Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Episode 35 - n4nika
115 Plays5 days ago
riptide & n4nika discuss his fluency with almost every programming language on the blockchain, building your skillz via ASM and C, AI on blockchains, offloading investor risk with insurance, hack volume YoY, effectively using AI + manual review, how and why to touch grass, and much, much more ...
Recommended![Episode 19 - 0xe4669da [SPECIAL n00b EDITION] image](https://media.zencastr.com/cdn-cgi/image/width=112,quality=85/image-files/677fcded3f04b4e1c3f96cfc/1b4f61b7-5c8c-48b2-9d61-66ec9549c632.png)
Transcript
Introduction & Sponsorship
00:00:06
riptide
Welcome back to Bounty Hunters Life on the Motherfucking Blockchain. This episode is sponsored by my company, Grego AI, the number one ai security tool in Web3.
00:00:20
riptide
And I will flex that all on everyone if we drop this episode this week. Humble flex, of course. With multiple high and critical bugs found in Lido, Chainlink, ENS, and redacted.
00:00:31
riptide
Grego AI.com. Degrego.ai to secure your protocol or your entire ecosystem. Reach out or reach out to me.
Guest Introduction: Nanika
00:00:40
riptide
Our guest today is, I don't know how I say your name. Is it N and for Nika?
00:00:48
n4nika
It's Nanika. Hey man, pleasure being here.
00:00:49
riptide
Not Nonica.
00:00:51
n4nika
Thanks for having me. Absolutely.
00:00:52
riptide
Hey, thanks for joining, man.
00:00:54
n4nika
saw, yeah.
00:00:54
riptide
Very, very nice to finally have you on and very nice to finally get back on the podcast.
00:00:58
n4nika
absolutely
00:01:01
riptide
It's been a big gap between the last one, man.
00:01:03
n4nika
and so yeah
00:01:05
riptide
It's just like, you know, I'm not doing human bug hunting, man.
Transition to AI Security
00:01:09
riptide
i'm I'm doing the AI hunting and I'm running this business now and it just takes so much of my time. And I feel, you know, disconnected sometimes from like manually looking at contracts. And I got to say, I really miss it.
00:01:24
n4nika
Understandable, man. And I see you're you're killing it, huh? Like some crits, highs.
00:01:28
riptide
Oh yeah, yeah, we're gonna drop one this week.
00:01:29
n4nika
Looking great.
00:01:31
riptide
We can't give any details.
00:01:32
n4nika
Oh, yeah.
00:01:33
riptide
well You'll just see the payout amount, which is really, really big.
00:01:36
n4nika
I'm looking forward to it
00:01:37
riptide
Yeah, man, should be good stuff. But ah were you in France for the event?
Missed Events & Anecdotes
00:01:44
n4nika
Unfortunately not, no. Couldn't make it this year. But I plan on coming to the next one.
00:01:48
riptide
Because I see you did the last one, right?
00:01:51
n4nika
Yeah, was it the last can? It was yeah last year's ECC. It was pretty good.
00:01:57
riptide
Mm-hmm. Dude, that was this is my first time to con, and I tell you, man, everything was awesome, man.
00:02:01
n4nika
Oh, yeah.
00:02:03
riptide
We we were able to sponsor the Wonderland CTF.
00:02:04
n4nika
Oh, that's great.
00:02:06
riptide
I was able to compete in it with with Austrian Mafia, with Jax, Mario.
00:02:10
n4nika
I saw, yeah, killing it.
00:02:12
riptide
yeah yeah we we had uh we had the frenchman there we had zig uh that was great man what what a great time and shout out to the wonderland guys great crew and uh it just the event was was kick-ass a lot of good meetings and yeah highly recommend it yeah well you know hopefully next time it's in summer because uh that would be kick-ass yeah so are you part of the austrian mafia as well
00:02:21
n4nika
Sounds great.
00:02:27
n4nika
Yeah, I'm telling you, man, I'm so sad I missed Yeah.
00:02:34
n4nika
Absolutely.
00:02:40
n4nika
I am. i am, yeah.
00:02:41
riptide
Oh, shit.
00:02:42
n4nika
Proud member. for Proud member.
00:02:43
riptide
Oh, shit. I love it, man. These guys are just, I've never seen anyone with with the craziest diet like Mario. but So we're at the table and this guy's eating.
00:02:56
riptide
He's just eating and eating and he's just jacked. He just eats constantly. He has octopus for breakfast, steaks for dinner. I mean, this guy's, he's an Austrian beast. Love that guy.
00:03:05
n4nika
telling you the man can eat the table. It's crazy.
00:03:08
riptide
he can he can He's an animal. so ah So what about you, Matt? what What have you been up to? Last thing I think I saw from you, you found a bug. I think it was on scroll. Was that your last one?
00:03:21
n4nika
It was troll, yeah. Yeah, I've been, I'm telling you, um I've been all over the place doing some bounties, doing private work, working on some internal tooling. So whatever it comes up, I'm doing.
00:03:35
n4nika
But mostly going at it quite chill.
00:03:35
riptide
And you you've you've
Blockchain Security Challenges
00:03:37
riptide
been doing this what? A couple of years?
00:03:40
n4nika
Yeah, it's been almost two years now. Honestly, probably a little more than two years since I started. But I did less than two since I did it full time. I've been in the space for quite a bit now.
00:03:53
n4nika
But i man, it it passed so fast. Like i can't even tell you how how fast the past two years were going.
00:03:56
riptide
Right.
00:03:59
n4nika
It's crazy.
00:04:02
riptide
Yeah, i I tweeted this out today, but i got I have like, do you use tenderly at all?
00:04:09
n4nika
I don't know.
00:04:10
riptide
All right. it's It's just like you could trace through transactions, set alerts. And I've been using it. You don't realize like how the time passes, but I set an alert three years ago for this deployer address for God knows what I was looking at.
00:04:23
riptide
And it just triggered. It sent a message to my telegram today. And I'm thinking, I'm like, holy shit. Oh shit, an alert triggered. And then I look at the transaction and it's like the deployer send the ETH to another address.
00:04:38
riptide
And it hadn't done anything in three years. And I'm like, okay, what the fuck was I looking at?
00:04:44
n4nika
yeah
00:04:44
riptide
You're like, I have no fucking clue what this fucking bug or situation. So it's just like, always label your alerts. Okay. Especially if you have the three years old.
00:04:55
n4nika
That's Alpha right there, man.
00:04:57
riptide
the alpha Alpha drop, label your fucking alerts.
00:04:58
n4nika
Already, man.
00:05:00
riptide
God.
00:05:01
n4nika
Two minutes in.
