it was, it's forwarder relays involves GSN.
00:11:22
riptide
And like this is a tightly audited protocol and none of this was in scope. And so it just, it just wasn't looked at. And this is, this is the problem with audits. And this is a problem with developer teams. They go out and get their audits and then they have their crowd audits, whatever, but they have their scope.
00:11:41
riptide
They have their, they gotta have their scope. And we don't care about the scope. We just you know we just just want to find the bug.
00:11:45
rootsiestootsies
Yeah.
00:11:48
riptide
And so we look outside. We're like, well, what's touching this contract? you build your chain of contracts. And you're like, well, what is this thing? so yeah Anyone could be a forwarder. you know Things like this.
00:11:59
riptide
Look at forwarders. Look at relays. Look at things like that and see what kind of vectors you can open up.
00:12:07
rootsiestootsies
Yeah, exactly. And to the Enzyme team and any auditor who has ever worked with the GSN, I must say that the system is so complex. So this kind of oversight.
00:12:16
riptide
which is great.
00:12:17
rootsiestootsies
Yeah.
00:12:18
riptide
yeah It's great. Yeah.
00:12:20
rootsiestootsies
So you cannot really blame any auditors who have probably maybe missed this thing because it's so complex, the whole system.
00:12:20
riptide
There,
00:12:27
riptide
Yeah, no one's going to catch everything.
00:12:29
rootsiestootsies
Yeah, exactly.
00:12:29
riptide
no one's good i I can't say any more about that because I'm i'm actually working on ah
Proxy Hijacking and Smart Contract Risks
00:12:36
riptide
a bug in one of these things. But yeah, it's it's an area to check out. That's what I will say to everyone, most definitely.
00:12:43
riptide
And then, okay, so I want to talk about this other thing because i went to your your page and you also had something very cool, which was this proxy hijacking. Do you want to talk about that at a high level?
00:12:55
rootsiestootsies
Oh, yeah, sure. ah First of all, I must um apologize because it was written in haste, so it could be as an article, it could be a way better. But I hope it highlights something that is also missing from the scene at the moment.
00:13:10
rootsiestootsies
And these ah systems like smart contracts, they don't live in isolation. So every time you have this like complex system that's going on chain, someone has to deploy it and someone has to use some kind of script or another tool to deploy the actual contract.
00:13:29
rootsiestootsies
And in my opinion, ah I think these deployments and any other components that run with daily operations can be used as an at attack vector for hackers to take advantage of.
00:13:44
rootsiestootsies
And this proxy hijacking is one of those. So it's based on this ah pretty old oh Open Zeppelin proxy initialization bug. You probably know about this.
00:13:55
rootsiestootsies
It was the one that was used with the wormhole bug bounty.
00:13:58
riptide
Mm-hmm.
00:14:00
rootsiestootsies
And after that, Open Zeppelin had this statement that, hey, remember remember to initialize your implement implementation contracts. But what's missing on the on the documentation on that part is that if you deploy a proxy contract with a separate transaction, then what's going to initialize the implementation or the proxy contract, it leaves a gap from the deployment script of about two to three transactions or blocks.
00:14:32
rootsiestootsies
I mean, two to three blocks of time for the attacker to take advantage of the deployment and actually front run the initialization of the proxy. And if they do this, they can do pretty much anything on the contract because they can upgrade upgrade the proxy to any contract they want.
00:14:50
rootsiestootsies
And with this upgraded proxy implementation, they can manipulate the storage slots or introduce backdoors or do pretty much anything they want with the contract. But this, ah like you said, it's an issue of scoping and absolutely no bug bounty programs or audit competition is going to have this one in scope.
00:15:10
riptide
No one, no one looks at it.
00:15:13
rootsiestootsies
I was lucky lucky enough to find one program that accepted this as a bounty. So I did get paid for it. So that's a good thing.
00:15:20
riptide
That that's so cool. I could tell you, i can count on one hand how many people I've talked to when they look at bugs, they look at deployment scripts. It's not many and audit firms.
00:15:29
rootsiestootsies
Yeah.
00:15:31
riptide
I think that's, I think it may be a little more common. Some shops do it, but I just, I don't see that either. And the cool thing is it's not just this proxy hijacking vector that you looked at. its It's these things sometimes are sequential and they're not atomic. You can front run.
00:15:47
riptide
So if if you got a guy who's stalking your code, he sees your scripts and watches your deployment address. Hey man, you know, he could front run something and fuck something up. Like you gotta be careful.
00:16:00
rootsiestootsies
Yeah, and the minimum mean impact is that it is going to fuck up your like this deployment scripts, so you have to deploy it again. But if you don't catch it, if you don't have the money monitoring capability to actually catch this kind of attack, it's going to be pretty bad.
00:16:15
riptide
Yeah. And you can't, you just cannot, you can't leave that hanging. No way. This is a totally valid bug, man.
00:16:21
rootsiestootsies
Yeah.
00:16:22
riptide
It's a great, that's a great area to look at deployment scripts. And that's another area where not a lot of people are looking to.
00:16:30
rootsiestootsies
Yeah, just unfortunate that these are mostly out of scope for all that, like, in financial sense, like on the monetary side. They're deemed out of scope, so I don't know.
