undefined | Better HN

0 pointsJhsto4y ago0 comments

Note the difference between "I could not find any bugs" and "I proved there are no bugs". I would assume only the latter are hired. Yet, program proving as in formal verification is a very academic specialisation. The reluctance to hire these people seems partly a) unawareness these methods exist and b) capability to evaluate whether someone knows enough. To my anecdotal experience founders of DeFi applications are not that tech savvy, so instead of trying to understand Solidity (untrivial) they instead place bug bounties or hire a special firm to give a stamp of approval for a product launch.

0 comments

R0b0t14y ago

My take on formal verification was that we are still not close to being able to usefully prove the validity of the types of nontrivial programs that make up DeFi contracts. It can help, sure, but companies serious about security need to invest in internal auditing (that may not seem to be generating obvious returns) instead of hoping for a bug bounty Hail Mary.

If these firms are out there and are being hired I suppose that counts.

j / k navigate · click thread line to collapse

0 pointsJhsto4y ago0 comments

0 comments

R0b0t14y ago

If these firms are out there and are being hired I suppose that counts.

j / k navigate · click thread line to collapse