00:05:03
riptide
But, you know, yeah, time flies, man. You look back, you're like, what the fuck, man? It's just, hopefully you touch grass at some point.
00:05:11
n4nika
I try to. I try to.
00:05:14
riptide
Oh, man. So I want to ask something.
Developing Blockchain Projects
00:05:16
riptide
So you had um I saw this scroll bug. I don't think you did a write-up on it. And the reason I'm asking is because we've been, like, we have a team of of SRs that we try to that we work with and and a lot of these issues with like the DLT bugs, ah I mean, sometimes half the battle is is setting up the local net to to do the Sims.
00:05:40
riptide
And I saw you had the same problems and i'm like I'm like, dude, this is the case for everybody. And I think there's a hall of fame just piece of shit projects up there that may have great tech, but the docs on setting up local net and just the intricacies of doing so where they'll take that result as like, Hey, a valid, uh, bug bounty submission. There's, there's a top few that just are the worst ones to be able to set up. And if you set them up properly, it's like legendary status.
00:06:12
n4nika
I'm telling you, it's it's terrible. Like for every single bug, I usually like when it's in blockchain DLT, every single time the setup and getting everything to work takes longer than actually finding the bug.
00:06:25
riptide
Yeah.
00:06:27
n4nika
it's It's such a pain. like Usually you you have some setup script, like it should work out of the box, but for some reason it doesn't.
Proof of Concept Importance
00:06:36
n4nika
So you just have to debug forever to somehow get a working local net and then hopefully confirm your exploit. And it's driving me nuts sometimes.
00:06:46
riptide
And usually they don't take the bug, even if if it's a simple bug. And you could just say, no, look, like literally it's right here. And it depends on the team, but I've had times where they're like, nope, build a full end-to-end.
00:06:57
n4nika
Oh yeah.
00:06:59
riptide
And you're like, fuck.
00:07:01
n4nika
Shit sucks.
00:07:01
riptide
But then I've also the time where I built the end-to-end and then the bug wasn't valid.
00:07:02
n4nika
It sucks.
00:07:06
riptide
So I see the point.
00:07:07
n4nika
Oh yeah.
00:07:09
riptide
Like I see the point.
00:07:09
n4nika
I mean, so often there's just one tiny thing you miss, and that's one of the reasons you actually have to write a PLC. I mean, it's good you have to, because it just shows you, hey, there might be some tiny detail missing that you didn't see in, like, a huge call stack of stuff you're going through, and then you just have to throw it out, but, I mean, it's part of the game.
00:07:27
riptide
Yeah, yeah. i mean I mean, they're not paying you a bunch of money for nothing. So, you know, you gotta, I mean, I...
00:07:32
n4nika
Exactly, yeah. If they pay you at all.
00:07:36
riptide
Oh, right. I know zero or one, right? I feel like sometimes we get, we get like this, um, maybe
00:07:39
n4nika
Yeah.
Rewarding Exploits
00:07:42
riptide
entitled feeling where we say, ah Hey, look, like I'm hunting for free.
00:07:46
riptide
I found the bug. Why should I have to build the full E to E look? I found the bug and you convince yourself that whatever, but it's like, dude, it's part of the job and you just need to suck it up and, and just do the work.
00:08:01
n4nika
the one part that I gotta say really sucks. I mean, it kind of sucks, the the process of building it up, but then actually getting the full exploit to work, the feeling is fucking amazing.
00:08:14
riptide
Yeah, yeah, it is. It is. i mean, that is the best, man. um I wanted to ask you about, like, I was looking at your Cantina profile and you have, and i don't know if you're using like LLMs to understand some of these, are you just like a polymath with these languages? But you have, I think, every language in in your in your bio here, like Sway.
00:08:40
riptide
No one uses Sway.
00:08:41
n4nika
Oh yeah, I know, I know.
00:08:42
riptide
Okay. Funk. You got the ton, the ton language.
00:08:46
n4nika
Oh yeah, man.
00:08:47
riptide
what What's going on here?
00:08:49
n4nika
ah
00:08:50
riptide
And then you got you got all the other go, run like everything else. So what's what's happening here?
00:08:55
n4nika
I'm telling you that's that's really coming from how I just approached my whole being in this space. It's just, I started out two years ago and back then everyone was doing solidity, right?
00:09:07
n4nika
Like everyone was doing solidity audits.
00:09:08
riptide
Mm-hmm.
00:09:09
n4nika
There were more and more auditors coming in, all the contests were solidity. And there was like one or two Rust contests. And i was like, if you're starting now, you just gotta go for some niche and just double down on on some niche things that no one else is doing.
00:09:25
riptide
Mm-hmm.
00:09:27
n4nika
I started doing that and then i it turned out pretty well. Like my first big contest was Babylon, which I won. So was like some custom Go implementation. So from there on, I just stick with it and try to do the most niche thing everywhere I could do.
00:09:45
n4nika
And that's just how I got into taking whatever language, like for this is mostly contest, whichever contest has the most abstract language and the thing that the least people do, I just went into it.
00:10:00
n4nika
So I stacked up quite ah quite a few different things there.
00:10:04
n4nika
That's been good.
00:10:04
riptide
But you were you were just coming from, like, what was your background before this?
00:10:10
n4nika
So i came from, i was studying IT. t So i was doing software development, little bit of electrical engineering.
00:10:21
n4nika
And we mostly did C, C++, plus plus assembly, and so rather low-level stuff.
00:10:28
riptide
Mm-hmm.
00:10:29
n4nika
And yeah, that was basically, I mean, C is basically the foundation for everything. So as long as you know C and you know C well and you know the concepts on the lower level, you can apply to basically any language.
00:10:38
riptide
yep
00:10:45
riptide
I've heard that same thing, that it's a great base to to build off of. Not many do it nowadays, I would say.
00:10:50
n4nika
Absolutely, yeah.
00:10:52
riptide
i don't I've never learned assembly. I've never learned c past like you know very basic kind of, I understand the structure and everything, but had wrote anything substantial at all.
00:10:55
n4nika
yeah
00:11:04
riptide
Yeah, that's to to have the assembly understanding is if like, if you look back with historical programming, I mean, that was like, if you were fluent in assembly and and then obviously see on top of that, you could build anything you want.
00:11:04
n4nika
I gotta say it's a great language.
00:11:22
n4nika
Absolutely. I mean, just looking back at all those engineers that built the things up from scratch and assembly and stuff, it's it's crazy work.
00:11:31
n4nika
Like I couldn't even imagine building the things that were built by some of the engineers there. It's quite crazy. I mean, me, myself, as a geek myself, I ah really enjoy doing the low level stuff C and then down to assembly because it's just it's super cool to do the really technical stuff.