00:16:39
riptide
Yeah.
00:16:42
riptide
i I think legit teams would pay you out though on it in scope, out of scope, whatever, unless you're in a massive bear market.
00:16:53
riptide
ah ah Dude, I've, I've heard this recently in the, in the discord ah is that people were like, it's fucking hard, man, to get paid out in bear
00:16:53
rootsiestootsies
yeah i don't know.
Substack Promotion and Skill Development
00:17:02
riptide
markets.
00:17:02
riptide
People are just, this is the last thing you want to do is pay out big ass bounties.
00:17:07
rootsiestootsies
Yeah. Well, let's hope about we we are not going into another bear market at the moment.
00:17:13
riptide
Oh God, who knows, man. Hey, this is a good time to, I got to share. Okay. So since the last episode, I can't remember. um I did set up a sub stack.
00:17:24
riptide
So if you enjoy the podcast, we have no advertisements here. ah The sub stack, if you want to join and and join a paid subscription, that'd be awesome. But yeah, On the first issue, i i discussed a couple live bugs.
00:17:40
riptide
One is a possible live bug was with ah RLP reader, the library, and then a live bug in reserve protocol that hopefully you can take that and amplify it to something bigger. um So that that's the idea with the substack is like to go in depth on some bugs that I'm finding on chain and give you like live leads where you can say, hey, I'm going to look at this and I'm going put my eyes on it. And, you know, like we know, one guy doesn't see all the bugs. So maybe you'll see something.
00:18:10
riptide
better than I saw it. So I want to just share, um you know join the discord and in there, there's a link for a little discount on the sub stack if you're, if you're so inclined.
00:18:20
riptide
So that would be awesome.
00:18:21
rootsiestootsies
Yeah, sure.
00:18:22
riptide
Yeah.
00:18:23
rootsiestootsies
Sure.
00:18:23
riptide
um Oh, I also want to ask you, man. So I saw that you did a, you did a CTF with remedy, I think a while back.
00:18:32
rootsiestootsies
Yeah, in February or January.
00:18:34
riptide
What would you think? Like, do you think that's, you think it's a good way to spend your time? Like, why, why'd you do it? I gotta ask.
00:18:42
rootsiestootsies
ah Basically, i do one CTF a year. That's my goal. And this time I was specifically asked to join for for the Remedy. And it was actually, it was really good CTF.
00:18:53
rootsiestootsies
Like the actual competition, it was really solid. It has interesting interesting challenges and it was really solid as a CTF. So no regrets on that one. But yeah, I tried to do one, at least one CTF a year just to,
00:19:08
riptide
Or why? like what do you What do you get out of it?
00:19:11
rootsiestootsies
you get to see something that's happening on the industry. It's most mostly the case ah if if the CTF is good. Of course, if if it's like ah not recent or it plays around with all the old bugs, it's not going to work for that instance.
00:19:29
rootsiestootsies
But you get to spend some time with hacking. So what's there more to say?
00:19:36
riptide
Yeah, that's true. I just look at it and I'm like, man, that's a lot. But I mean, once a year, i mean, that does sound good because it does seem enticing. It does seem pretty cool.
00:19:46
rootsiestootsies
Yeah, it doesn't like ah they take away your whole life when you do it for one weekend. It's okay. And you get to like hack on things that you know are hackable, like compared to bug boundaries that you never know if you find anything or not.
00:19:58
riptide
Mm-hmm.
00:20:02
riptide
Yeah, that's right.
00:20:02
rootsiestootsies
When you do a CTF, you always know that there is going to be a some kind of resolution to this this challenge.
00:20:09
rootsiestootsies
It's going to break one way or another. So it's a different kind of hacking. And it really opens up your mind also that but what can be done in sense.
00:20:09
riptide
ah
00:20:20
riptide
Yeah, as long as it's a good one, like you said.
00:20:21
rootsiestootsies
Yeah, there are pretty bad ones also, but I must say the Remedy one was actually pretty good.
00:20:23
riptide
what
00:20:28
riptide
Now, Remedy, those is that a Hexans thing, Remedy?
00:20:33
rootsiestootsies
Yeah, I think so.
00:20:33
riptide
are they Okay, did have you tried Glider?
00:20:37
rootsiestootsies
No, I have not. And I've been whipping myself for not joining the waitlist for that.
00:20:44
riptide
ah Yeah. Yeah. I want to get other people's takes on this because i play with it every now and then, but I haven't found anything.
Tools and Techniques for Bug Hunting
00:20:52
riptide
i mean, I know it's kind of front run by, by the Hexans team, which it should be.
00:20:56
riptide
They should be doing all the work, all the bug finding on it, but you know, you could do your own patterns, this and that, I think. And for those that don't know, gliders kind of like this, uh, it's basically like a python-esque search for the blockchain that really lets you dive down ah deep into a very specific instruction set for your for your search. So if you want to look for certain patterns in Solidity,
00:21:24
riptide
and where they occur live on the blockchain, you could do that with with Glider. You just need to learn the syntax and everything. Maybe they have a GPT bot up for it, which would be pretty cool. But it's a cool tool, man.
