Today we have Dennis Yilmaz from the Sky

Frontier Foundation.

>> And obviously I think Sky is unique

because it's one of the only like

decentralized stable coins. If we do a

code audit and it returns some serious

issues, then we don't just fix them and

ship it, right? We actually like we pull

the break and we wonder what went wrong.

How how did this slip past the usual

internal reviews? Skye's codebase is a

little bit different where you have very

interesting names like maybe deposit

will be called kick or something.

>> So that by understanding the the names

you can already kind of understand what

it does. Ultimately we're going to run

into bottlenecks because the process is

is very involved and the amount of

people that have the the context and

that are trusted to do the work is

limited and we're already pretty much at

their limits.

Cool. All right. Welcome to the Web3

Security podcast. Today we have Dennis

Yilmaz from the Sky Frontier Foundation.

Dennis is the CTO of the Sky Frontier

Foundation. And if you're not familiar

with Sky, Sky is one of the biggest

protocols in the world, formerly known

as Makerdo. Um Sky stable coin USDS,

formerly known as D is the one of the

biggest stable coins in the world. um

the largest decentralized stable coin in

the world and it's the third biggest

stable coin in the world only behind

USDC and Tether. Is that all correct?

>> You got your facts straight, Jack.

>> All right. Nice. Nice. Well, uh great to

have you here, Dennis. Um thanks for

joining and yeah, let's just kick right

off into your background. So, how does

someone become the the CTO of a an

organization like this? What were your

what were your early, you know, where

did you grow up? What were your early

interactions with computers with with

that sort of thing?

>> Well, first off, thanks for having me.

Yeah, let's uh let's let's start there.

I've had a bit of a weird journey. Uh

and it's I think that's pretty typical

for crypto because it's quite a new

industry, right? And it's very uh very

high context, I would say.

So yeah, I've I've had a so I my

background is in engineering management,

but yeah, I ended up not really pursuing

that field as much. Um because when I

just got out of college, I bumped into

crypto. And back then I was still really

looking for something to be interested

in and excited about. And this uh

immediately grabbed my attention and it

was really good timing because I just

moved to Amsterdam at that time and I I

started becoming really interested in

like the startup space and I got very

excited about that and I felt like I

wanted to work in tech, work for

startups. Um so back then Amsterdam had

a really nice meetup community. So like

multiple times a week I would go to

meetups and yeah just learn about tech

startups in general. And then of course

when I learned about crypto,

I went to crypto meetups, right? And I

ended up like learning uh or getting to

know like the local scene, but also just

uh having an outlet for that like

newfound obsession.

So um yeah, I I mean I I started off in

that in that sense as a as a crypto

user. I also started to invest a little,

ended up just only losing money on it.

But in that journey um I I bumped into

also some entrepreneurs that were

building businesses related to

blockchain and crypto and um yeah

obviously back then this was 2017 there

weren't a lot of people working in this

space right and you weren't really sure

what you were looking for in terms of

background there were there were no like

uh majors in in blockchain or something

right so you were just looking for the

right uh soft skills I think mostly and

yeah uh context when it comes to crypto.

So yeah I I landed a job at a very early

stage uh startup in Amsterdam. they were

doing mostly consulting for enterprise,

right? So, they were basically helping

businesses understand what blockchain is

and how they can use it and how they can

integrate it. And that was a lot of fun

because uh yeah, it was it was just a

good fit for that era, right? 2017 18

people were just very excited about

blockchain and just trying to slap it on

on everything,

>> right? And uh yeah from there on uh I

started also um yeah getting familiar

with managing development teams

overseeing projects uh cross

functionally was a lot of fun definitely

learned the ropes there but uh during

those years I also started getting more

and more obsessed with crypto but also

finding a little bit more clarity where

where with regards to where the real use

cases are Obviously, DeFi summer

happened, right? Uh and yeah, I was

totally obsessed there and uh also very

convinced that that was like really the

the one thing that truly made sense and

that was worth to pursue. So that's when

I also left that prior like blockchain

or enterprise blockchain space because

frankly there was a lot of bullshitting

there like just like looking for use

cases and doing all these like pilots on

permission chains and yeah at one point

I felt like it was more about the the

press releases than actually like

getting your hands dirty and learning

about how the tech works,

>> right? So yeah, I made the jump to to

DeFi and then uh yeah, at at one point I

landed a job at Makerdo. Um and from

there on I really got to uh yeah, make a

few jumps in terms of the role that I

was playing. So yeah, very unorthodox

path, but when you when you when you

talk to other people in working in

crypto, usually you get similar stories

because it's just it's a pretty new

industry still.

>> Yeah. Yep. A lot of unorthodox a lot of

unorthodox paths. Um

okay cool. So let me think what what was

the catalyst? Sounds like DeFi summer

and then how did you land on makerd? It

was called makerdo then you know sky.

How did you land on sky? Uh in terms of

like this is one of the places I want to

apply to. Was there like a job

application open as well or? My first

job in DeFi was with a very early stage

protocol that was actually it actually

just launched and it was still figuring

out um its audience and its like core

product and that was a lot of fun but

then yeah that didn't really work out

and I figured okay I want to work for a

more established

>> company that already has a direction and

already has like a user base and

distribution

and I landed my first job at Maker

pretty uh like by chance. There was this

one guy in my network I used to work

with and he just reached out to me

asking if I had anything going on and

that's how I basically got hired into

one of the teams. It was really fun

because Maker Dow back then was um yeah

if you knew crypto and DeFi you knew

Maker D right you knew D you probably

were using like the vaults and stuff. I

definitely was a user. So there was

already a lot of like sentiment around

the pro the project and it was very

interesting because it was um just

around the time where the maker

foundation got fully dissolved and you

just had like a bunch of independent

teams that were trying to figure it out

together and interface with uh with

onchain governance. So uh yeah that in

itself was like a new intellectual

rabbit hole for me to get lost in right

Dow governance and yeah working fully

remote across all these independent

teams. So yeah that's that's why I went

for it. It just seemed very compelling

and interesting.