00:11:31
riptide
Yeah.
00:11:38
riptide
Have you...
00:11:47
n4nika
But like building big things, big projects in that this must be so much work.
00:11:53
riptide
Oh, I can imagine. I've been seeing the discourse over the past few months on X about people, you know obviously younger than me, who realized like they they looked at Windows 2000 in 98 and stuff, and they were loading up Office.
00:12:10
riptide
And it it loaded immediately. and And how snappy that OS was.
00:12:13
n4nika
yeah
00:12:14
riptide
And I remember it. I i think that was peak Windows. Windows 2000 business is what I used to roll with.
00:12:17
n4nika
Yeah.
00:12:20
riptide
But I was like, yeah, I remember.
00:12:20
n4nika
Yeah,
00:12:21
riptide
It was fast as fuck. And this new Windows, like my son uses it. And it's a joke. Like everything's a joke.
00:12:28
n4nika
yeah it sucks.
00:12:29
riptide
And it's it's the whole thing. And and this is what programming has become is in these big corporations. It's just, it's complete bloatware. Everything you put on is bloatware. Download an Xbox game.
00:12:40
riptide
It's like 50 gigs. Every program is minimum a gig. for Just like, it's like the whole thing was vibe coded before vibe coded came out.
00:12:49
n4nika
Yeah, absolutely. It's yeah. I mean, back then things were optimized. It had to run the hardware, so, uh, it had to fit, like it had to run on the the little things you had and now it's just can throw anything in there you want to.
00:13:04
riptide
And we need a reversal though, because imagine what we do with this hardware now, if everything's optimized.
00:13:09
n4nika
Yeah.
00:13:11
riptide
I mean, it makes a geek salivate. Oh, fuck. Yeah.
00:13:14
n4nika
Oh, yeah.
00:13:14
n4nika
Yeah. yeah again
00:13:14
riptide
Imagine the optimization on this.
00:13:17
riptide
ah ah Dude. So, all right. So you had, let me ask you this. So when you looked at, let's see, you had two projects here, Chorus One and Mighty Bear, which were on the Ton blockchain, right?
00:13:34
n4nika
yeah yeah
00:13:35
riptide
what What is so all right, is this, because we always hear these things like, oh, this is more secure. We need this language for this. Like, what was your, if you recall, like, what was your thoughts on this? is this Is this the new language taking over everything? Is this more secure? Is this like any feedback on those?
00:13:53
n4nika
I still remember. So i think it was about a year ago when I did the first Ton Fancy audit and i was just going into it because I thought it was low competition. no one did it. And I was right at that.
00:14:08
n4nika
And I did the audit. And after that, I was like, man, I never want to see that language again.
00:14:14
riptide
Why? Mm-hmm.
00:14:15
n4nika
it's It's just... So you can understand for Fancy, it's custom built for the Ton blockchain, right? And on the blockchain, you just have completely different primitives and things are just handled completely different. Like you don't have the atomic transaction model.
00:14:35
n4nika
It's basically if you want to do CPI, you send a message from your contract, which gets sent, I think, as far as I know, asynchronously to the destination content. um contract and you don't get an immediate atomic response.
00:14:53
n4nika
So you have like a complete different model of how you interact with contracts. And there's so many caveats there and so many things you could fuck up. It's I never really got to like it.
00:15:08
riptide
are there Are there any bug class carryovers? Like is there reentrancy or overflows?
00:15:11
n4nika
So I didn't get it.
00:15:16
n4nika
I think your mic just died, Riptide.
00:15:19
riptide
Hello, you still there?
00:15:21
riptide
Oh shit, we do not have our guest. He has disappeared. He's disappeared into the TUN blockchain.
00:15:33
riptide
And now I'm sitting here talking to myself.
00:15:41
riptide
Hello, you there?
00:15:42
n4nika
Hey man, yeah.
00:15:43
riptide
Okay, dude, rural rural living with was Starlink is usually good. However, I don't know what just happened there.
00:15:51
n4nika
But I can't hear you again. Okay, now I am back. You're back.
00:15:53
riptide
Okay, oh shit, man. Okay, hopefully we're good. It says green on my end, so I think Elon turned it back on for me.
00:15:58
n4nika
Yeah, it looks good right now. ah Thank you, Elon.
00:16:02
riptide
shit I think the last the last I heard from you, we were talking about, i was asking about like any other bug classes, do they apply to ton? Like reentrancy and overflows.
00:16:14
riptide
And then you went you went dark
00:16:16
n4nika
I mean, i yeah, to a certain extent, of course you have your like your type issue, you have under overflows depending on how you configure it, but there's just a few different things that you've got to consider because you have a completely different CPI um system.
00:16:33
n4nika
And honestly, I'm not that deep into the language. At some point, I really did not want to have any more to do with it, so i kind of stopped doing audits for the language. But it's just ah the big thing is that there's new bug classes, which you have to look for. And it's just a mental model on that. It's just, I don't really like it.
00:16:58
riptide
I'm just wondering, is are there a lot of funds being secured on that blockchain?
00:17:05
n4nika
i mean, there's definitely some. i I think there's a few quite big protocols like StonFi. I don't know how big they are really. But yeah, there's definitely, okay, they got like 20 mil market cap.
00:17:21
n4nika
There's definitely quite some on there. i mean, it's the native chain for Telegram. So as far as im concerned concerned as far as I know, they handle some payments through that, but I never really looked that deep into it.
00:17:35
riptide
Here we go, ton stakers, ton, I've never even heard of these things, man.
00:17:35
n4nika
Yeah, I mean, like the yeah.
00:17:38
riptide
The world is so big, you just don't know, like, these people that are using this, this is awesome. Ton, what and what about, all right, what's this other one?
00:17:46
n4nika
I mean, there's like...
00:17:49
riptide
Sway, and this was with Redstone.
00:17:50
n4nika
Oh yeah.
00:17:52
riptide
Who else is using Sway?
00:17:52
n4nika
Sway was interesting. There were...
00:17:55
riptide
what What is that like?
00:17:56
n4nika
i don't know if you remember but there was a big attackathon last year on or not actually two years ago i think on munify which was fuel which was this yeah that's the big new l1 or i think it was l1 or l2 and their native language was sway so
00:18:06
riptide
I remember that. Was that Sway?
00:18:16
n4nika
they built the Sway language to be used on their blockchain. And it's basically a, it's similar to Rust. It's Rust based and you have some new additional primitives, but I did that one audit, that one competition and then never anything for that again.