00:21:36
riptide
But it's not it's not like automatic automatic criticals. You know, it's still nothing is.
00:21:41
rootsiestootsies
Yeah.
00:21:42
riptide
I mean, it still takes work.
00:21:45
rootsiestootsies
Yeah, I don't think it's like a, yeah, not a silver bullet, but pretty cool.
00:21:45
riptide
But yeah, definitely something to look into.
00:21:50
riptide
Nothing is, man.
00:21:50
rootsiestootsies
the Yeah.
00:21:51
riptide
Yeah, nothing is. it Like LLMs were the biggest like, oh yeah, this is the silver bullet. Fuck no.
00:21:56
rootsiestootsies
Not yet, at least, yeah. Yeah.
00:21:59
riptide
No, my God, man. Like I i don't even want to talk about it. Are you using any LLMs for any um like to get ideas or to refine tests or anything cool?
00:22:10
rootsiestootsies
Yeah, actually, I run my own um local l LAMA 3.1 mostly on the new DeepSeq.
00:22:17
riptide
Which DeepSeek model?
00:22:18
rootsiestootsies
ah It's the 8B and 14B, so it's the like the distilled ones that you can run at home.
00:22:26
riptide
And it's, I have, I have a couple, have a couple.
00:22:26
rootsiestootsies
So the R1.
00:22:29
riptide
It's like Quinn or something was the last one I tried. I can't remember which, which model I was looking at. One of the deep seek ones.
00:22:34
rootsiestootsies
ah Yeah, for the Deep Seek, I think the 14B is made with the Gwen, and the 8B is made with the Lama from Meta.
00:22:45
riptide
And what are you using it for with regard to hunting?
00:22:48
rootsiestootsies
You can make absolutely banger boilerplate code for the POCs.
00:22:54
riptide
Yeah. Yeah.
00:22:55
rootsiestootsies
So that's like, it saves saves you so much time.
00:22:56
riptide
Agreed. So much time. That was my most hated thing about it. You find a bug and you're like, fuck, I got rid of POC and it just took so goddamn long.
00:23:09
rootsiestootsies
Yeah, it's way easier to modify someone some existing code than try to build it up from there from the base.
00:23:17
riptide
Absolutely.
00:23:17
rootsiestootsies
It's so much easier.
00:23:18
riptide
Well, I started, like when I found out about Tenderly, I really got kind of lazy with my POCs because before that I was doing hard hat and I would just, you know, code up a new POC for everything I wanted to test.
00:23:30
riptide
Even just one change of a little variable, something like that. And then Tenderly came out and it made Sims just so much easier just to test basic things. And just to see the trace was so much better using a GUI than then fucking hard hatting it.
00:23:47
rootsiestootsies
Yeah, I feel you. I actually wrote the enzyme POC code in hard hat also. That was because of the team.
00:23:53
riptide
Hell yeah. yeah
00:23:54
rootsiestootsies
They had their own test suite in hard hat. So
00:23:59
riptide
They're out there. They're still out there.
00:24:01
rootsiestootsies
yeah.
00:24:02
riptide
But now I just saw they dropped hard hat three, which I don't know.
00:24:06
rootsiestootsies
Yeah, I haven't.
00:24:06
riptide
I know.
00:24:07
rootsiestootsies
I haven't looked at it. No, not yet.
00:24:09
riptide
Well, Foundry's so good. I mean, I don't know why I'd kind of go back, but, you know, maybe it's... so It's good to know both, though, man, because I've talked to a bug hunter in person, and he was like, hardhat?
00:24:21
riptide
I don't even look at those code bases. He doesn't look at those bounties.
00:24:24
rootsiestootsies
ah
00:24:24
riptide
So, you know, it's it's not...
00:24:26
rootsiestootsies
It's not that bad, like I must say. It's not horrible, <unk> it's doable. But I must say that the tools from Paradigm, they're actually top-notch, all of them.
00:24:37
riptide
They're amazing. The biggest gripe about a hard hat is you get out of memory errors, even on a ah massive machine when you're doing some crazy tests. And with Foundry, I've never gotten any problems.
00:24:48
rootsiestootsies
Yeah, I feel you.
00:24:50
riptide
Yeah, yeah, totally different. And so are you are you just doing bounties or are you doing contests as well? Because I saw you you did one contest with ImmuneFi, but are you doing any you know any bigger ones like Cantina these other platforms?
00:25:06
rootsiestootsies
I have tipped my toe in the waters, but no, not really. I have my own company now since I got the enzyme bug bounty. So I quit my job, made my own own gig.
00:25:15
riptide
Hell yeah.
00:25:19
rootsiestootsies
So basically what I'm doing, I'm doing hourly build web application pen testing for a living. That's like where my money comes from. And the bounties is just ah like a side gig.
Economic Freedom through Bug Hunting
00:25:29
rootsiestootsies
Whenever I don't have like a customer gig going on, I do bounties and just hack things.
00:25:36
riptide
I'm so glad to hear that. you You gave yourself economic freedom and now you're doing what you love and then do what you love on the side.
00:25:45
rootsiestootsies
Yeah, exactly. how ah Hack all the things.
00:25:48
rootsiestootsies
That's the mantra.
