
From Open Source to Open Safe: Enhancing Web3 Security
One of the strengths of Web3 is also one of its weaknesses: open sourcing. Despite the vast amounts of money in Web3, it remains true to its essential foundation of collaboration, exemplified by how many projects are open-sourced.
This feature enables both rapid development and unlikely collaborations and is most certainly one of the reasons that blockchain technology advances far more quickly than any other technology. However, it also comes with its drawbacks.
The Silicon Valley startup ethos of moving fast and breaking things has naturally carried over into Web3; however, coupled with open sourcing, it exposes vulnerabilities. Projects are often built on top of each other, for instance, forking the codebase from one project and developing along different lines.
It’s akin to the way things grow in nature, such as mycelium. A break creates the space and new direction for continued, sometimes rapid growth.
However, building on the foundations of someone else’s codebase also brings flaws yet to be discovered. Sometimes, projects can easily forget this, assume the original code is entirely secure, and focus only on potential vulnerabilities in their code.
The fact that development is so rapid in Web3, coupled with the vast sums of money in the space, makes it an attractive target to hackers. The incentives to find new ways to exploit code are much higher than in other areas of tech development.
Nothing is ever 100% secure. Even after protocols have completed audits, new ways exist to create additional attack vectors. The idea of constantly auditing code is both time and resource-intensive.
The best solution to the problem is to once again rely on the collaborative nature of the Web3 space by leveraging the knowledge and experience of white-hat hackers. This is usually done through a bounty program, where hackers are rewarded for finding exploits and notifying the project before any disasters.
This is why we’re developing our bounty app called Bounty Hawks. However, bug bounty programs are nothing new; they’ve been around for a while, so why are we doing this?
Current bounty programs can be limited in scope or overly burdensome for projects to onboard with. It’s yet another new user interface and workflow for the team to learn how to use.
The beauty of Zesh is that all of our apps will function along similar lines of workflow and give a familiar user experience. In addition, we’re focused on removing barriers to entry for projects so they can swiftly onboard and rapidly access the ongoing security they need.
Our team will also include people who have worked for or designed other bounty programs, so we’ll learn from their experience, bringing the good and avoiding the pitfalls of different offerings. Security is an ever-moving target in the space, so we plan to develop an innovative bounty app that flexes and adapts to the changes in Web3.
While open sourcing is an incredible advantage for building projects, it’s just one-half of the solution if it isn’t also leveraged to secure them. Bounty Hawks will provide that much-needed addition to open sourcing to help provide ongoing safety and peace of mind for all our users.