00:18:35
riptide
Well, this was the future fuel. So let's see where are we at now. Let's fuel bridge, 12 million.
00:18:39
n4nika
Yeah. I actually be curious because I didn't hear anything of them.
00:18:44
riptide
Let's see, fuel ignition, 4 million. yeah, i'm I'm so shocked that this didn't take all the market share away from everyone.
00:18:48
n4nika
yeah what i mean they've wanted 300 million tbl at some point yeah kind of guessed
00:18:57
riptide
Oh my God. Yeah, probably incentives farming, usual. I'm shocked, absolutely shocked. What about these other ones? The other ones that I do see have staying power that you've done are some of the Bitcoin ones.
00:19:10
riptide
Like you did this one where you got, i mean, you were like 50 grand off this Citray Bitcoin application layer.
00:19:11
n4nika
yeah yeah that's
00:19:17
n4nika
Yeah, it was recent. Yeah, that's like the one thing I really focus on right now. It's just anything Bitcoin adjacent, cross-chain, and especially infrastructure for Bitcoin.
00:19:28
riptide
yeah
00:19:28
n4nika
So that, for example, was a that was last year. They built a new Bitcoin L2 and Citria was their bridge for that. was quite interesting.
00:19:40
riptide
Okay.
00:19:42
n4nika
Pretty good contest. But
00:19:45
riptide
First ZK roll up on Bitcoin, Clementine Bridge. Yeah, like, okay.
00:19:51
n4nika
Yeah, Clementine is a bridge for them, exactly.
00:19:54
riptide
Yeah, I think that's it. These ones will be around. Like it's actually, if you're to do DeFi, do it where no one's doing it. I think there's only a few, there's probably more than I think now, like the Bitcoin projects, because you have all these,
00:20:02
n4nika
Yeah.
00:20:06
n4nika
There is a few, especially...
00:20:08
riptide
Yeah, you have people owning all this Bitcoin and they obviously want yield. And I mean, i think there's plenty of demand for it.
00:20:17
n4nika
Absolutely, especially if you look at the Babylon one. So Babylon's this really big player in the bit Bitcoin field. they That was actually the first audit that ever did was the contest for Babylon, the first big one I did.
00:20:32
n4nika
And their whole premise is that you can do native staking. So you do stake your Bitcoin on Bitcoin, they never leave the chain and you can use them as collateral or a staking power on connected chains.
00:20:38
riptide
That's pretty
00:20:45
n4nika
which is quite interesting.
00:20:45
riptide
that's pretty cool
00:20:46
n4nika
It's pretty cool. And I mean, they got, as far as I know, they got like 5 billion in TVL pretty quickly. Just the everyone was going to them because first they were the first to do it. And say great, great things to do, actually, if you can just use your native Bitcoin and get some value from them.
00:21:07
riptide
Yeah, 52,000 BTC staked right now.
00:21:07
n4nika
So there's some big players there, definitely. yeah
00:21:12
riptide
Wow.
00:21:12
n4nika
But now it's like 4 billion or something.
00:21:16
riptide
And so you, they just stay on, so you must sign something on, I don't even know how this works. that That sounds interesting.
00:21:23
n4nika
Yeah, it's a completely different system. Like bit Bitcoin, that's actually very interesting.
00:21:27
riptide
Wow.
00:21:28
n4nika
Bitcoin, how it works is quite nice, the the layer on top.
00:21:33
riptide
Let's see. So they're securing over 3 billion. Active bug bounty, a half a million. Oh, yeah, definitely. Aligning the incentives there, guys.
00:21:43
n4nika
Yeah, they were at 2 mil, but they reduced it to half a mil.
00:21:46
riptide
Bear market. Yeah.
00:21:48
n4nika
yep
00:21:48
riptide
It's, well, you know, black hats, they don't work in the bear markets anyway. they get They get a little notice that comes out.
00:21:53
n4nika
Yep. Luckily, luckily.
00:21:55
riptide
Yeah.
00:21:56
n4nika
yeah
00:21:58
riptide
We'll never align incentives. I swear to God. It's just...
00:22:02
n4nika
It's impossible.
00:22:03
riptide
It's fucking impossible.
00:22:04
n4nika
Like, it's it's definitely possible to make it better, but getting to a point where you can get guaranteed to pay your Whiteheads and incentivize them enough to actually hunt on the level that Blackheads do is so hard.
00:22:18
n4nika
And we know one year that at this point.
00:22:20
riptide
Yeah. Yeah, I think we could solve that using um AI because it's just such such a time suck. It's such a huge opportunity cost for them to have a human go ahead and hunt through their all their contracts for however long it takes versus if you have a high level AI.
00:22:44
riptide
able to match that SR and can review that in matter of hours and you just, you're paying the cost of compute. Honestly, I think that's that's what we need to help secure this this ecosystem.
00:22:59
n4nika
Absolutely.
00:22:59
riptide
Because I think this this model that we have now is kind of done the one-off audits because black cats have access to all this advanced AI and something will just be uncovered. So it's like, you need like a constant security posture
00:23:14
n4nika
I think at this point you definitely need AI, like you can't go without it. But at the same point, at the same time, I think even though AI is getting better and better, you still need some level of human research as well, because you At least from my point of view, it's not exactly there yet.
00:23:33
n4nika
And what I think is the big thing that's really amazing at is really big code bases like, for example, blockchain targets. Just because the real real bottleneck here for researchers is, as far at least from my experience, is that those projects are so huge that it's almost impossible to cover all of it.
00:23:52
n4nika
And you if you have an AI that can actually cover it and reason on it in a reasonable way, in a productive way, then there's a huge time save there and you can definitely improve your output by quite a bit.
00:23:52
riptide
Yeah.
00:24:08
riptide
I absolutely agree with you. There's so many vectors. When you think about it, if you run a big blockchain that and maybe you have 10, let's just say 10 devs that you have, and maybe you have two two of the original team.
00:24:26
riptide
And so these guys know the most of the code base and they're the senior guys. and Then you have another team of 10 and you're working on this. is your Is your approval pipeline correct in GitHub?
00:24:38
riptide
you know Who's making changes? Who's actually reviewing? Can they review everything? And it's there like you said, there's so many moving parts to these big projects that it's it becomes unmanageable.
00:24:47
n4nika
Oh yeah.
00:24:51
riptide
it It does. When you look at it, it's like like, look at Geth, right? Look at, look at it's it's such a big project.
00:24:56
n4nika
Yeah.
00:24:59
riptide
And you just look, you're like, oh, I wonder if there's any bugs here. Just go to the issues tab. Like there's so many fucking problems.