00:25:48
riptide
This is the power of crypto.
00:25:50
rootsiestootsies
Yeah, I was actually talking about with ah immun if ah ah Immunify guys with this about this ah getting ah ahead of the curve with getting one payout that can change your life. So it's pretty amazing.
00:26:04
riptide
Yeah, it's it's like your' everyone wants to win the lottery. But the chances are so slim. But with bug hunting, it's different because you can actually put in the hours. You can crank those odds down, I believe, massively.
00:26:19
riptide
Maybe not for ah million, two million, these super crazy bounties. But if you can get a bounty for six figures, in most parts of the world, you're set for a year, two years even.
00:26:31
riptide
And that gives you the freedom to do a lot of shit.
00:26:35
rootsiestootsies
Exactly. Take the jump and do what you want, not what someone else tells you.
00:26:40
riptide
Fuck yeah, man. Yeah, i I love supporting that. And I love just like in the Discord, man, on Twitter, I get messages from people saying, you know, they listen the podcast or they've heard something I've said or, and I'll like people's low findings, whatever. I love giving positive feedback because that's where it starts. You find a low and then that validates your behavior and you think, hey, man, I i could do this. Just got to keep after it.
00:27:04
riptide
And those that don't give up, I think end up being, um you know, some of the big names out there.
00:27:10
rootsiestootsies
Yeah. yeah Eventually you will get lucky if you put in the tries. That's how it goes.
00:27:16
riptide
You got to show up every day. Exactly.
00:27:18
rootsiestootsies
Yeah. But I have to say that I, for the enzyme bug, I did pay my taxes, so I'm not rich.
00:27:24
riptide
So you're you're back down to zero since you're in Northern, the Northern, European region, 100% tax.
00:27:30
rootsiestootsies
Yeah. Yeah. 200% tax and and now I'm deaf for the government. No, just joking, but yeah. they did to get their share for my education.
00:27:41
riptide
What do you do? What do you do?
00:27:42
rootsiestootsies
Yeah.
00:27:44
riptide
All right. ah Let's drop some motherfucking alpha. Alpha drop. I hope you're prepared. Root rescue. If you're not, I'm going to be very disappointed.
00:27:56
rootsiestootsies
I do have something, but I don't know if it ah satisfies your technical, like, appetize.
00:27:57
riptide
Okay.
00:28:04
riptide
Would you like to go first or would you like me to?
00:28:08
rootsiestootsies
Well, let's let's ah do it like I go first so people can disappoint themselves and then you can come and save the day.
00:28:16
riptide
All right. All right. Dr. Root Rescue. Go ahead.
00:28:19
rootsiestootsies
Okay. First, I got two two things here. I would like to advocate for some soft skills. I would like everyone to understand that their thinking is full of biases and they always will be.
00:28:33
rootsiestootsies
Like you just cannot know everything and you cannot... like get a around of your biases even if you want to. So what I would like to advocate is to everyone get someone who you can spar the ideas with.
00:28:49
rootsiestootsies
Like ah when you get the capacity of two brains, it's always going to be better than one brain because your own brain doesn't scale up infinitely. So if you get someone to challenge you and play your like devil's advocate, it's going to get you so higher.
00:29:06
rootsiestootsies
so much higher on the places that you could ever ever imagine. So get someone you trust with your life and your money. And if they understand the Web3 stuff, it's it's just a bonus. They don't even have to understand that totally.
00:29:20
rootsiestootsies
But get someone to talk to about your bugs, about your hacking, about your about your stuff.
00:29:28
riptide
is is That's a great tip, man. And that and it can't be your wife. It can't be your your best buddy because most of these people will just agree with you. Yeah.
00:29:36
rootsiestootsies
Yeah, exactly.
00:29:37
riptide
yeah
00:29:37
rootsiestootsies
You have to get someone who challenges you that will break your biases.
00:29:40
riptide
and the the Hey, the those are rare guys to find, I tell you. Most people don't want to offend and they don't want to disagree. it as In my experience, those are rare guys. I could count maybe a few guys in my life that would just call me out and I'd have to justify like whatever I just fucking yeah know was rambling about.
00:30:03
riptide
And those guys are great. You hate them, but you also think about it later and you're like, oh, fuck, man. Like he, he put me on the right path. He challenged my assumptions.
00:30:13
rootsiestootsies
That's true. Or maybe we can advocate everyone to go to the army so they can get the army buddies who tell you that you're wrong here and you're just a dipshit.
00:30:14
riptide
Yeah.
00:30:18
riptide
Hey, that's true.
Challenging Assumptions in Bug Hunting
00:30:23
rootsiestootsies
so
00:30:24
riptide
but one One thing I miss about the military and that I, you know, it's it's hard to convey on this podcast, but I like to be able to because I kind of I joke around all the time and I, you know, if I sling out some insults, I expect insults back.
00:30:41
rootsiestootsies
Yeah, exactly.
00:30:41
riptide
And a lot of a lot of people aren't like that. And i so I kind of tread lightly. But I like when I could just, you know, drop something and the guy just shoots it back and the shit hits my face. And I'm like, okay, great. You know, this this banter is kind of how I grew up.
