$502M In Solana Hacks, Jupiter Now A Top 10 DEX & More

Welcome back!

This is J264G and this week I’ve got these titbits for you:

• Wary Code: Security audits might be holding Solana back.

• Solana Summer: Jupiter now ranked 7th among all DEXs.

• Fast Money: Code makes sending money on-chain enjoyable.

We’re seeing increased DEX activity on Solana, a more reliable network, and a new onramp for Solidity developers with Solang — fudding the ecosystem is getting increasingly difficult.

Now’s the time to double down, keep building, and convince new users of the benefits of all things self custody.

Let’s get after it!

Click on any underlined heading / hyperlink to learn more.

Spotlight

Wary Code

In code we trust.

That's one of the founding pillars of our industry.

Why?

Because this premise allows us to leverage trustless systems — which don't rely on intermediaries, such as a bank or government, to process transactions.

But what if we can't trust in code?

• February 2022: Wormhole gets exploited for $326M.

• March 2022: Cashio falls prey to an infinite mint bug and gets drained for ~$48M.

• July 2022: Nirvana loses $3.5M to a flash loan attack.

• August 2022: Approximately 8,000 Slope wallet addresses get drained for ~$5.3M.

• September 2022: Raydium loses ~$4.4M in fees from its liquidity pools.

• October 2022: Mango Market gets left with $115M in bad debt.

These 6 incidents alone amount to $502M.

Here's what $502M could have funded:

• 3 large & extremely well-equipped hospitals (Togal, 2023) 

• Or: 900 public primary & secondary schools (Levelset, 2022)

• Or: Expenses for 1,666 children from birth until the age of 17 (Intuit, 2022)

As you can see, 502M greenbacks are neither peanuts nor negligible.

That's why security audits are so important.

According to Cointelegraph, smart contract auditing providers charge between $5,000 and $15,000 per audit — on average.

Auditing providers on Solana, however, charge anywhere between $100,000 to $300,000.

These opaque prices have various negative effects:

• Missed Opportunity: If potential customers cannot easily understand the cost and what they are getting for their money, they might abandon the purchase altogether.

• Competitor Offering: If the pricing is opaque, potential customers may be more inclined to switch to a competitor that offers a clearer and more transparent pricing.

• Trust Breakdown: When prices are not transparent, customers might suspect hidden fees or unfair pricing practices, leading to a breakdown of trust.

• Negative Experience: When customers feel uncertain about pricing details, they may have a negative overall experience, even if the product or service is otherwise satisfactory.

Apart from these factors, the pricing of security audits on Solana seems somewhat steep when compared to conventional security audits:

• Website penetration testing: ~ $50,000 (Astra, 2023)

• IT security audit: ~ $50,000 (Varonis, 2022)

• ISO 27001 certificate: ~ $75,000 (OneTrust, 2022)

• SOC 2 audit: ~$100,000 (Secureframe, 2023)

Moreover, most audits in web3 are one-off services, meaning the code isn't audited on an ongoing basis, although we all know that the scope of the code changes significantly over time — particularly when a protocol is launched on Mainnet. Yet, most auditing providers do not offer a standardised auditing loop. Additionally, many security auditors don’t take responsibility when one of their clients has been exploited. In conventional IT projects, aspects such as these are met by service-level agreements — which include remedies or penalties should something go wrong.

Speaking of accountability: Wirecard is the latest high-profile case that has shown that the big four auditing firms — Deloitte, EY, KPMG, and PwC — cannot unequivocally be trusted and need to continuously undergo audits themselves. But who’s examining the inner workings of the auditing providers in web3?

In a world where self custody should reign supreme, we need to trust the code.

Yet, the code is more porous than a Swiss cheese, code audits are too expensive and often neglect market dynamics, and auditors don’t have enough skin in the game — all while enjoying a lack of scrutiny.

As such, we won't get self custody “to the masses” if this status quo doesn't change.

Chart Of The Week

News Bites

Multi-Language Support: Solana now allows for front-ends that enable developers to build in Rust, C, Python, Zig, and Solidity.

Network Performance: A new Solana network performance report has been released, which particularly highlights the network’s reliability improvements.

Multichain Support: Coinbase now supports USDC on Arbitrum, Avalanche, Ethereum, Polygon, and Solana.

Solana Summer: Jupiter is now ranked 7th in trading volume among all DEXs, outpacing both Sushi and TraderJoe.

Fast Money: Code, a P2P payment solution on Solana, demoed its app. What became clear from the outset: Sending money to anyone can be simple, fast, and enjoyable.

Caught In 4K

Weekly Take

Keks & Giggles

And that's a wrap!

If you'd like to reach me, respond to this newsletter or reach out to me on Twitter.

Talk soon!

J264G