Leicester
๐ค SpeakerVoice Profile Active
This person's voice can be automatically recognized across podcast episodes using AI voice matching.
Appearances Over Time
Podcast Appearances
And then the malicious proposal went in, which enabled the breach.
And the question was,
Was that validator on the inside of the malicious proposal?
I don't know.
My question is, how is it possible that whatever that code was that was malicious was never screened?
So even if you pass it through DAO, you can't just implement malicious code.
That's unthinkable.
So the questions are being asked of number one, that validator having so much power.
Number two, how can malicious code be injected that way with no due diligence?
And what they're saying is we need to have,
documentation of decentralization of the validators in custody.
We need to make sure that there's no capability for single person control.
So essentially mitigate the risk that any one validator can bring the thing down or risk of 51% attacks or et cetera.
And then documentation of chain upgrade authority and governance and who can do it, right?
Because who is the one that's actually pushing this stuff and why are they authorizing and document all that?
You would ask the question then, well, why wouldn't we always have that, right?
And that's what you should be asking.
These are things fundamental that should always have been there.
The flaw, as Binance stuff has called out, is you hear, well, we're audited.
And they say that's good enough, that the auditors would have caught those things and auditors would know that data.