00:30:59
rootsiestootsies
Yeah, and it will eventually make you stronger, way stronger.
00:31:02
riptide
yeah Exactly, man. But I don't want to, you know, it's it's a different crowd with bug hunting. Some guys are like that. Some guys are like, well, you know, you got to tread lightly.
00:31:11
rootsiestootsies
Yeah, but you can also do it throughout like with respect, so it doesn't have to be the army type of bashing around.
00:31:18
riptide
Yeah, absolutely.
00:31:19
rootsiestootsies
You can also have like a respectful conversation with someone, and they can disagree with you or just challenge you if they even even if they don't disagree with you.
00:31:28
riptide
Yeah.
00:31:29
rootsiestootsies
So it opens up.
00:31:29
riptide
Keep it very professional. I like that. See, we're distinguished older gentlemen here. Keep it very professional. All right. Let me drop some alpha here. This is not as cool as yours because yours is very, very broad.
00:31:42
riptide
Mine is very technical. And this is this is nothing crazy. This is just, I think all these tips are things that There's so many things to think about when you're looking for bugs. And I think just anything I drop here just gives you another thing to think about. It's not something basic where you're going to oh yeah, this and that.
00:32:04
riptide
Maybe sometimes it will be, but these are based on my observations and hopefully it's always useful. So I was looking around and I was on the Solady, Soulmate stuff by Vectorized.
00:32:17
riptide
And if you've looked through his contracts, they're very cool. he He's very talented. I met the man in person. He's exactly what you think he looks like. Total base Chad. And ah his code is very clean.
00:32:30
riptide
And he's an assembly master, the Yule master. But he does optimize. And the thing is with the and I'm not saying they're insecure, I'm saying the usage could be insecure when devs include these things like anything else.
00:32:48
riptide
Some devs don't know what they're doing. And so they choose one of these libraries and say, hey, we're going to save some gas. It's optimized. It's been audited. It's great.
00:32:59
riptide
But they also remove certain protections that the same solidity versions have of those libraries. And if you look closely, you'll see just silly things, you know, zero checks, overflow, just different things that...
00:33:14
riptide
are optimized out. And so the integration, look at the integration, look at those projects that are using these libraries and say, hey did they know that, you know, when you do this with the library, it doesn't have this protection that the OZ version might have.
00:33:30
riptide
So something cool I've noticed, I haven't found the exploit case for it, uh, with some protocol, but you know, it's in your notes and yeah, maybe you see some about it.
00:33:41
rootsiestootsies
That's actually really great. like ah That's really good ah tip to give to anyone who is getting getting on board. Check the integrations.
00:33:51
rootsiestootsies
You can find all kinds of like ah crazy stuff.
00:33:52
riptide
always.
00:33:56
riptide
I think the theme of this podcast is integrations, really.
00:33:56
rootsiestootsies
they Yeah, could be.
00:34:01
riptide
Yeah, this is is all about integrations. People don't look at it. Looking where people don't look. That is the key. So what about your method? like do you I was talking to somebody yesterday. um I won't name him, but he said, hey, I'm bored looking for bugs with the bounties, my usual tactics. What do I do? And I said, dude, pull up that block explorer, close your eyes, pick a block, dive in.
00:34:27
riptide
you ever do that?
00:34:28
rootsiestootsies
Yeah, I have. And I have actually found a bug also with that kind of system.
00:34:33
rootsiestootsies
Too bad there
00:34:34
riptide
It's a good system.
00:34:35
riptide
It's a good fucking system.
00:34:36
rootsiestootsies
yeah too bad that for that bug. It was actually for a project that Rackpolled, so it never got like published or whatever.
00:34:45
riptide
Do you remember the name?
00:34:46
rootsiestootsies
ah It was years ago.
00:34:48
riptide
Okay. Classic years ago.
00:34:50
rootsiestootsies
I might have seen it somewhere in the in the notes, but yeah. It was this NFT project that They were a ton of those in, I think, 2021 or something.
00:35:01
riptide
Mm-hmm.
00:35:02
rootsiestootsies
And it was on the BSC, on the Binance chain.
00:35:05
riptide
Oh, yeah you're not getting paid. No way.
00:35:07
rootsiestootsies
Yeah, no way.
00:35:08
riptide
Yeah.
00:35:08
rootsiestootsies
And actually, that yeah, the project actually did Ragpull after that.
00:35:09
riptide
Guaranteed.
00:35:11
rootsiestootsies
So yeah.
00:35:12
riptide
a Classic. That's good. Yeah. If you find the bug, they they just want to close you down because that's the bug they're going to rug pull with.
00:35:20
rootsiestootsies
Yeah, probably.
00:35:21
riptide
Yeah.
00:35:21
rootsiestootsies
Probably.
00:35:24
riptide
Yeah.
00:35:24
rootsiestootsies
Yeah, but I have done that. But also ah for the Like, um oh yeah, you were asking about the methods of hunting.
00:35:32
riptide
Mm-hmm.
00:35:33
rootsiestootsies
So how could I phrase this? Like most of the time when I do some bug bounty stuff, I try to identify a bug.
00:35:44
rootsiestootsies
And when I do, I try to multiply it So scaling horizontally is that is the thing I do.
