Logo
Czar102's Website

My motivation for creating Blueprints

Let's go back a year. I was 18 years old, I already had several five figure bug bounties and top3 audit contests on my resume. I had worked as the Head of Judging at Sherlock making sure no bullshit findings are rewarded, and that correct ones are. I've looked at pretty many smart contract codebases by then.

Whenever working on another DeFi project's codebase, I had a certain feeling. The work felt empty. Maybe I could even find the coolest bugs. Maybe no one else would have found them. Secure DeFi! But hacks were and are still happening. And even bigger losses are happened because people put money in places they shouldn't (Terra Luna, for example) without understanding what they're doing.

Is the system so deeply broken, that even if I was a god-level auditor, I couldn't fix DeFi security?

Maybe if I created an auditing company, I could scale my efforts with the help of others? Maybe if I focused on educating auditors, we could fix DeFi? There are many companies and foundations focusing on these, and they haven't succeeded in securing DeFi yet. The last option, if it's at all possible to fix DeFi, is that we're going about it the wrong way.

I think that's the case. The problem of DeFi is NOT that we're having too few audits. It's NOT that we lack skill. I think DeFi is unsafe simply becase we make mistakes in smart contracts. (seemingly not a very innovative thought, but read on…)

Why do we make mistakes in smart contracts?

  1. We write smart contracts.

  2. The smart contracts are complex enough so that we may make and miss mistakes.

That's pretty self-explanatory. If we didn't write smart contracts, we wouldn't make mistakes. Also, if we wrote extremely simple smart contracts, then their verification would be so trivial that it could be done by anyone! There wouldn't be much to break there. Note: "short" is not equal to "simple"; with 3k lines of code context, even a 10-line-of-code contract may be complex.

What DeFi product creators really want is not directly to write smart contracts (I hope). They want to create a product.

So… it would mean that we have to create DeFi products:

  1. without writing smart contracts, or

  2. if the first is not possible, write extremely simple smart contracts so that there would be nothing to break.

Even though that sounds extremely difficult, I think that is possible!

Obviously, I won't be able to fix the part of DeFi that's created without caring for these principles. But I will be able to help EVERYONE who intends to create a safe product.

That's Blueprints. Most DeFi products can be easily built using 1-2 basic primitives and without deploying any new smart contracts. Finance creates terms for many concepts, even though many of them are the same, with a changed subject. There are a lot of bullshit rules, and with DeFi we can afford to skim them to condense products to what they're really about. Not only simplify code, but also the products themselves.

Right now developers are just far from creating simple code. They don't know how. And it's not their fault – they are just lacking the proper framework.

I think looking for countless mistakes of others is a really bad way to secure DeFi. Preventing these mistakes in the first place – that's the only way.

And THAT is something I want to spend the beginning of my [adult] life on.