>> Yeah. Did you have any idea it was going

to be such a you know dow like Dow

focused decentralized role or were you

just like oh it's it's maker it's sky

that's something that I want to be a

part of? Yeah, I definitely had no clue.

Like I I I was hired for for a PM role.

>> Okay.

>> Um so yeah, I figured I'm just going to

do PM work, but then I learned that uh

if you join a project like that that's

so much in flux and figuring out how to

organize itself, right, as an

organization, you're naturally going to

get involved in that process. And that's

actually the thing that I also am good

at. Uh that's that's what I've learned,

right? that uh yeah I'm good at

participating in those those kind of

challenges across various teams across

various functions and it's also one of

the reasons I am uh in the the current

role that I uh that I am in.

>> Yeah. Okay. And so when you started out

there you said you're in a PM role. Is

that project or product manager? So my

first job at Maker was a product manager

role and I was mostly or actually only

focused on the the front end app that

people used to interact with its

governance system.

>> Right.

>> Right. So if you are MKR token holder,

I'm saying MKR because back then it was

still MKR.

>> Yeah.

>> You would use this website to follow

what's going on and also participate and

vote and delegate and

>> Yeah. There's this one team that built

it and designed it and actually still

maintains it and that's where I uh

started.

>> Got it. Got it. Okay. And what were some

of the you know so much has changed at

Sky over that time period. Um and

obviously a lot has changed for you in

terms of your role I'm sure. What were

some of like the milestones or some of

the things that happened that you were a

part of while all those changes were

going on?

>> It's a good question. I would say if I

zoom all the way out, I've been now

already part of a few cycles where it's

been really just about like figuring out

how to organize itself, right, as an

organization because um when I joined in

2021, there was this real push for

decentralization. The the foundation

just got dissolved and there was also a

lot of optimism there. But then the

following two years, I think that

optimism broke down because we could all

tell that like a fully decentralized

organization with full decentralized

governance, it could work for certain

things. Uh but there's also a lot of

things that it cannot handle, right? For

example, you could tell there was not a

vision, right? There was no there was no

real strategy. people were just like

micromanaging and fighting for more

budget and trying to grow their own

teams and coming up with additional work

without really having someone or

something

um set like a northstar and make sure

that the work that's being done aligns

with a broader strategy. So I think u

the cycles I've been part of in the

organization have really been about okay

how can we organize ourselves better

right without compromising on the fact

that we still want to have decentralized

governance and checks and balances and

um yeah

>> got it got it okay um and you know as

you're as you've kind of moved into the

role today what is your role today and

where do you spend most of your time

what do you spend most of your time on

>> yeah so now I'm the CTO of the Sky

Frontier Foundation which is a

relatively new entity um as as part of

the ecosystem that just uh tries to

drive the workforce and make sure that

the work happens and yeah basically I

lead all of the technical teams and I'm

I'm basically interfacing between

strategy and the the the technical

realities right of uh managing and

running a decentralized

stable coin protocol. So in that sense

most of my time is spent on calls

basically. Yeah that's no surprise I'm

sure.

>> Yeah. So just uh coordinating with all

the teams uh across all the projects and

just being all being a filter I guess

between all that stuff that's going on

when it comes to the day-to-day and then

the strategy team and that's in in both

ways right if there's anything that

needs to be implemented or changed then

I am usually the one to drive that but

also the other way around there's a lot

of there's a lot of noise happening in

the day-to-day work but there's

definitely signal in there that it's my

responsibility to to catch that and to

escalate and to bring it to the right

people. So, uh yeah, it's it's been a

lot of fun in in in that sense being uh

yeah, being basically working with

everyone, hearing everything and just

being like the high context person that

tries to uh yeah, spot the signal from

the noise basically.

>> Yeah. Yeah. Okay. Very interesting. As

we think about um Makerdo and Sky, how

would you give people a refresher of

okay, if I was familiar with Maker Dow,

if I was familiar with DI, how did those

things turn into, you know, Sky and USDS

and and Grove and Spark? Can you give

people a refresher on kind of what the

components are?

>> For sure. Yeah, that's a good question.

I've I've heard that a lot. Even people

that knew about Maker, they're kind of

lost of of in in terms of what's what's

happened since then and it's only been a

little over a year now. So, uh it's

still early. But, um I think the the

main thing that happened is there was

this massive rebrand into Sky and into

USDS. The main reason is that even

though Maker and and D had good like

brand awareness within the crypto space,

it just was not intuitive for for new

users, right? there was no like

coherence between the two but also die

like it's it it's not apparent that it's

a US dollar packed stable coin right so

this um this rebrand

it was really an investment into making

sure that we have a more intuitive and

coherent brand before like stable coins

actually scale to the rest of the world

that's been pretty successful I can

already tell within the crypto space

that Sky as a as a brand is is is there

it's sticky.

>> But also just from my own experiences

talking with non-crypto natives, it's

just a lot easier to explain. So yeah,

that's that's that's been great. Um and

then you mentioned Spark and Grove.

Definitely the biggest development um is

that um we now have these Yeah, we call

them stars, but they're I think they're

more easily

um understood as subdows. And the reason

why we have those is because there's a

lot of re operational realities when it

comes to having a decentralized stable

coin protocol, right? It's over

collateralized. It has a diversified

basket of collateral that needs to be

constantly managed and onboarded

offboarded

and it's just not it it has proven to be

not feasible to manage that with like a

fully decentralized organization.

