zomglings, Moonstream DAO
December 1, 2022
Web3 security is broken. The space is dominated by consultants who work with you for a handful of weeks, mostly restrict their attention to your smart contracts, and bear no downside for undiscovered vulnerabilities.
<aside> 💡 At Moonstream, we understand three things:
</aside>
Web3 applications involve smart contracts, web infrastructure, frontends, and live operations. The security of a web3 application is only as good as the minimal security of each of those components. Securing only the smart contracts is not enough. The Ronin chain hack is a clear demonstration of this.
Good engineering teams frequently ship improvements to their software. Even if that software includes smart contracts. This makes the current model of engagement with web3 security firms intellectually inefficient and exorbitantly expensive.
Those of us building novel web3 applications in 2022 are betting our reputations and our livelihoods on the technology we create. It is absurd for us to entrust its security to people who stand to lose nothing if it gets hacked. Incentives matter. Especially in security.
<aside> 💡 This leads us to two decisions:
</aside>
Our platform hosts entire economies. We especially cannot afford to outsource our security. The buck stops with us. We will be building our own internal security team and make sure that their interests are the interests of our organization.
We have observed that our customers and partners are as poorly served by web3 security firms as we are. If you are a Moonstream customer or partner, it is already in our interests that you not get hacked. We are open to increasing our mutual alignment by offering you security services as an extension of our partnership.
Our security services are structured as a long-term agreement with a fixed fee and with bonuses for all exploits we find.
We are looking to provide deep security services to a small number of projects that we work closely with. This kind of depth can only come from a long-term relationship with a security team that really understands your technology and how it is used.
Conversely, we are not particularly looking to scale this line of business. Our aim is to protect our closest partners from existential security threats.
We have already provided much more value to our partners than any other web3 security team. If you are interested in Moonstream Security services, you know where to find us.