00:25:04
n4nika
yeah
00:25:05
riptide
And that's any big project. And it's it's almost like you can't not have that. every every possible, look at the Linux kernel, look at everything. Everything is being touched by a lot of people.
00:25:16
riptide
They're looking at it and there's always some issue. and And so how do we, you know, how do we move forward and and secure all of this with AI to change from decades and decades of precedent where this is just always just how we do business?
00:25:31
n4nika
Yeah, absolutely. I mean, as you said, like at at some point it just gets unmanageable. And I really love that AI is being harnessed and improved so much in this space that you can get more and more coverage. Of course, it's always hard to say how much really, like how much is still hidden, how much is there still to find. But it definitely like, especially as we saw um with all the AI bounties and so on, it's getting definitely better.
00:26:01
riptide
Mm-hmm.
00:26:02
n4nika
And it's definitely saved a bunch of money already.
00:26:06
riptide
As long as we can incentivize the the white hats, whether I don't care what tools use, human, AI, whatever, as long as those parties have enough power and incentive to do what they do that we outweigh the black hats and and beat them as far as front running the transactions, whatever it is, we're in a better position.
00:26:29
riptide
It's just I don't wanna see that power balance shift um toward you know how many I wonder if there's any kind of hypothetical percentages. like what What percentage of hackers out there are opportunistic gray or black hats?
00:26:44
riptide
And now with AI, you've it's like the script kitties, right?
00:26:44
n4nika
Yeah.
00:26:48
riptide
From back in the day, now they've been able to amp up their skills with AI and become maybe master criminals. Whereas...
00:26:55
n4nika
Honestly, I'm telling you, i i'm I'm so confident that this is has already happened.
00:26:56
riptide
Yeah.
00:27:00
n4nika
I mean, if you look at this year's exploits, there's been so many small to medium size, I mean, what's small to medium size, hundreds of thousands, to millions of of dollars, but there's been so many that there has to be someone out there just farming all the contracts with AI.
00:27:01
riptide
yeah
00:27:16
riptide
Yeah. Yeah. yeah
00:27:17
n4nika
compare to last year where most of the exploits were like private key leaks and other compromises, there's not been that many smart contract exploits. And this year has just been exploding in in in regards to numbers.
00:27:30
riptide
Yeah, that's a good point because you were seeing like White Hat Mage, like some of these guys hitting some crazy bounties, but they have some some detection capabilities.
00:27:40
riptide
Like I always view it as there's there's auditors and bounty hunters, right?
00:27:42
n4nika
Yeah.
00:27:44
riptide
and And they may have the same technical skill set, but one is just really good at finding bugs and the other isn't. And they might they might be able to be great. If you put them on the same contract, maybe they see the same bugs, but finding that contract,
00:28:00
riptide
is like bounty hunter just knows he's got a system set up. And it's hard to explain it because everyone does it differently.
00:28:04
n4nika
Yeah.
00:28:06
riptide
But that's the truth about it. So now these black hats, you're right, man, because you see like, I see exploits all the time now. And I'm like, yeah, there's there's somebody out there with his AI, with his, he's got his Pashoff skills set up or whatever he's got going.
00:28:18
n4nika
Yep.
00:28:21
n4nika
Mm-hmm.
00:28:22
riptide
And he's fighting shit. And he's like, well, hey, Claude, tell me how to exploit this live. How do I How do I use private meme pool? And yeah.
00:28:31
n4nika
Make no mistakes.
00:28:32
riptide
Yeah, exactly, man. What a crazy time. Fucking crazy, dude.
00:28:38
n4nika
it is now so i'm really curious how this goes and on the other hand then you have exploits where you can't really do anything with tooling i mean you can do this to a certain degree but mostly you can't do anything with tooling or improving your contracts for example the drift tech now is just how would a white hat help you there so you always have this disparity of exploits that can be prevented and others that still can be prevented but just
00:28:54
riptide
Mm-hmm.
00:29:06
n4nika
There needs to be a different approach on how to prevent them.
00:29:11
riptide
yeah i mean how do you avoid the drift thing you could you can come up with a lot of a lot of things oh they shouldn't have done this the the the durable nonsense as they called it and in the end right if you have like an owner like anyone that has admin privileges you're at risk what what more can you say about it like you're accepting that risk i don't care what you're saying about your uh your opsec and
00:29:31
n4nika
Yeah.
00:29:39
riptide
you know, you can do everything, you're you're you're still relying on some human to not make a mistake, which is very risky when you think about 200 million at risk.
00:29:47
n4nika
Exactly, and then
00:29:52
n4nika
yeah and then you have your their counterparty, which has basically unlimited resources, and you somehow have to defend against it.
00:30:02
riptide
Yeah. I think you should have what the blockchain was kind of built for, right? Do the immutability, have it permissionless, but don't have it centralized with some owner, with some multi-sig, like design it the right way where you don't have to do that.
00:30:21
n4nika
Yeah.
00:30:21
riptide
And if you've designed these systems,
00:30:24
riptide
And I haven't, but I've admired the people that have, like Michael at Curve, the Uniswap team. theyre those Those contracts are not bug-free. And there are bugs that you're willing to accept by deploying immutably. But it's like, okay, are those protocol-destroying bugs? No. Are those going to take funds from users? No.
00:30:46
riptide
And I think the trade-off is worth it.
00:30:49
n4nika
Absolutely. Yeah. I mean you're just eliminating a whole aspect of risk there. You don't have to rely on anyone. It's just build secure code and yeah, yeah code is law at the end of the day.
00:31:02
riptide
Yeah. And this is coming up a lot where people are saying the the interest rate, the rate you're getting doesn't reflect the risk that you're taking in DeFi lately. And you know only it only reflects the rate when you get DeFi summer, 3,000% APR, to be honest.
00:31:23
riptide
I swear to God, man. I don't know yeah People put money in these fucking protocols and it just blows my mind. and And they don't do their due diligence. And even if they do, like even i speak with investors and LPs and stuff like that that are putting funds in a new protocol and they're like, they come to us, we do a an audit of it and they're trying to reduce their risk, right? You're trying to know everything you can like any investor would do.
00:31:53
riptide
And the fact is we can't guarantee that it's 100% bug free yet.
00:31:58
n4nika
Never can, yeah.
00:31:58
riptide
Nobody can do that. And but the risk, it just doesn't reflect it, man. And then and then add in the the admin risk too. you're You 25-year-old dev, nothing against But ah growing up in non-opsec cloud-focused world where he's got 26 browser extensions, and then he you know does some nefarious stuff on his laptop that shouldn't be doing, and it's the same work laptop, and he might have a hot wallet, and then the multi-sig gets together for beers on the weekend.
