The Tangled Web of Crypto
I want to know about that 90 thats allocated, but not circulating. Who has that nobody knows but its? Not that many addresses, but it could be you sure it could be anybody. It could be you okay, yeah, okay, now maybe you probably might have an easy explanation for this coin. Gecko has your security audit at 63 as of october 23rd? What does that mean? I have no idea yeah thats helping you, so we actually have multiple audits. So we got a chain security audit that was done, but its under nda, so we cant release it and we got an audit from coin fabric as well. Why would an audit be under nda? Well until you finish paying for them it? So it works like this. You have to educate the auditor because theyre not actually good at their jobs. Now i hate to say that, because ive got to go start looking for some more auditors for some more contracts soon, but in general theyre, not actually good at their jobs, and so in order for them to audit your code properly. They have to understand your code and then it takes your devs time to get them to understand what the codes supposed to do, and then they tell you the things that you could have just copy pasted from a theory: ethereum developer security blog about reentrancy bugs, and You know: saving gas using external instead of internal uh or external. Only instead of public function calls and you you just learn.
You know we already know all this stuff already right, and so the only thing that the chain security guys found was that someone could have pre created a collision at great millions of dollars of cost to be able to free claim some extra stuff and we uh Prevented that, with changing the way the merkle hash was created, and then the coin fabric guys didnt find anything like they didnt, they just didnt find anything at all kind of important. Can you go back up on that sure what happened with the merkle tree? Well, if you want a gas efficient way to so, for instance, its very expensive to preemptively, just shove stuff at people like a normal airdrop, because you incur tons of fees so right now, if you wanted to send an erc20 ethereum its about 10 bucks, so it Costs you ten dollars just to send someone an earrc 20.. It sucks its terrible, its unreliable, and so what you do is. Instead, you create a merkle root which creates a merkle tree, and then people can claim against that tree, proving that they had something. That was a member of that set, and so you, if you proved that you had bitcoin, then you could claim hacks for free from the merkle tree. But did you just say there was a problem with the code on that or i missed that? No, no, it was it was a question of all of these. Blockchains are predicated on economic viability.
If someone wants to ddos every single bitcoin node, they can, and then the network cannon will go down its just prohibitively expensive. If governments want to make all the shot. 256 hash and force people to hard fork into a different proof of work. They can its just economically expensive. So a bug that says that someones willing to lose a ton of money to blow millions of dollars. Now, on a coin that doesnt even have a price or a market, yet to cause a free claim by finding collisions in in this one like hash, all we had to do was add bits to the hash. So, oh, the solution to this collision attack was just like, oh well, make it slightly more expensive with them. We added a little bit more bits, so there was a little revision that you threw in there got it and i i mean really were were not really expecting collisions. We, if you read significant, collisions the code until we have quantum computing but um. The code is amazing, so we do gas efficiency. Things like we use bit packing, which is combining multiple values into one storage slot to save money, and then we use bitwise shifts in the storage slot to pull from it more efficiently. We use caching, so we load things into memory, which is cheap instead of hitting disk which is expensive, and then we only hit disc if we have to because the cache said we had to okay, we have one of the most advanced contracts that you could ever Have with great comments great flawless function, and you should read it.
I mean its wonderful, its wonderful good. Okay, i should read the code yeah its great its only its online. You got an ether, scan contract and just read it so now now im confused, because what youre saying is that an auditor whom you havent finished, paying cant, understand your code because its too cryptic but now youre suggesting its just because theyre bad at their job. Okay, no, no, no! Look! The number of people in the world that could code is hard and, and developers and crypto are usually trash. Real developers look down upon crypto developers, real developers are better than crypto developers. Real developers have been developing for 40 plus years, crypto developers, havent and theres, like solidity, the code that runs ethereum, it sucks and geth the software that we forked and everyone else forked, and that ninety percent of all ethereum nodes, use and 100 of all the mining Nodes use it sucks and in it in order for it to become better because its open source people have to force it to be better. How many you know ethereum brags about having 20 000 plus developers, guess what those 20 000 developers just add extra load to the five guys, five that actually maintain the geth, which is all the nodes which is ethereum ive got more than five deaths. So this, like people, dont, understand like how hard blockchain is, and so it so when i tell you that the the auditors dont do their job very well its that they point out things that arent bugs and then we have to explain to them.
Why theyre not bugs, and then they go? Oh okay and you have this back and forth process. So, instead of pulling my lead, dev off of doing actual dev, which is awesome and then educating the auditors, we just are fine with one public audit and then the other private audit, its just private right and then so. We couldnt, we cant finish the contract until we get them to actually fix their audit to be accurate and we cant get them to fix their audit to be accurate. Until i take my lead, dev off to educate them on everything and its just too time consuming. Okay, so so youre saying your auditor is under an nda, which means they cant reveal any bugs or whatever, because theyre confused no nda literally means that we cant brag. We, we cant, publish, incomplete audit results that we paid for look the other way. Why would you brag about uh if, if there are bugs and theyre confused – and you also just said no, because we cleared all this, are you trying to make? Are you trying to make it an issue like im screwing over my developer and not paying them or something they got a new job, the development? So so? Listen. The auditing team got hired by ernst. Young and didnt really want to be doing auditing anymore, and so i wasnt going to pull my lead developer off of doing real development to go, educate the audit team which, by the way like theyre, actually good like i would.
I would work with change security again because in the frame of auditors, theyre actually good, but theyre, not as good as my lead dev its just like book writing. When you write a book, the most important person is the author and you still take it to an editor and this the editor still tries to improve it. But in the end, the odd the the author is, what matters? Not the ad youre not going to buy the book because of the editor. Is the audit thats under nda right or is it wrong thats right like it? There are no bugs and they found no costs and any bugs we fixed. But in order for us to publish the audit, we have to make it. These audits are only as useful as theyre useful for marketing, because all of the security value we already got, we already fixed everything that they possibly could find, which was one thing. The merkle root claim and by the way the claim functions been over for a year, there is no claim its over. Did the referral program pay for that audit already? I think i think it was 60 and i paid maybe 35 or 40 or something like that. So so whats stopping you from paying for the rest of the audit. I would need to pull my lead dev to write the language as to how what they understood in these areas, wasnt, completely accurate and how this was fixed by this and then theres back and forth, and then they have to prove it.
And then they have to publish it so, okay, like i could do it, but so you disagree with some parts or want to add clarity. Well, no, we we, but we all agree that its secure now, but they dont want to look bad. Having mentioned things that they said were bugs that arent i could go, look it up, but then the question is: am i violating my nda like im, not im, not even sure how much of the content of their stuff im allowed to share with you like id? Have to go re read the nba like. I might be in violation just telling you what i just told you im, not sure, so you made the nda right, no, its theirs thats theirs. What do i? Why would i i dont? What do i need an nda for its all public like were going to release the the like theres, no reason for me as the guy buying it. The only reason you buy it is to make it public. I would prefer it be public. Why would i want to hide that so, but what youre saying is youll make it public after your lead, dev provides commentary on it if its important to you ill spend the 20 or 30 on it, but id have to have another dev. Do it because my my lead devs working on something better currently so pulse x, matters more pulse chain matters more. We already know the codes perfect, because theres hundreds of millions of dollars to be gotten by hacking.
It like weve, like of the many things you could worry about, the code is not it.