So with this new framework, we basically

empower these stars to um to to do that

autonomously, right? So they are

basically getting a credit line from Sky

Core and they can allocate it into um

into various types of collateral. You

can already tell there's some like

specialization happening where for

example the first star that we've

launched uh Spark being very much like a

EVM DeFi specialist.

>> Mhm. And then Grove, they have a lot of

roots in like Trefy and RWA.

And I think so far it's been really cool

because you can tell these teams are

very um they can move a lot faster

because they're less bogged down by like

the the team size and all the processes

but still they're they are very aligned

with Sky Core because of the way that

their own token and their own like um um

yeah their own financials are being um

controlled and tied to Skyore. So it's

basically I would say um incentive

engineering and incentive alignment that

make sure that we can have these smaller

more nimble uh subdows do a lot of the

work when it comes to maintaining that

um um that pool of collateral that is

generating a yield for stable coin

holders um while still making sure that

they have skin in the game and need to

comply with all the yeah the

requirements over at the at Skyore.

>> Yeah. Awesome. Awesome. Um, and you

know, the way that I think of Sky is one

of the

most innovative and kind of pushing Dows

and decentralization forward the most.

Um, I know I watched a talk that you

gave in I think 2022 where you were

talking about Dows and kind of how we

can how we can improve Dows. what have

you learned over those, you know, three

or four years, whatever it is now, in

terms of how to make Dows workable?

>> Yeah. Yeah, it's a good question. So,

it's been

um in a way very humbling to be part of

to to be part of that process because

yeah, when I joined again, I was also

very optimistic and very excited about

Dows and fully decentralized.

But I think again we've just learned

that in in practice it it doesn't work

right because uh if you if everything is

decentralized usually you end up with

like a yeah an organization that just

tries to grow and grow and grow and get

more budget more people more projects

and it there also needs to be someone or

something that is uh that that that is

cutting the fat right and that makes

sure that there is a coherent strategy

And usually you cannot expect the token

holders or the shareholders, right, the

token holders to to to be to be that

force. And that's something we've we've

tried, right? There's been many like

delegates over at Maker Dow that have

really tried to do their best. But the

reality is that the the workforce, they

ultimately they are the ones that have

all the context. They actually get paid

to spend their time on it, right? So it

it just there was this dynamic where the

the delegates could not really

prevent the DAO from just growing and

expanding into like unnecessary projects

and work. So

>> if I were to summarize, I think

Dow's NO 2025 2026, it's really all

about like making sure decentralization

is uh protected and and upheld as a

principle, especially where it where it

matters the most. And then just making

sure that it's really about checks and

balances. But making sure though that

um for example managing work, managing

budgets that is like um delegated to

entities where of course the DAO still

has a say over

those budgets, those resources, the

leadership, but not that every single

decision needs to be managed by um

decentralized governance because it's

it's also if if you think about it, if

you own a stock in Google, you're not

going to be voting on uh I don't know

whether this engineer gets a raise or

whether

>> this particular team can can can work on

this project, right? There that's not

not realistic and it sounds really like

common sense when you put it like that,

but I think that's a lesson we've we've

had to learn collectively within crypto,

especially Dows.

>> Yeah. Yeah. Makes a lot of sense. Why do

you think Sky has been such a like

force? Why has it been such a focus at

Sky to, you know, push towards

decentralization? Like what does it mean

to you?

>> Yeah, good question. For me,

decentralization, it's definitely like

the the highest principle to to uphold

even though it it continuously evolves.

Yeah, I think especially when you're

dealing with DeFi, you're dealing with

other people's money and just inherently

you do not want to have like uh these

Yeah. highly centralized points of

failure where a single multisig can

access the whole thing. Um right that's

that's an obvious one but just in

general also making sure that um when it

comes to the development cycle for

example there's not just one engineer or

one engineering team that can that can

push code on the blockchain right you

need to have these checks and balances

and ideally as much as possible happens

out in the open um and also making sure

that not only everything is transparent

and out in the open but also making sure

that it's practically verifiable

Right. So, making sure that there are

people that also have the means to do

those checks um and potentially are even

incentivized to do so. That's I think um

yeah, that's I think the the principle

we have to uphold as an industry because

it's you you naturally end up with a

system that's more that has more checks

and balances so it's less prone to

failure. But I think also realistically

um it's uh easier to build, right?

Because if you if you're building a DeFi

protocol and it's it's it's uh it's

custodial, right? So the people working

on it have access to the funds. I mean I

I don't know how people can even live

with that responsibility, right? It's uh

in a way it makes things a lot harder

also as a builder. So that's why I think

u Sky has always been like a

decentralized protocol in that sense and

even though the way that um materialized

it has been evolving to also make things

um yeah to to keep it moving forward and

making sure it doesn't bog down into

this uh process that I mentioned

earlier. But uh yeah

>> yeah makes sense makes sense.

What are some of the kind of security

related learnings you've had in terms of

having these different kind of entities

interact with each other? You know, what

are what are some of the I don't know

things you've put standards you've put

in place or or or software or something

to kind of, you know, be one of these

teams that is able to effectively

work with these different organizations

as one?

>> It's a good question. So when I grew

into this role, I also had to also had

to understand how that works over at Sky

because yeah, it's definitely a project

that uh I think has a very good track

record in terms of security. Uh there's

never been like a major exploit and

yeah, it's been around for a long time,

right? It's really one of the oldest

DeFi protocols,

>> right? But even apart from that now that

I'm also observing like the day-to-day

even like the like the code audits

usually returns zero issues right so

there's something out there that's

>> extremely rare but

>> I know yeah you you you you you of all

people know know that right so yeah and

it really uh comes down to there's just

uh that the people that work on this

project especially the engineers that

are closest to the core they have just

an incredible

set of principles and processes in in

regards to how they work. And um it's

something that yeah, it's been really my

main challenge to try and and scale that

to the rest of the organization and try

to solidify it and document it. Um so it

it it really starts with that just

having really good really senior

engineers that have a lot of context and

understand how all the nooks and

crannies of the protocol works. That is

definitely uh the the first thing. The

second thing is making sure that their

process is like really bulletproof and

that they take it really seriously,

right? So uh even though sometimes

you're under time pressure to deliver,

right? To deliver against business

needs, you can never compromise on on

thoroughess. So making sure that um

especially the internal code reviews are

really solid. And then making sure that

the third step which is uh code audits

that you you don't really rely on that

during the development cycle, right?