00:35:52
rootsiestootsies
And next thing you are going to ask how you do it. So basically I'm running my own archive node for Ethereum. So I have like this unrestricted access to the RPC server.
00:36:05
rootsiestootsies
And also I do have access to the actual database files for the Ethereum. And with those, and you have this Sourcify.dev.
00:36:15
rootsiestootsies
Have you heard about it?
00:36:17
riptide
Say it again. Sources by.
00:36:18
rootsiestootsies
Sourcify. Sourcify, yeah.
00:36:21
riptide
sourceify. ah Maybe refresh my memory.
00:36:24
rootsiestootsies
It's a collection of Ethereum contracts that has been published.
00:36:28
riptide
Oh, yeah, yeah. Okay.
00:36:31
rootsiestootsies
So they have this ah huge collection of of contracts that has been like ah verified on etherscan and whatnot. So when you have these tools, so you have an access to ArchiveNode, so you can check contract a addresses, storages, and like traces and whatnot, and you have access to the actual source codes for these systems.
00:36:56
rootsiestootsies
You can have a tool, maybe like SEMGREP, and you can try to access the same bug horizontally. So you can try to find it in as many places as you can.
00:37:08
riptide
Mm-hmm.
00:37:08
rootsiestootsies
And then you can cross-reference that with Immunify, like bounty program pages that, hey, I found this bug from this and this and this contract, and these ah these ones of those have Immunify project ah associated with with them.
00:37:23
rootsiestootsies
And then you can can go and check that if it's a false positive or if you actually can exploit it for bounty.
00:37:30
riptide
That is a very good usage for an archive node because you can use archive nodes. So say I want to sim a transaction from two years ago. i have access to archive nodes with Tenderly or you could use Alchemy or whatever.
00:37:44
riptide
But if you're digging deep like you are and you're going to do basically a search across all that data using SimGrip, that's a very good use case. I could i could justify running that node at my house if I did that.
00:38:00
rootsiestootsies
Yeah, and it's not that thats hard, actually, if you just have the hardware to run it on. It's actually pretty trivial now.
00:38:06
riptide
What client are you using breath?
00:38:08
rootsiestootsies
Red from Paradigm.
00:38:09
riptide
Okay. And how's that been like reliability and everything.
00:38:10
rootsiestootsies
yeah
00:38:12
rootsiestootsies
I've been running it from, I think, Alpha 0.something, and it's now on the like ah release version.
00:38:22
riptide
And your, your, your note is what, like four, six gigs.
00:38:22
rootsiestootsies
And it's been really good.
00:38:25
riptide
What is hurting? Sorry. Terabytes.
00:38:28
rootsiestootsies
Yeah, something along the line. I haven't checked it like briefly, but yeah, something along the lines.
00:38:34
riptide
Okay. And how is the search working for you? Like what, but I haven't played a SEMGREP. I'm just thinking of, I'm thinking of GREP. ah SEMGREP must be some enhanced version. I have to pull it up. But how is that?
00:38:48
riptide
Like how, tell me if you want to search for a pattern, right? Like say, don't know, give me an example. You want to search for that. How do you go about it? And how successful are you at looking at the results? Is this like a,
00:39:02
riptide
Is this like it matches a thousand positives? Can you really tune it?
00:39:07
rootsiestootsies
Yes, so for sem grep, it's actually this um short term for semantic grep. So it what it does, it actually takes the syntax abstract tree from the contract and it parses it into process flow.
00:39:23
rootsiestootsies
that you can creep. So you you can instruct the same creep to, for example, I want to target every function that does not have a modifier, only only owner. And after this, or inside this function, it's going to do this kind of calculations, or it doesn't have a require statement or this kind of stuff.
00:39:44
rootsiestootsies
So it's like a normal grep on steroids for looking at code. And you can try this same grep with the Sourcify database, with the plain text contract.
00:39:56
riptide
Mm-hmm.
00:39:56
rootsiestootsies
And for the archive nodes, you can use tools, for example, Cryo, which is also from but Paradigm. to actually fetch all the storage slots for the some contract, or you can fetch all the events that has been emitted from this certain contract or any event that has ever been emitted from the Ethereum network.
00:40:20
rootsiestootsies
so yeah And when you combine these, you are going to get amazing results.
00:40:24
riptide
This is cool. ah So I use Dune for my, if i if I'm diving deep, I use Bloxy. And these are all just public free tools that I'm using. But I love this setup, man. i really need to do this. I'm on Starlink at this place.
00:40:41
riptide
But I, which is, it's I mean, it's actually pretty fast. I'm like 160 megabits per second.
00:40:46
rootsiestootsies
Yeah, not too bad. Not too bad.
00:40:47
riptide
Yeah, I mean, i should be able to run an archive node. But this is fantastic, man. I love what you're doing with this. Like this this is what I need to do is step up my game and just go all local.
00:40:58
rootsiestootsies
Yeah, that's the reason, reason actually. ah I'm not really a fan of these like software as a service kind of things, because every time you are hunting for a bug or you are doing some kind of like ah exploit proof of concept, you are going to leak something out of your system
Security Practices and Holistic Approach
00:41:14
rootsiestootsies
if you use these services.