00:32:31
riptide
like It's just how do you quantify those risks as an investor?
00:32:37
n4nika
it's i can't even imagine how to do it it's i mean it must suck at some point you just ah have to accept it i guess but no it is not
00:32:49
riptide
not a good answer. you just accept it. No. right. I met this dude. I met this dude at Con, and and he was from a project that he was starting called Core 3.
00:33:00
riptide
I think it was Core 3. And he was showing me his... It was a risk dashboard that he was trying to take TradFi... financial ratings and metrics to DeFi, which is really cool.
00:33:11
n4nika
Yeah.
00:33:11
riptide
So, you know, if if you have, and you know, there's always some, some sneaky shit going on to Tradify as well. But if you say, okay, this company's rated A minus, and here's the rationale, the criteria for that.
00:33:25
riptide
Okay. One can have a reasonable assumption on the riskiness of this debt. And so he's building this for DeFi and he has like protocols rated chains and stuff. And I was like, okay, it's cool. And I looked through the criteria and obviously I look at security. I say, what's your security criteria?
00:33:42
riptide
And it was like, has been audited? Okay, yes. More than one firm yeah gets more weighting.
00:33:48
n4nika
Yeah. Yeah.
00:33:48
riptide
Does it have a bounty? Yeah, okay, that gets more weighting. um But, and then I think there's one other metric. And it was like, well, that was it. was like, well, you know, it should be, you could probably improve this. It's like, oh, it's a draft, but,
00:34:03
riptide
It's something I guess, but you could add in stuff like what L2B has with the L2 is like, okay, are there, is the multi-state, like how many guys the multi-state is immutable? Like so many different things you could tack onto there to help quantify this to potential investors.
00:34:21
n4nika
But as you said, like once you start investigating on who holds the multisig and how much can you trust the people holding the multisig, it gets so complicated. it's I doubt that any VC really does that deep of a research on ah like the multisig owners, the exact the exact lay of the layout of the contracts, like the roles and stuff. it's It's just so hard to manage, especially if you're not a very technical person.
00:34:51
riptide
Yeah. how do we fix that?
00:34:56
n4nika
That's a great question, man. Yeah.
00:34:59
riptide
I don't know. I don't know. i Because you think in mass adoption, how do you keep people to do it? And the the the thing that I would like to see is for them not to worry about it.
00:35:12
riptide
Just like you don't worry about, um i mean, we we need factor insurance in here too, right? Because how do you how do you not, at least in the US, right?
00:35:17
n4nika
yeah
00:35:20
riptide
You deposit money into a bank. And then, like back in the days, you would have to choose your bank and you would have to assess the risk of the bank. And once they introduced this FDIC insurance, which is basically the government backstop for your deposits at the bank, well, no one cared.
00:35:36
n4nika
Yeah.
00:35:38
riptide
Every bank was treated the same as long as it had a charter and and it had this insurance. So you that that risk was offloaded to the government. Okay, because the amount of money at stake, right? So on the blockchain, where you're looking at a worldwide environment, where do you offload that risk to? Is that, I mean, we had Nexus Mutual was the only insurance protocol I remember. And and I saw them at the conference, like I guess they're still around.
00:36:09
riptide
but there's not like a government backstop for this thing. So it's gonna have to be from the private sector. And maybe that maybe that's from an insurance product.
00:36:19
n4nika
I think in that case, decentralization is actually holding us back a bit because the blockchain is just a wild west. There's no central entity which you can blame. There's no real company which you can prosecute, whatever.
00:36:35
n4nika
So you don't really have that on the blockchain and you can't have one entity which takes all the risk and then takes responsibility for it so there's just a gap between how you can do it in transfer and how you can do it on the blockchain because it's just everyone on their own and there's just not as many regulations and That doesn't mean we would need more regulations. I mean, maybe we do, but that then again, goes somewhat against the the principles of decentralization.
00:37:11
n4nika
So there's always this this gap between what you can actually do and how much you have to compromise on the other side then.
00:37:17
riptide
Yeah, i think I think the private market will figure this out.
00:37:21
n4nika
Absolutely. At some point.
00:37:22
riptide
it
00:37:23
n4nika
Yeah.
00:37:24
riptide
So, I mean, I think when Nexus Mutual came out, I remember that that being like, I think their idea was like, hey, the protocol wants to attract TVL. They're going to have this insurance for a hack.
00:37:37
riptide
I don't, maybe the economics didn't work out where it was, the insurance was too expensive. Maybe it, I think it launched during DeFi summer, something like that. So people didn't give a fuck. They didn't care at all. It was like, it sure, not who cares? 3,000 APR, I don't care.
00:37:54
riptide
Maybe that's it. Like, it's it.
00:37:55
n4nika
I mean, if you if you tell a random guy who doesn't know crypto he's getting 3000% FR, I'm pretty sure he'd take it.
00:38:02
riptide
I know, right? Like I go to their website and they're like, all right, $6 billion in crypto protected. 10,000 covers provided. Number one in claims. I have no idea. But that's what we need, man.
00:38:14
riptide
We need need something here to...
00:38:17
n4nika
Absolutely, yeah.
00:38:17
riptide
Yeah, like the last ones I see here are from back in the day. Rari Capital, FTX, Euler, Yearn, Holden, Cream.
00:38:28
riptide
like These are all old, old ones, man. I think...
00:38:30
n4nika
Yeah. Yeah.
00:38:32
riptide
Damn, I like this idea though. This is another great product. People should build something like this. So how do we ensure the, especially during bear market, This is just widely and in everyone's face. Like, hey, this yield sucks and the risk is is unknown.
00:38:48
riptide
And that's a terrible, terrible place to be. I think we're only attracting capital because people believe in like a four-year cycle. And, you know, there's a lot of benefits to crypto. And I think the investment outlook is positive over the long term, of course, but this needs to be fixed.
00:38:59
n4nika
Yeah.
00:39:05
riptide
Yeah, definitely.
00:39:06
n4nika
Definitely, yeah.
00:39:08
riptide
Hmm.
00:39:10
riptide
So, let's see, otherwise, what ah what else going on over there? What else would you like to talk about, sir?
00:39:19
riptide
any What are you doing now, audits, contests, bounties?
00:39:23
n4nika
I'm building, building some stuff doing private audits. So got some private audits going on, some new ones coming in, building some tooling.
00:39:34
riptide
what are you What are you building, what kind tool?
00:39:37
n4nika
of course, a bit of, I'm building around with AI. That's basically everyone these days.
00:39:43
riptide
But what is
00:39:43
n4nika
So
00:39:44
riptide
you give us a high level?