That's really just like a last stand.

And over at Sky, if we if we do a code

audit and it returns some serious

issues, then we don't just fix them and

ship it, right? We actually like we pull

the brake and we wonder what went wrong.

How how did this slip past the usual

internal reviews? Then of course on top

of that um yeah when it comes to audits

we are very picky with regards to who we

work with. So we want to work only with

the best auditors that have actually

also worked with us for a long time. So

they've built up all this context with

the protocol given that it's quite an

old and um uh yeah elaborate complicated

system.

Um yeah, and then even if you if you're

at that stage, then you still have the

onchain governance system that you need

to go through and that's another like

crazy uh watertight security castle

almost. And the reason is because um

this because of the fact that Sky is

non-custodial, it's fully decentralized.

Every code change you need to do, you

need to go through this onchain

governance process and you need to get

people to vote on it and you need to

write uh or or or code what we call a

spell which is like this this onchain

payload that once it uh passes the

governance system it executes and it it

it changes these parameters on chain.

Those also get reviewed very thoroughly.

So there's just like it starts all the

way

within these like engineering teams and

the way that they work and then we have

all these like processes that um yeah

act as extra um protection barriers

basically.

>> Yeah. Yeah. Okay. There's some really

interesting things in there. Definitely

want to dig deeper on spells and your

process there. But most teams really

struggle, you know, with audits where

the there's a lot of issues that are

found in in the audit sometimes and it's

really difficult to figure out how to

prevent that. What do what do you think

you do well? What do you think the team

does well um that's maybe different in

those early pre- audit steps and what do

those steps look like? Yeah, it's uh it

it it may sound very uh simple, but it's

it's really just

um making sure that the audits are not

considered to be like a like a help

during the during the development

processor. It's really like the last

stand and you need to make sure that um

when you're writing code you need to be

very um deliberate about what you're

doing but also be very uh high context

right so try to already consider how can

this uh create like unintended

interactions

with stuff that that's not directly

related but indirectly related right the

protocol itself it's pretty complicated

it is it's it has a pretty big surface

area. So, you want to already consider

that when you're when you're designing a

new uh module, but it's also, I think, a

matter of um game theory or at least

having that that that thinking as as as

being an engineer. can tell that the Sky

Core devs they're they're really good at

that where they don't only consider like

how can I make sure that the code does

not contain any bugs but also

considering like how could a bad actor

>> even in internal to Sky how how could

this be misused

um and that's something that I'm

particularly proud of is that not only

is the the code quality really good like

based on these audit results but also

just in general like they haven't found

ways to um to exploit the code or find

creative ways to uh make the system uh

um yeah perform in in in weird ways that

again sounds very easy and we've also

learned that it's very difficult to

scale. So as you mentioned right we're

now on boarding all these additional

teams uh that also means more engineers

that are a little further away from the

core and it's it's like the the results

there have been mixed right it's not

been like this perfect track record that

we're that we're used to but that's okay

because we still have all these like

barriers in place and we we we caught

all of that and we're actively yeah

building up this like security framework

so that um when a new engineer joins one

of these subdows, they have a they have

an onboarding, they have a clear like

write up in terms of requirements and

and principles and practices that they

can can learn from. And yeah, the good

news is while we are figuring out all of

that, there's also just like the the

audit landscape that is evolving, right?

There's now these like LLM powered

auditing tools that have proven to be

very very powerful. And uh also the the

auditing firms that we work with

including Sherlock by the way they're

also just becoming better and better. Um

so yeah in that sense it's been um it's

it's not only been like a learning

process internal to Sky but also just

evolving with the the the space in

general.

>> Yeah. Yeah. Makes sense. I guess part of

the, you know, maybe it's part of your

job to kind of make sure some of those

teams are having a similar level of

scrutiny on the code they're writing.

You know, how do you think about

instilling that culture as you grow and

as you expand?

>> Yeah. Yeah. It's obviously one of the

most important things, especially when

you're working in DeFi, but it's it's

definitely challenging, right? because

um in a in a lot of um um cases it's

also just a matter of context and

experience, right? So even though you

have a very good new engineer and you

can give him a decent onboarding,

ideally you have this person just build

up hands-on experience with the with the

protocol and with the processes and

ultimately that just takes time, right?

One example is uh the teams that are

involved in spellcrafting when they hire

a new engineer they usually take like

half a year to just

>> wow

>> have that person like uh learn the ropes

and we don't trust that person until

then right and that's really because

again if you're if you're involved in

this kind of work you just need to

understand how the whole thing works the

whole protocol works and if you're

writing a spell that's uh supposed to

achieve a a certain an outcome, you have

to understand how the rest of the system

works in order to make sure that it's

not causing these like unintentional uh

interactions with with the protocol. So,

yeah, that's that's been a huge

challenge, making sure that um we also

just don't rush, right? And we make sure

that we we take the time to have these

people build up exposure to the

processes and and yeah, and also the

protocol itself. And uh yeah, in the in

the meantime, just lean into um yeah,

external parties, especially auditing

firms um to make sure that we still have

capacity to execute.

>> Right. Right. And let's talk about you

mentioned spellcrafting.