00:41:14
riptide
Right.
00:41:16
rootsiestootsies
So if you want to keep it airtight, you have to run all this stuff locally.
00:41:21
riptide
Absolutely. No. And it's so cool too. You learn so much about it. So you, you kind of had a workflow there. So you'll like, say you look for, let's just say like, fuck, what's a good pattern, man.
00:41:36
riptide
I mean, there's so many, but I like how deep can you dial it in? Can you set, I only want to look for these contract names, like do ah just a, just a standard string search. And then within that contract, look for X, Y, and Z kind of like what gliders doing, I guess.
00:41:50
rootsiestootsies
Yeah, it's actually pretty much what Glider is doing and also what you can do with Dyn. It's pretty much the same, but it's ah like a command line tool you can run locally.
00:42:01
riptide
Did you say dine?
00:42:02
rootsiestootsies
I don't know how to pronounce it.
00:42:05
riptide
what What is that?
00:42:06
rootsiestootsies
ah You mentioned it just a moment.
00:42:07
riptide
Oh, dude, dude. Sorry. Okay, dude. Yeah.
00:42:10
rootsiestootsies
Sorry, I'm not native in English, so pronunciation can be a bit off.
00:42:12
riptide
Yeah, no, no. Good. All right. No, this is some good alpha with tools, man, because everyone's got their own suite of tools and your suite of tools I have not heard about yet.
00:42:24
rootsiestootsies
I don't know, it might be also like this ah dumpster fire that needs so much like caretaking to actually work.
00:42:24
riptide
Doing cryo, source of five and some growth.
00:42:32
rootsiestootsies
So I don't know if that's a good thing or a bad thing.
00:42:36
riptide
It's a good thing. Everyone's a hardcore technician who listens to this. I was talking to another guy who's kind of like a dev hacker dude. and And i I feel like a noob when I say, yeah, I'm on Dune. Because i I grew up you know MS-DOS, you know Linux, and I'm used to non-graphical interfaces.
00:42:59
riptide
And, but I've just become, i don't know, I'm on a fucking OS X right now. I feel like such a pussy, but I just get used to it. Right.
Physical Fitness and Mental Clarity
00:43:06
riptide
And I told him I was using Dune to find something. He's like, dude, I just, i have my own scripts.
00:43:11
riptide
I do it all local. And I felt like the biggest noob. I was like, fuck man. He just flexed on me hardcore.
00:43:18
rootsiestootsies
No, but the thing is that if you actually want to have ah some really good workflow, that's probably not going to happen when you run these old tools by yourself.
00:43:29
riptide
I don't care. That's it. I'm installing an obscure Linux distribution right now. I give a fuck about my Wi-Fi driver.
00:43:38
rootsiestootsies
Yeah, but then you have to get all black hoodies and all black ah jeans and whatnot.
00:43:42
riptide
Good. Good. That's what I want.
00:43:45
rootsiestootsies
And you cannot cannot look at the sunshine anymore.
00:43:45
riptide
All right.
00:43:47
rootsiestootsies
That's out of bounds.
00:43:47
riptide
No, no. You got to nerd it up too much, man. You got to find your trade off. That's pretty cool. So, all right. Give some advice because I have so many new guys hitting me up just starting.
00:44:00
riptide
What's the advice, man? How do they be like Root Rescue?
00:44:04
rootsiestootsies
Damn, man. I don't know. Put in the hours. That's like the green greenest of all answers. But I think. Well, let's put it this way.
00:44:16
rootsiestootsies
ah
00:44:18
rootsiestootsies
How could I say it? Like if you're obsessed about hacking and not so I'm not talking about just like a block blockchain stuff. This is ah for me also. I do a lot of hacking like outside of blockchain, obviously.
00:44:32
rootsiestootsies
But any kind of hacking hacking, it doesn't really matter what it is. It's going to div diversify your like ah skill skill set, and you're always going to learn something. So there is no like this straight path that now you are going to be this super good elite hacker that does all the things.
00:44:51
rootsiestootsies
And even if you are, you are only going to be for this very small subset of things that you can hack, you are going to know about. So... There's no short shortcuts, that's for sure.
00:45:05
rootsiestootsies
But I don't know how to say like a how you become become something.
00:45:12
riptide
I think you said Just go hard. That's it.
00:45:16
rootsiestootsies
That's cringe, man. Super cringe.
00:45:18
riptide
are Are you also staying jacked and ripped? Fellow ex-army.
00:45:25
rootsiestootsies
I must say that I hope you won't kick me out of the podcast right now. But I do a lot of cardio.
00:45:32
riptide
That's good. That's actually good.
00:45:33
rootsiestootsies
And that's because I had the privilege to be with the recon guys at one point of i time. And when you're running around the woods with the canine up your ass, you want to be in a better shape than the guy who's running with the canine.
00:45:47
riptide
That's agree. I agree. How do you feel that physical fitness helps somebody find bugs?
00:45:55
rootsiestootsies
A lot. It brings you mental clarity on many cases. It's the same thing that when you talk to someone who challenges you. I think that it's the same. It gives you some kind of like mental stimulus that you cannot go get anywhere else.