00:39:47
n4nika
basically also a AI auditor specialized on blockchain, DLT.
00:39:50
riptide
Oh, shit.
00:39:53
n4nika
Yeah.
00:39:56
riptide
Good idea. Good idea. i keep...
00:39:59
n4nika
But I feel like everyone's doing that nowadays.
00:40:01
riptide
Yeah, but hey, look, I'm knee deep in this. Not everyone's doing the same thing. just build yours differently.
00:40:07
n4nika
fair.
00:40:08
riptide
Like think about it and come up with a unique architecture and you can crack the market.
00:40:11
n4nika
Exactly. Yeah, you have to have some unique selling point. You have to be better than someone or have something that others can't do.
00:40:18
riptide
Yeah, you can't just put some skills in there, some prompts and expect to like, cause what's the goal? Like why do anything? You wanna be able to 10, 100 X the competition.
00:40:30
riptide
So you need some groundbreaking shit.
00:40:31
n4nika
Yeah.
00:40:34
n4nika
Exactly, yeah.
00:40:34
riptide
So if you could build that, I mean, I advise take a little magic mushroom and go deep into the forest, into the Austrian forest, and just think about it.
00:40:41
n4nika
yeah
00:40:46
riptide
Think about it deeply. Maybe you come up with some some cracked ideas.
00:40:49
n4nika
telling you there's There's gonna come very some very good ideas there.
00:40:53
riptide
Dude, I tell you, man, the craziest stuff comes on my feed. Were these back in the day, 60s, these scientists were given LSD and they came back with some crazy new new theorems and hey, man, whatever it takes, like if you're on that day-to-day, here's another alpha, alpha drop.
00:41:03
n4nika
Yeah.
00:41:11
riptide
If you're on the day-to-day, like you wake up and you say, I'm gonna crank some bugs. You wake up, ah you maybe do some pushups and then you hit your coffee and then you get on your screens Well, you're gonna be on that same same path every single day, locked in. Caffeine does that to your brain, locks you in, and you're kind of you kind of have boundaries with your thinking, in my experience.
00:41:38
riptide
And so how do you open up those boundaries? Well, you need to deviate. It's not like you come to the screen drunk. I think alcohol is one one area where this, it does not help at all, right? But different things help.
00:41:49
riptide
Like if you go go for some hill sprints and then you come back and that that can kind of open up new pathways. If you could do, um you know, some for some people like different drugs may just have better effects than others.
00:41:57
n4nika
Oh yeah.
00:42:06
riptide
But if you just take something to expand your mind, as you know, with marijuana or mushrooms or maybe LSD, I don't know, but like something that allows you to think differently than how you normally think and think differently than the competition.
00:42:26
n4nika
Yeah, absolutely.
00:42:28
riptide
And it could open up. Yeah. And this is me completely advocating for you.
00:42:31
n4nika
And
00:42:35
riptide
Don't do drugs if you're already mentally unstable, but you know it could it could help.
00:42:39
n4nika
but like I gotta say, especially in our space where most of the people are rather technical and kind of nerdy and really get obsessed with the technicalities of stuff and just be on the stuff for 12 hours a day straight.
00:42:55
n4nika
taking a step back, getting a good workout in is such a mind changer, such a game changer. It's crazy. Like if you actually take care of yourself and you actually improve outside of.
00:43:08
n4nika
Of being a geek, it's. ah
00:43:13
riptide
It's true.
00:43:14
n4nika
It's good.
00:43:15
riptide
Man, that and when you really love doing something, you have a passion for something, and especially when you're young, you just you have no problem sitting in front of that computer for 10, 12 hours.
00:43:26
riptide
I remember, man. I remember doing that. just I wouldn't feel anything.
00:43:29
n4nika
Absolutely.
00:43:30
riptide
You could just sit in the chair and 12 hours go by.
00:43:30
n4nika
Absolutely.
00:43:33
riptide
Hey, i'm a little I'm a little tired of staring at the screen, but... I could do it day after day after day.
00:43:37
n4nika
ah yeah absolutely
00:43:40
riptide
And when you get older, I mean, you're like, fuck, man, you need some more balance. But it actually is like your body and your mind telling you, hey, look, you'll find more bugs this way. Just get the fuck out of the house for a bit.
00:43:52
n4nika
The amount of times I just went into protocol, like, got it, like thought about it, got to and know it quite well, and then just took a step back, I know, went to sleep or went to the gym or whatever, and then just thinking about it and then getting some idea.
00:44:11
n4nika
The amount of times it has happened to get a great idea and a great exploit path just by thinking about it while not staring at the code, there's been many.
00:44:20
riptide
And how do you deal with like the new problem with getting lazy with AI? Like, how do you deal with like, oh, AI will just look at this instead of using your brain? Do you ever have that?
00:44:32
n4nika
Of course.
00:44:33
riptide
How do you fight it?
00:44:33
n4nika
Like, I think everyone deals with that. It's, uh, it's just so prevalent. AI is so prevalent that at some point just you have to thought like, what if AI can do all of this?
00:44:44
n4nika
But I gotta to say for most of the things, it just gotta take a step back. I usually separate it Like when I do a review or something, I, on the one side, I launch my tool at it.
00:44:56
n4nika
I generate all its output. And on the other side, I do the manual review. So I do the manual manual review.
00:45:01
riptide
Mm-hmm.
00:45:03
n4nika
I like help take AI to help me with understanding of the code base, like what leads to what, what areas um in the code base are responsible for which functionality and so on.
00:45:15
n4nika
And once I got a good understanding and once I have produced some findings and once i know what's going on, I take a look at the AI findings and then cross reference those against the code base. And I think if you.
00:45:29
n4nika
explicitly do the audit yourself while also relying on AI in parallel, you still got some, you got the benefits of both. Like you don't get lazy and you actually continue providing value by with your knowledge and with experience. But on the other side, you also find all the low hanging fruits and everything that you might miss just because you already seen this stuff so many times by running AI in parallel.
00:45:59
n4nika
and I think that helps quite a lot to just take both and try to not get complacent by only relying on AI.
00:46:07
riptide
That's a good strategy. Are there any any things that you've noticed that AI finds like consistently that that humans miss or that you've missed?
00:46:19
n4nika
I think it's hard to say there's
00:46:20
riptide
Like certain certain combinations of of bugs or just, you know, because it'll find some weird edge case stuff or like you say, cleaning up a lot of things.
00:46:29
n4nika
think often I had some some things where, for example, in Go and Rust, especially Go, some typecasts or like some some things that were very specific to the language that you would just read over and think it's it's correct because it looks correct.