Maker has a little bit of a or sorry,

Sky has a little bit of a different

system when it comes to I guess

implementing the code once it's written.

Not only do you have to write the code

and make sure it's secure, then there's

this um this process. Can you talk a

little bit more about spill crafting and

how you guys approach it?

>> Sure. Yeah. So, I'll I'll briefly

explain how how the the governance

system works. So, we have this uh thing

called Atlas. It's quite difficult to

explain, but it's basically like a a

system data set that encompasses all the

processes and all the rules and and all

the parameters as well related to how

the protocol and how the how the

organization works. And every time there

is a um proposed change to the atlas,

right, to update certain values or to to

implement a process, then it needs to be

voted on. Uh and we have a a a polling

system where skyh holders can

participate in governance pools that

happens pretty much every week.

>> Wow.

>> And then there is a another cadence

uh what we call spellcrafting indeed.

every two weeks there is a an executive

vote and that's basically like um

another voting event that happens that

is tied to a spell and basically what

that does is it implements stuff on

chain right so if if you want to make

any changes to the to the to the

protocol you need to go through this

process and then again sky token holders

they need to vote on it and the changes

cannot happen until the the majority has

voted it through or in in in this case

not the majority but there's like a

quorum in terms of like voting weight

and even if uh this executive vote has

passed right it it has met this quorum

then there's still like a governance

delay before that spell can be executed

which means that someone can call a

function on that contract which then

actually causes all the uh parameter

changes to occur ultimately um spells

basically get root access to the entire

protocol. So, it's a very scary thing to

do, right? It's it's definitely one of

the one of the strong suits of Sky that

also I think has contributed to the fact

that it hasn't been exploited and it's

it has a really good track record is

because you cannot just arbitrarily ship

code and and mess with the protocol.

they have to go through this bi-weekly

cadence where all the token holders are

also participating and um there's a lot

of scrutiny involved there. Um but yeah,

when you're having a team write a spell,

you need to make sure that that team is

like really good and has a lot of

context because again getting root

access to the whole thing. So um

seemingly a spell is really easy, right?

because it's just just a matter of

changing some parameters, onboarding

some stuff. But then yeah, in in how you

achieve those outcomes, you need to make

sure that you're not causing unwanted

interactions with the rest of the

protocol or maybe creating some attack

surface uh that that could be exploited

further down the road. And especially

with spells, I think the big danger is

always that

even though it's not something you're

not creating a vulnerability right away,

but you can gradually inject code into

the protocol that after a couple of

spells or after a certain amount of time

or in certain conditions, suddenly there

is this new attack surface that can be

exploited. So

>> that's why spellcrafting it's a very

yeah high context high trust process

with a lot of scrutiny. We also have

multiple teams that like uh that take

turns and that also review each other

and there's a very thorough process in

terms of uh making sure that the the

review process is very structured and is

well documented and um yeah that's

basically spellcrafting in a nutshell.

>> Wow. Wow. Yeah, that's a a very involved

process and very, you know, important to

the system to get it right. Okay, so

you've talked about kind of the

engineers and their back, you know,

having deep context on the code, um,

doing pretty deep internal reviews,

having these systems for kind of

governance or token holders being

involved in the spells. What else do you

think are interesting kind of security

measures that Sky takes that maybe

people from the outside wouldn't know

about or that most protocols might not

take?

>> Yeah, I would say uh it's um related to

how the the governance system works.

What I really like is that uh there's

many like there's there's different

stakeholder groups that all like watch

each other in a way and they're all

incentivized to do so. And there's also

like penalties for missing things. So I

think the the the the scrutiny and like

the checks and balances amplified by

positive and negative incentives that

starts all the way at the beginning of

the process before development teams

even start working. Right? So making

sure that the um the changes to

parameters or like the the actions that

ultimately need to be uh need to be um

created in code

that that they that they're allowed that

they make sense. Um yeah that is um

pretty elaborate. So there's a pretty

big lead time and also like the the the

governance operations process is pretty

uh bespoke and I think that's al also

very important because um that's where

you can also already catch a lot of um

yeah malicious behavior.

>> Yeah. Yeah. Makes sense. I have a

question for you on the make on the on

the sky codebase. So when most teams are

writing solidity code and they have like

a deposit function, they'll call it

deposit. Sky codebase is a little bit

different where you have very

interesting names like maybe deposit

will be called kick or something. Is

this what's the what's the backstory

behind that? It's a it's a good

question. So, I obviously wasn't around

when like the original protocol was was

designed, but I uh yeah, obviously I I

do know a little bit of lore in in in

that context. Yeah, first off, I agree.

It's quite um yeah, it's it's

interesting, right? You don't see it

with in in in in other projects.

I think the intention back then was to

uh just have like um I don't know have a

set of like making sure that the the

that the functions

are coherent in a way so that by

understanding the the names you can

already kind of understand what it does

and how they relate to other uh other

functions in the in the system. So, this

actually ended up being named informally

as Daiwanese back when we still had D.

>> And it's uh like yeah, there's people

that love it. There's there's people

that hate it. What I can tell from my

experience is that it it it helped

especially non techchnical stakeholders

uh like yeah, basically you give them a

language to express what they're what

they mean, right? So uh I've for example

seen um yeah there was this delegate

back in the maker dow days he was called

flip flap flop related to like the flip

flap or flop auctions in the MCD

protocol but then there's also this uh

notion of barking which is uh basically

uh yeah that allows for a position to be

liquidated. I don't know. It's it's

quite at at first glance it's a little

weird but then like yeah if if you're

part of the ecosystem it actually ends

up being pretty useful because um yeah

you can kind of understand like what it

means and how it relates to other

functions and it just gives you like a

good language also for nontechnical

stakeholders to uh yeah to to explain

what they're what they mean. That having

said though, if the the core devs would

have the chance to completely

rearchitect the system, I'm not sure if

they would do the same. But because the

learning curve, it is definitely steep

and we've uh we've also seen that cause

issues with auditors and with new hires

and Yeah.

