The Problem with Smart Contract Audits (Merlin Hack)

📢 Sponsor | 💡 Telegram | 📰 Past Editions

Good Morning,

Consensus 2023 is still ongoing in Austin, Texas. I’ve been hearing whispers that the number bottle being popped is on the decline. Unsurprising given the bear market.

Don’t get too drunk this weekend!

In Today's Email:

• What Matters: Smart contract audits challenge 👨‍💻

• Founders-Investors Highlight: Garlam Won, Managing Partner of Momentum 6 🌊

• Deal Flows: StanChart $36M crypto custody 🔒

WHAT MATTERS

Merlin Hack: The Challenge With Audits

State of play: A DEX on zkSync called Merlin lost ~$2M of its MAGE token public sale. A member of the Merlin team drained all of the funds. The team is reportedly located in Serbia and authorities have been notified.

• Crypto Twitter thinks that it was a planned rug all along. Check the full breakdown here.

• Some belief that the sole founder was responsible for the exploit, leaving the other team members in the dark.

• Certik, a blockchain security firm, audited the protocol. It awarded Merlin a score of 90 before downgrading it down to 38 after the rugpull.

• A number of Certik’s competitors criticize the audit, stating that if there’s a possibility of a master key that can drain the whole fund, it should’ve been communicated more clearly.

• To compensate, Certik is planning a compensation plan to cover the $2M. It’s urging the developers to return 80% of the funds, with the remaining 20% given as a white hat bounty. It’s unclear if Certik will ever compensate the hacked users with its own capital.

The key takeaway: An audit is not a guarantee of absolutely safety. That said, audit firms should be held to a higher standard. As the industry matures, we should aim for audit firms to face consequences for their mishaps, akin to the EY-Wirecard case.

Why it matters: Selecting the right audit firm is key. Last year, I did a quick analyses of exploits using RektHQ’s data. Here are the results:

For builders: Don’t cheap out on audit cost. Find the right firm to work with and ensures that the scope of the audit covers critical vulnerability in your protocol.

For investors: Smart contract risks is the equivalent of counterparty risks for DeFi. Make sure that you’re conducting proper diligence and mandate portfolio company to allocate a percentage of their capital towards security-related efforts.

BROUGHT TO YOU BY

Bulla Network

Struggling to keep track of your transactions, airdrops, and payments?

Discover Bulla, the ultimate web3 accounting, invoicing, and tax solution, designed specifically to help the crypto-savvy like you.

🚀 For Traders: Maximize efficiency with our all-in-one dashboard! Import, manage, and track your transactions from 12 different chains seamlessly. Focus on what really matters: your trading strategy and profits.

🌐 For Businesses: Revolutionize your payroll and tax process! Send multiple payments to different wallets simultaneously with ease. Effortlessly track, tag, and export all transactions for hassle-free reporting.

💼 For Freelancers: Seamless payments, invoicing, and bookkeeping. One-click invoice your clients using any ERC-20 token. Stay organized and get paid faster than ever.

Try Bulla NOW, for FREE - only for the next 30 Days!

BUILDER-INVESTOR HIGHLIGHT

Garlam Won, Managing Partner of Momentum 6

Garlam Won is the Managing Partner of Momentum 6, a blockchain VC firm that also incubates projects, writes research, and helps with marketing. Boy, that’s a lot.

• The firm started as a marketing agency for crypto firms before transitioning to a full-fledged venture firm.

• Momentum 6 has three different newsletters: Renoded, The Crypto Illuminati, and M6 Labs.

• The firm is now based in San Francisco with 17 employee headcount.

Previous backgrounds: Garlam had numerous experience both in TradFi and crypto. He was formerly an investment banking analyst at JPMorgan, a management consultant at Deloitte, and the Head of Marketing at Harmony blockchain.

The big idea: Momentum 6 aims to use its research and media arm to gain awareness and deal flow for its venture fund. Additionally, it will also help its portfolio companies with marketing, helping them reach a wider audience.

Take a peek at our new referral reward at the bottom of this issue. Share this newsletter and receive our list of 100 smart crypto investors' wallet addresses 👇

DEAL FLOWS

Standard Chartered Crypto Custody Raised $36M

Deal flows remains strong in the past week 🤝 — we saw $120M+ in deals.

Standard Chartered $36M Crypto Custody: Zodia, a crypto subsidiary of the StanChart bank raised $36M to pursue international expansion. Zodia Custody was initially announced by StanChart and Northern Trust in 2021.

• The capital will be utilized to increase the firm’s token coverage and improve settlement services.

• Zodia has announced a joint venture with SBI Digital Asset Holdings to form a custody business in Japan.

• Zodia has a sister company called Zodia Markets, an institutional trading firm.

Deal flows in the past week:

• Colecti, $0.52M Pre-Seed Round

• MetaCRM, $2.5M Seed Round

• Rise, $3.8M Seed Round

• Amboss Technologies, $4M Seed Round

• Trib3, $2.1M Unknown Round

• Cata Labs, $4.2M Unknown Round

• DFlow, $5M Unknown Round

• Teahouse Finance, $5M Unknown Round

• Credora, $6M Unknown Round

• Thetanuts, $17M Unknown Round

• iZUMi Finance, $22M Unknown Round

• Zodia Custody, $36M Unknown Round

• Giddy, $6.9M Strategic Round

• TinyTap, $8.5m Venture Round

• Cosmose AI, Undisclosed $ Investment from the Near Foundation

QUICK BITES

• Coinbase responded to the SEC’s Wells notice.

• JPMorgan focuses on tokenization.

• Robinhood launches DeFi connectivity.

• FBI searches Ryan Salame’s (ex-FTX exec) home.

• Hong Kong urges local banks to service crypto firms.

• Grayscale CEO predicts ETF conversion decision by end of 3Q23.

• Franklin Templeton expands on-chain US Govt Money Fund to Polygon.

• Phantom Wallet expands to Ethereum and Polygon.

• Galaxy partners with DWS to bring crypto ETPs to Europe.

• Google Cloud plans to support Polygon.

MEME & NOTEWORTHY READS

• Paradigm’s read on moneyness in the digital age.

• Ram Ahluwalia’s thread on DCG default risk.

• Paradigm’s read on time, slots, and the ordering of events in Ethereum PoS.

If you enjoy reading this issue, please consider subscribing. It takes 1 minute of your time but it would mean the world to us 🙇

Disclaimer: All the information presented in this publication and its affiliates is strictly for educational purposes only. It should not be construed or taken as financial, legal, investment, or any other form of advice.