00:46:46
n4nika
But then you have like a small assumption, like some slightly wrong syntax and those things it catches very well, I would say.
00:46:53
riptide
Mm. Mm.
00:46:55
n4nika
Like I had some, some, some...
00:46:58
n4nika
some bugs were found in this way just because the syntax looks correct. It seems correct. And if you don't dig into every single um like deeper into the Go feature itself, you don't find it. But I find some quite easily.
00:47:15
riptide
Do you think the teams are like when you're looking at these audits, do you do you think teams are dropping the ball with security? Like, are you seeing more prompts in the code base and and just maybe you could see that the code is maybe not as tight as the code you used to review?
00:47:34
n4nika
Not really. I mean, i yeah I'm right now mostly working with some bigger clients, which I've had for some time. So I'm reviewing code of teams that already have produced a lot of code, not some new projects.
00:47:49
n4nika
And I feel like they maintain their quality mostly. so it's been looking not too bad i mean i've heard of some projects like not some projects but from some people that they had completely vibe coded contracts and like everything was broken but i've not had that much of an experience with that so gotta say it's it's actually not that bad and i feel like especially in the blockchain space and blockchain dlt space you can't really get away with it too much
00:48:12
riptide
and Okay, that's good.
00:48:18
riptide
Why do you think that is?
00:48:20
n4nika
Because especially if you build something from the ground up, those ah systems are just really, really complex and have so many moving parts that it's gonna fuck up something.
00:48:35
riptide
do you Are you seeing those prompts that the MD files in the repos?
00:48:41
n4nika
No, not really.
00:48:44
riptide
You haven't seen that? Okay.
00:48:45
n4nika
No.
00:48:45
riptide
I've been looking at some repos lately and you'll see like a function of the contracts.md or whatever. And it's like, okay, that's that's an explainer generated by an LLM.
00:48:56
riptide
That's cool. But then you'll see certain ones where it's like they're audit prompts that they've given to Claude.
00:48:57
n4nika
yeah
00:49:03
riptide
Okay.
00:49:03
n4nika
oh i get to to me yeah yeah
00:49:03
riptide
Ensure that there's no re-entrance. It's just all these different things. And you're like, hmm. Is this a new red flag for bounty hunters to say, huh, did a human look at this or did they just trust the prompt?
00:49:15
n4nika
you gotta step back trust the prompt and say there is no bug in here because they ran this prompt on this saves you some work exactly yeah
00:49:22
riptide
Yeah, yeah, trust the prompt.
00:49:26
riptide
Oh, shit.
00:49:29
n4nika
But we definitely gonna see more of that.
00:49:31
riptide
Yeah.
00:49:31
n4nika
It just, it just reduces the barrier of entry for even non-technical people to build stuff, which on the one side is good, but on the other side for security, it's terrible.
00:49:45
riptide
Yeah, this is ah a double-edged sword that we've been talking about a lot.
00:49:47
n4nika
Yeah.
00:49:48
riptide
we love I love the fact that anyone with an idea can deploy. and And the barrier before was you had to know how to code, and now you don't have to know how to code.
00:49:54
n4nika
Absolutely.
00:49:58
riptide
And that opens it up even more, and there's your your biggest sell on like, wow, this market's going explode.
00:50:05
n4nika
Yeah.
00:50:05
riptide
But the security issue is yet to be addressed. And then like, you know, this only gets addressed with AI, think, because just too much stuff will be coming on the chain and you're going to to have these audited.
00:50:15
n4nika
Yeah. And especially we now that we see the contest markets going pretty much to zero. I mean, there's one of one or two contests sometime.
00:50:26
n4nika
It's I don't really know how we're going to attract new talent and new people getting into the space because there's quite a few people that got into it a few years back. And back then you could prove yourself. You could prove that you can win contests, that you know what you're doing. But how is anyone going to do this now that there's no real opportunity to prove yourself?
00:50:47
n4nika
So I think that's a really important thing to address for us because we need new people in the space at some point.
00:50:56
riptide
Maybe the bar has just been raised where you have to show yourself finding bugs live as bug bounties and like, Hey, look, this is, this is what I bring to the table.
00:51:04
n4nika
Probably.
00:51:07
riptide
And I'm more skilled than the next guy, but you can't have, you know, the same guys, uh, finding these, these tiny bugs. Like those just, those don't have value anymore. The old bugs.
00:51:18
riptide
And it's just, the bars has been raised difficulties increased.
00:51:21
n4nika
Absolutely. Yeah.
00:51:24
riptide
Yeah, that's that's probably where we end up, which is probably a good thing. It's unfortunate, but I think the good guys will rise to the top. And if there's new bug hunters out there and like new really good SRs, you'll see them.
00:51:34
riptide
And they'll probably be a hybrid of human AI um masters out there.
00:51:39
n4nika
Definitely, I mean, at this point you have to use AI, otherwise you're falling back.
00:51:43
riptide
Yeah. Yeah.
00:51:44
n4nika
Like, at least to some degree.
00:51:44
riptide
I mean...
00:51:47
riptide
Yeah. yeah I mean, still, man, double-sided coin there because I know guys that don't use it at all and they're bounty hunting and they're finding shit.
00:51:52
n4nika
okay, we got it.
00:51:56
n4nika
yeah okay we got Yeah, yeah.
00:51:56
riptide
Because, yeah, I mean, it all depends.
00:52:00
riptide
Like if I was doing a normal audit as a as a protocol, i at this point, I would, and this I called this last year, I was like, you're going to get to the point where you're you're not having AI eyes on your protocol for an audit and you're going to ask for it.
00:52:15
riptide
And I think we're at that moment now where people are like, well, all right, humans looked at it, but you know AI found some cool shit last time. Let's have it look through it again.
00:52:23
n4nika
yeah yeah i mean it doesn't really hurt
00:52:25
riptide
Yeah. No, no, it doesn't hurt. Not at all. Why not do it? Yeah. Cool, man. Anything else on your end? We are creeping up on the hour mark.
00:52:38
riptide
Any burning questions?
00:52:39
n4nika
think no no
00:52:43
riptide
Okay, well, that's it. Well, sir, thank you for coming on. A real pleasure to finally get you on the podcast.
00:52:49
n4nika
Thank you so much. It has been a pleasure.
00:52:52
riptide
going to have to get every member of the Austrian mafia on here now, now that I met them in person.
00:52:57
n4nika
Please do.
00:52:58
riptide
All right, man, we will see.
00:52:59
n4nika
You're not going to be disappointed. that's
00:53:01
riptide
ah we will see you all next time on the blockchain.