>> Yeah. Yeah. That's another interesting

topic is, you know, I I know you have a

lot of devs. I don't know if you have

internal kind of security auditors, but

for devs or for internal security

auditors, like how do you look outside

of the Sky ecosystem to hire or how do

you look at hiring?

>> Yeah, it's a good question and that's

something that's been uh in flux quite a

bit. Up until half a year ago or so, we

didn't really have that many development

teams over at Sky or I should say it has

fluctuated a lot. Obviously during like

the real like DAO days where there was

uh yeah really everything was done

through like decentralized governance

there were more development teams. I

would say that um this like security

culture and the security practices but

also like the hiring practices related

to that have been um pretty unique to

these various teams and there have been

like yeah interactions between those

teams so that there is this like

overarching culture. It's mostly been

just a a matter of like hiring people

that that are already trusted, right? So

from their own network or from other

projects with a good track record. But

yeah, we've we're now seeing that that

is not really scalable, especially if

you need more people. And I think just

in general as the crypto space becomes

more mature and is attracting more

talent from outside of this like small

OG bubble, um it's it it's something

that's uh definitely um yeah, it's it's

it's become a bit more difficult.

And what we're trying is we're trying to

um to codify and document

some of those practices and and

principles in the in the atlas so that

it's no longer sitting in these in these

brains of these handful of engineers,

but it's something that's that's out

there and you can easily like have

people um teach themselves. But there's

this other initiative uh yeah we call

protocol security. It's basically this

internal work stream where we have some

uh people with an interesting profile of

being like tech first but also having

good soft skills and being able to

manage cross functionally. They actually

just go through the whole organization

but also zoom out and look around in in

the DeFi space and try to understand how

we can improve and how we can scale on

that front and basically coming up with

initiatives that improve the security

practices and then try to implement

those. So we have a a road map for that

and um yeah it's like this continuous

project where we try to um add things to

processes but also solve problems that

we're that we're having on that front.

>> That's super interesting. What's kind of

the purview of that protocol security

team? Is it just code security or is it

more?

>> I would say it's uh a bit broader. So

for example, we're now also looking at

ways to make it um yeah make the

onboarding of new development teams more

more effective and less reliant on

people and ad hoc calls and maybe even

having some like exercises and exams

that they can go through. Another

example is a a skywide OBSAC training

for not only engineers but also people

that are on on multisig or that somehow

manage infrastructure. That's been

something that's uh it's been very

implicit for years because everyone at

Sky was cryptonative and we just

generally expected everyone to manage it

for themselves. And of course things

like GitHub repositories and the

protocol itself that was actually

managed properly. But yeah, we've we've

also brought in a lot of like non-crypto

natives over the last 12 months and

those people are now they have to sign

multi transactions and yeah, that's one

thing where we're now trying to um yeah,

coordinate that top down and make sure

that there is a certain standard that's

been implemented that um that that we

can also um be certain of through exams.

for example, making sure that people

that are on that are signers on

multisig, they went through an exam to

make sure that they can verify domain

hashes.

>> Wow.

>> Right. And then there is this other

pretty new thing to Sky where uh we're

looking at LLM based

auditing tools,

>> not as a replacement for uh for

traditional code audits, but just

figuring out like how can we integrate

this into the development life cycle. um

and just yeah f further improve and get

like early feedback to engineers even

when they're still designing modules

right so that hopefully these audits at

the end of the of the cycle they

continue to return zero uh serious

issues

>> yeah yeah no that's super important I

what you said on the OBSAC and like

taking a test before you can sign a

multi-IG transaction that's super

interesting and and fascinating to me

can you say more about kind of what some

of those opseyc measures are or what you

know what's on that test.

>> Yeah. So what we ended up doing is we uh

we hired an external company to give us

a bunch of trainings when it comes to

OPSSEAC and it uh yeah it was pretty

broad and it wasn't just about multisig

and crypto but just in general like

working fully remote in an environment

that's becoming more and more hostile

and more and more dangerous right so

making sure that um yeah especially also

the communication channels that people

use that also those are very well

protected

uh and just making people aware of uh

what good good OBSAC looks like in looks

like in in general from um from from UB

keys to like cold cold accounts and um

yeah and then of course being on a

multisig

that is uh yeah that's a very important

one that's also a little bit more

involved because uh yeah you can tell

that as an as an industry I think we've

we've had some pretty rude awaken

wakenings the past 12 months on that

front and you can tell that the um the

big exploits are moving away from like

smart contracts being exploited towards

like front ends being hacked.

>> Right.

>> Right. Or DNS attacks or Yeah. indeed

like um you you get you social engineer

people so that they end up signing

malicious actions in a in a multisig,

>> right?

>> And I think that that tooling landscape

is getting a lot better. I think

obviously the safe team is doing a great

job and their their front end is is

getting better and better but still it's

it's very involved and um it just yeah I

think we need to take it we need to take

it serious right and make sure that uh

yeah especially using a hardware wallet

connected to a multisig

um making sure that even in a

complicated setup like that you are able

to verify every single hash that you see

and make sure that you do not sign it

until you know 100% sure what you're

doing. And um yeah, that's typically one

of those things that because there's

always like day-to-day work, there's

always too much work. That's an

initiative that you just need to like

coordinate top down in like a separate

work stream

>> and also find a way to enforce it,

right? And we found that doing exams is

is the the the best way to do that.

>> Interesting. Interesting. So you give

internal members tests to make sure that

they understand the fundamentals of

signing a multi-sec transaction or

whatever it is.

>> That's right. Yeah.

