- The Sleuth
- Posts
- $502M In Solana Hacks, Jupiter Now A Top 10 DEX & More
$502M In Solana Hacks, Jupiter Now A Top 10 DEX & More
Also: Do security auditors have enough skin in the game?
Welcome back!
This is J264G and this week I’ve got these titbits for you:
Wary Code: Security audits might be holding Solana back.
Solana Summer: Jupiter now ranked 7th among all DEXs.
Fast Money: Code makes sending money on-chain enjoyable.
We’re seeing increased DEX activity on Solana, a more reliable network, and a new onramp for Solidity developers with Solang — fudding the ecosystem is getting increasingly difficult.
Now’s the time to double down, keep building, and convince new users of the benefits of all things self custody.
Let’s get after it!
Click on any underlined heading / hyperlink to learn more.
Spotlight
Wary Code
In code we trust.
That's one of the founding pillars of our industry.
Why?
Because this premise allows us to leverage trustless systems — which don't rely on intermediaries, such as a bank or government, to process transactions.
solana has the best chance at onboarding ppl w/ no crypto experience & a small amount of capital into crypto by far
— Ansem 🎒 (@blknoiz06)
10:23 PM • Jul 21, 2023
But what if we can't trust in code?
February 2022: Wormhole gets exploited for $326M.
March 2022: Cashio falls prey to an infinite mint bug and gets drained for ~$48M.
July 2022: Nirvana loses $3.5M to a flash loan attack.
August 2022: Approximately 8,000 Slope wallet addresses get drained for ~$5.3M.
September 2022: Raydium loses ~$4.4M in fees from its liquidity pools.
October 2022: Mango Market gets left with $115M in bad debt.
These 6 incidents alone amount to $502M.
Here's what $502M could have funded:
3 large & extremely well-equipped hospitals (Togal, 2023)
Or: 900 public primary & secondary schools (Levelset, 2022)
Or: Expenses for 1,666 children from birth until the age of 17 (Intuit, 2022)
As you can see, 502M greenbacks are neither peanuts nor negligible.
That's why security audits are so important.
According to Cointelegraph, smart contract auditing providers charge between $5,000 and $15,000 per audit — on average.
Auditing providers on Solana, however, charge anywhere between $100,000 to $300,000.
These opaque prices have various negative effects:
Missed Opportunity: If potential customers cannot easily understand the cost and what they are getting for their money, they might abandon the purchase altogether.
Competitor Offering: If the pricing is opaque, potential customers may be more inclined to switch to a competitor that offers a clearer and more transparent pricing.
Trust Breakdown: When prices are not transparent, customers might suspect hidden fees or unfair pricing practices, leading to a breakdown of trust.
Negative Experience: When customers feel uncertain about pricing details, they may have a negative overall experience, even if the product or service is otherwise satisfactory.
Apart from these factors, the pricing of security audits on Solana seems somewhat steep when compared to conventional security audits:
Website penetration testing: ~ $50,000 (Astra, 2023)
IT security audit: ~ $50,000 (Varonis, 2022)
ISO 27001 certificate: ~ $75,000 (OneTrust, 2022)
SOC 2 audit: ~$100,000 (Secureframe, 2023)
Moreover, most audits in web3 are one-off services, meaning the code isn't audited on an ongoing basis, although we all know that the scope of the code changes significantly over time — particularly when a protocol is launched on Mainnet. Yet, most auditing providers do not offer a standardised auditing loop. Additionally, many security auditors don’t take responsibility when one of their clients has been exploited. In conventional IT projects, aspects such as these are met by service-level agreements — which include remedies or penalties should something go wrong.
Speaking of accountability: Wirecard is the latest high-profile case that has shown that the big four auditing firms — Deloitte, EY, KPMG, and PwC — cannot unequivocally be trusted and need to continuously undergo audits themselves. But who’s examining the inner workings of the auditing providers in web3?
In a world where self custody should reign supreme, we need to trust the code.
Yet, the code is more porous than a Swiss cheese, code audits are too expensive and often neglect market dynamics, and auditors don’t have enough skin in the game — all while enjoying a lack of scrutiny.
I want more crypto projects that try to disrupt popular web2 apps using crypto superpowers to discover new use cases rather than building marginal improvements on the few existing use cases (AMMs, lending, etc)
Vampire attack web2, not uniswap for the 5000th time
— hayden.eth 🦄 (@haydenzadams)
11:44 AM • Jul 22, 2023
As such, we won't get self custody “to the masses” if this status quo doesn't change.
Status quo, you know, is Latin for 'the mess we're in'.
Chart Of The Week
Solana DEX Volume has averaged over $100M every day for the past 6 days.
— Step Data Insights (@StepDataInsight)
5:00 PM • Jul 18, 2023
News Bites
Multi-Language Support: Solana now allows for front-ends that enable developers to build in Rust, C, Python, Zig, and Solidity.
1/ 🎉Introducing Solang: Building on Solana with Solidity
Today, @solanalabs announces Solang, a compiler enabling developers to write smart contracts on Solana in Solidity, the primary programming language of Ethereum.
Learn more👇
— Solana (@solana)
1:17 PM • Jul 19, 2023
languages aren't moats
— raj 💀 (@rajgokal)
2:16 PM • Jul 19, 2023
Network Performance: A new Solana network performance report has been released, which particularly highlights the network’s reliability improvements.
1/ The Solana Foundation has released the most recent @solana Network Performance report.
The Solana network’s performance has improved through H1 2023, as measured by uptime, the ratio of non-voting-to-voting transactions, & more.
Read the full report: httpsolana.com/news/network-p…p
— Solana Foundation (@SolanaFndn)
1:16 PM • Jul 20, 2023
Multichain Support: Coinbase now supports USDC on Arbitrum, Avalanche, Ethereum, Polygon, and Solana.
Multichain support added for USDC.
Coinbase International Exchange users are now able to deposit and withdraw USDC on Arbitrum, Avalanche, Ethereum, Polygon, and Solana networks.
— Coinbase International Exchange 🛡️ (@CoinbaseIntExch)
10:16 AM • Jul 20, 2023
Solana Summer: Jupiter is now ranked 7th in trading volume among all DEXs, outpacing both Sushi and TraderJoe.
Fast Money: Code, a P2P payment solution on Solana, demoed its app. What became clear from the outset: Sending money to anyone can be simple, fast, and enjoyable.
Caught In 4K
As we cross 15 million NFTs sent, I see our airdrop costs growing exponentially. 😱
Then I realized it all still adds up to less than $2,000 😂
— vibhu (@vibhu)
4:02 PM • Jul 20, 2023
Weekly Take
It’s going to be nostalgic when new independent validator clients are 90% of transactions
— Solana Legend 🎒 (@SolanaLegend)
6:25 PM • Jul 23, 2023
Keks & Giggles
Our exit liquidity is coming
— Alfa | ⟁ (@alfaketchum)
7:40 AM • Jul 19, 2023
And that's a wrap!
If you'd like to reach me, respond to this newsletter or reach out to me on Twitter.
Talk soon!