00:46:09
riptide
which Which gives you better bug finding power, two white monsters or 100 pushups?
00:46:18
rootsiestootsies
Well, as older gentlemen, we really cannot drink white monsters in those quantities anymore, so I have to go with go with the push-ups.
00:46:25
riptide
This is true.
00:46:28
rootsiestootsies
But it's going to give you a clear head, because when you're older, you're going to get some time off to do those 100 push-ups. Anyway, so...
00:46:37
riptide
I'm going to set the teaser for this episode. Is that stupid question? That's awesome. Oh, fuck. Well, hey, Root Rescue, we got anything else to to chat about here? You got anything you want to you want a vent, you want to bring up?
00:46:53
riptide
Tell us, what do you got
00:46:54
rootsiestootsies
I would like to advocate for holistic approach for security for the teams.
00:47:00
rootsiestootsies
ah overall all security. like ah I think we cited this earlier with with the scoping thing, that the deploy scripts, for example, are not in scope.
00:47:11
rootsiestootsies
But I really would like to see more this like holistic overall approach for security that if you are running, ah for example, project that has hundreds of billions of dollars in TBL or whatnot,
00:47:26
rootsiestootsies
and then you have a bug bounty program that has only contracts in in scope. That's not going to cover your like ah whole operations, you know.
00:47:35
riptide
Mm-hmm.
00:47:36
rootsiestootsies
And the North Koreans know about this. And if you're running this kind of operation and you don't trust your systems or your operations that you could allow white hats to poke them, who would trust your system?
00:47:53
rootsiestootsies
Like, why would we trust
00:47:56
riptide
Yeah, this I think we spoke about this on a different episode and on Twitter as well. it's This is a huge problem is there's so much reliance on cryptography.
00:48:10
riptide
Are the smart contracts good? Great. Next level, they'll say, okay, is our web two side good? Okay, great. And then these motherfuckers show up to a conference, the whole multisig is in a room.
00:48:23
riptide
And the TVL is in the billions. It's fucking crazy. And it's, but these these are the same mindsets. If you bring a bug up to them that you know could do this, like you know wrench attack, this and that, it's dismissed as, oh, it's not possible, this and that. It's like, dude, it's everyone's got a price that they'll do almost anything for.
00:48:46
riptide
And if that number is hit, well, you're at risk. And it's just, I completely agree with you.
00:48:53
rootsiestootsies
Yeah, exactly. So if you compare to some of these companies that are like brand names in Web3, and you compare them to some programs that are running Bounty on, let's say, HackerOne or BackRoute or these traditional platforms.
00:49:08
rootsiestootsies
Now, on the traditional platform, they might have the scope like star.domain.com. So anything that's under the domain is in scope for the BackBounty program.
00:49:20
rootsiestootsies
And I bet there is not too many of those, and for example, in on Immunify at the moment that would have their entire operation under scope of their bug bounty program.
00:49:31
riptide
Mm-hmm.
00:49:31
rootsiestootsies
And I think that's like an industry-scale problem at the moment. And then they are going to one day wake up with the really bad news that some something has happened.
00:49:43
rootsiestootsies
And I don't know, maybe they have some like ah security partners or maybe they don't have, but... I really don't have the visibility on the back scene of those, but...
00:49:56
riptide
when When they post audits, they need to show physical audits. They need to show, you know, where you can do a typical physical workspace audit. That should be done for any of these big protocols.
00:50:08
riptide
Hands down, that should be done. That should say, hey, we visited XYZ developer at his place. We check, you know, is he using his work laptop for jerking off to porn?
00:50:20
riptide
You know, like there's no rules for any of this shit. And this is how, fuck, you see this all the time. ah or Or a guy taking the fake interview link and then compromising everything.
00:50:31
riptide
Anyone who has a key on a multi-sig, you should be physically audited. Your workstation should be separate. All these things, we we don't have any transparency into that.
00:50:43
rootsiestootsies
Yeah, it's like cyber hygiene. That's the thing.
00:50:46
riptide
Yeah. How are you going to invest in these protocols as an investor? You want to bring Wall Street in this and they don't know what the, oh yeah, it's been audited. Okay. It's great. But it's like, it's upgradable.
00:50:57
riptide
And who like, who is this? Oh, a lot of this is just, it's not that great still.
00:51:04
rootsiestootsies
Yeah, exactly. So that's something I i had in mind that you could get some shout out from the from the popularity the or how to say it.
00:51:15
riptide
You could take over this whole sector, man, with your business. Hey, you want a full scope audit. You do web three, two, physical, red team, break into your house, everything.
00:51:29
rootsiestootsies
Yeah, that would be fun.
00:51:30
riptide
That would be good, man.
00:51:32
rootsiestootsies
Yeah. Oh, did I say that we are ah hiring hiring for red teamers?
00:51:39
riptide
All right, you heard it here first. You want to work with Root Rescue and go hardcore on some morning PT runs and red team? Contact this motherfucker. He's ready to rock.
00:51:52
riptide
All right, cool, man. ah If you haven't joined the Discord, join the Discord. If you haven't signed up for the Substack, go for it. I dropped some cool secrets, some good reading on there. ah But so for now, we will see you on the blockchain.