>> Very cool. Very cool. What would you say

is kind of the biggest area of focus on

the security side for Sky? I would say

the um the existing requirements and and

processes that are in place when it

comes to the internal reviews, the code

audits and then of course all these

steps related to the the governance

process in spellcrafting. I think

they're they're solid, but I think we

need to figure out how those scale,

right? Because um the plan for the

upcoming year is to add more more

subdows, right? more stars and um

ultimately we're going to run into

bottlenecks because it the process is is

very involved and the amount of people

that have the the context and that are

trusted to do the work is limited and

we're already pretty much at their

limits. So we're basically um finding

ways to

um yeah

work even more with external companies

and like trusted auditors that can help

us be an additional uh check there. So

basically scaling the uh number of

individual security researchers that

we're comfortable working with. There's

of course um yeah, as I mentioned,

making sure that we um leverage the the

latest tooling out there, making sure

that um that's tightly integrated into

all our all of our processes. But then

we're also just right now looking at

ways to

um refactor some of the uh modules that

we use for things like uh that that the

stars use to allocate into yield

opportunities.

uh because that module has been designed

about two two and a half years ago by

now. It's it's solid, right? It's lindy.

It's been it it has has a lot of

exposure, but um yeah, after having

these subdows operate for a while,

there's a lot of learnings. So, we're

now looking at ways to like improve that

design so that it can work a little bit

more efficiently, be less reliant on

spells, especially for like smaller

parameter changes. All the while not

compromising on um yeah on on the the

checks and balances that we have today.

>> Yeah. Yeah. Do you have like a I don't

know an internal philosophy around you

know obviously you prioritize security

very strongly but you're a a company

that has to earn revenue and get users

and that sort of thing. Do you have an

internal philosophy around balancing

those things like when to make a spell

or when to upgrade a contract?

>> It's a good question. I think the if I

just look at the where the project is

going um there will be more uh subdows

and I think these subdows they will need

to have um clarity with regards to what

they can allocate into and what the

rules are and what what the incentives

are also the negative incentives. So

there's this risk framework that's

that's uh in place today but that's

continuously evolving and and being

built up so that these uh teams

understand what to allocate into and

like how much uh risk capital they need

to have available uh as a as a way of

hedging the the risk

>> of these particular allocations that's

very much in flux but when it comes to

like the code security

um so far the culture has been and I

would really like to keep it that way is

to not compromise at all.

>> Right? So when it comes to um hard

requirements in terms of how many audits

are required and what the what the

result should be that should that should

never be compromised on. And if there's

um if if if something goes wrong and and

causes a delay, that just means that you

use the the the next spell right in two

weeks or in four weeks. But we're not

going to compromise on those um yeah on

those requirements in place. So so

that's the culture that we that we do

have today and that is uh yeah what

we're going to uphold even as we scale

the organization.

>> Got it. Yeah, that was okay. That was

going to be my next question because

obviously you guys have been really

successful on the security side of

things. Um and and so you know that

culture that you just described is it

makes a lot of sense. Um but you have

four I guess subdows that are announced

this year. I think four more something

uh next year. Can you you know is the

plan to have all those eight subdows

have the same standards as like the core

uh Sky protocol?

>> Ultimately yes. Yeah. I'm saying

ultimately but the answer should just be

plainly yes. Yeah. And what we've seen

is that um also for these teams you can

tell that uh it it causes friction

because inherently these teams operate

more like a startup than compared to

Skyore, right? They want to move faster.

>> Their incentive is to like yeah allocate

into yield opportunities, generate a

spread that then ends up uh to the the

token holders of their star, right?

Their subdow. Yeah, it's it's um

being one of the early stars, it it

hasn't been easy for them because they

ended up like building up this framework

together with us,

>> right?

>> And often being bottlenecked by the

Skyore side. But yeah, even in 6 months,

we've already learned so much and we've

improved a lot and we've uh we've we've

started scaling in the right places. So

I think the answer is uh is an absolute

yes where the the the requirements will

apply equally to all of these stars.

And um they will have to find creative

ways to make sure that their code is as

as as good as possible, right? So that

if they submit it into if they submit it

for audit or if they submit a a spell

for review, for example, that there's

not going to be any any findings in

there. And we've already seen that um

we have stars that contribute to

figuring out the framework within Sky

itself, but they're also just paying for

pre- audits, making sure that they can

get some extra eyes on the code.

>> Uh and yeah, do a bunch bunch more

iterations before they even submit it to

Skyore. So I think that in itself has

been successful where you have like

these smaller teams moving faster,

moving autonomously

but yeah having um very clear rules but

also incentives on how to operate

especially when it comes to code quality

and uh yeah basically getting creative

and how you can achieve those results um

and basically getting better and better

as an engineering team.

>> Right. Right. So, I guess speaking of

getting creative, you talked a little

bit about LLM or AI auditing. Um, what's

the, you know, what do you think about

it so far and and how are you

experimenting with it?

>> Yeah, honestly, it's it's something that

came to my attention quite recently. I I

I know that this has been a thing, but

I've always thought that it's not ready

for the real deal yet, especially when

it comes to like a more more complicated

protocol like uh like Sky. But we've had

one of our teams experiment with it and

they've had really fantastic results and

they have it like fully integrated in

their workflow. So they gave me a demo a

while back. I was I was blown away and

um after thinking about it more it's

super obvious, right? I mean all the

code out there it's it's all open

source. Also all the audit reports also

public open source, right? So it's just

the perfect use case for an LLM. And um

yeah, the the the results so far have

been astonishing and we're now working

on on integrating such a tool throughout

the whole organization and at the same

time we're just trying to uh yeah keep

keep up with that space as well because

I can tell there's like many vendors.

It's a it's a very dynamic space but

it's uh yeah it's it's it's very

exciting to see and I yeah it's just the

the cost of implementing such a tool

compared to like the potential upside of

not getting exploited

>> is absolutely skewed in our favor

obviously

>> right

>> but what I like even more about it is

how it just completely influences and

changes the the workflow of an engineer

right And we've already had that change

so so so much, right? We have things

like claw AI that just completely

changes how or cloud code, I should say,

how how a how a how an engineer works.

But now you have these like really

thorough um yeah analyses of of of even

a PR that just uh gives really deep

feedback early on in the process.

>> Mhm. where you allow people to iterate

before they even submit it for internal

review. And I don't know, it's just very

it's just very fascinating to me and and

very uh very compelling. One thing that

does scare me about this kind of stuff

is knowing that as these tools get more

powerful, that also means that the

malicious actors also get access to

tools like that. So in that sense uh it

also feels like a a bit of a race to

make sure that whenever something like

this surfaces implemented ASAP and then

um yeah that's why I'm happy that we

have this protocol security workstream

that's tasked with basically keeping up

with that uh with that world and

surfacing um initiatives.

>> That's awesome. That's awesome. Yeah,

that's a pretty good it's a pretty good

endorsement of AI auditing. You know,

the the riskreward as you laid out is

pretty good. Okay, it takes some time to

incorporate into the workflow. Maybe

there's some false positives, but at the

end of the day, if it can stop a

critical or if it can find a critical,

then that's pretty useful, especially

earlier on in the development

>> cycle. Exactly. I would say it's it's

too early to consider it like a full

replacement of uh yeah, the more

traditional audits. Let's let's see

where it takes us. But um yeah, for now

it's just uh something that we add on

top of what we already have.

>> Do you think it will replace human

auditors at some point?

>> It's a really good question.

I um yeah my opinion which might be a

little controversial when it comes to

audits and like auditors like there's so

many auditing firms right now and I

think many of them are not great. So in

that sense, I think if you um

if you're one of those protocols that

just hires random auditing firms just so

you can get towards this venery metric

of like four independent audits, five

independent audits.

>> Yeah,

>> in that case definitely yes. But I will

say like there's some uh there's like

the the the best auditors in the space

that have so much experience and have a

certain u way of thinking. I think it

will be hard to to to replace those

because I think their their thinking and

their like like their their magic it's

not always it's not something that you

can easily mine from from audit reports.

I think because a lot of the value that

we get from auditors

they cannot be found in the audit

reports but they actually happen in like

the the discussions during an audit

itself. Right.

>> Right.

>> That's also where you actually get a lot

of like knowledge sharing and feedback.

Right. So um having an engineer

participate in the in the audit of their

own code and having these discussions

with auditors that is I think a very

important aspect to doing audits and

it's not just about this uh this um yeah

this final report acting as like a stamp

of approval.

>> Yeah. Yeah. Makes sense. Um, you

mentioned working a little bit working

with a few more independent researchers

potentially. If there's, you know, an

independent security researcher watching

this, what's the best way for them to

get on your radar?

>> It's a good question. Um, I would say

track record obviously, right? That's

the the first thing we look at, like how

senior are you? Um, how many reviews

have you already done? Have you

participated in in in audit contests,

for example? Did you make a name for

yourself? And then the second thing is

really just building up exposure to the

Sky codebase, right? We we like to work

with auditors that have prior experience

with with the with the codebase. And

yeah, the the more experience a person

has reviewing like Sky related

repositories and interacting with Sky

engineers, the more likely it is that we

want to work with them. So, it's a bit

of a difficult it's a bit of a chicken

egg problem,

>> right?

>> Um, and we're trying to solve that by

working with the auditors that we're

currently already working with and just

making sure that they gradually add more

people to the pool, have them shadow

review, for example.

>> Right.

>> Um, yeah.

>> Got it. Got it. And if someone, you

know, you guys have a public bug bounty,

I'm pretty sure if someone finds a

really important issue in the public bug

bounty, you might have a conversation

with them.

>> For sure. Yeah. Yeah. That's that's

another uh that's another nice uh um

funnel for hiring indeed.

>> What would you say is a contrarian

opinion you have on the web 3 security

space or controversial? I think that AI

auditing is almost there. Do you have

any others?

>> Yeah, I I think the one that I just

mentioned the fact that a security audit

is not

like any other security audit, right? I

think at this point given that the space

is so saturated, I think it really comes

down to which indep individual are you

working with right and um yeah that is

something I think many auditing firms

have not been able to to uh to deliver

on yet. Um, so yeah, I think in that

sense that would be uh that that would

be my answer that there's a lot of

auditors out there that are not uh

they're not going to give you any

security um um yeah confidence apart

from just having another independent

audit report.

>> Yeah. Yeah. Well, I think I'm too biased

to comment on that as well, but that's a

good uh an interesting answer. Um, I

guess last question for you. What are

you most excited about um in the future

for Sky?

>> Yeah, I'm I'm generally optimistic about

the future for stable coins. I'm just

Yeah, I I sometimes miss these the these

like very optimistic and like

ideological years of crypto when when I

just joined 2017 18

>> where like the the possibilities were

endless and our imagination also was

endless. I think we've all uh woken up

to reality there, but when it comes to

stable coins, I think it's just such an

obvious use case. And I think we're now

also seeing a lot of acknowledgement all

over the world there. And uh I I really

feel like with the space maturing and

also regulatory clarity being created

across the world, I feel like it's uh

it's going to be a really really cool

year to like scale stable coins as a

product to uh to to to more people. And

um yeah, I'm I'm just really optimistic

in terms of Sky being able to uh to be

like a very good product in that uh wide

range of stable coins that we'll see in

um in in in a bunch of years. And

obviously I think Sky is is unique

because it's one of the only like

decentralized stable coins,

>> right? So you can make sure that um the

the the collateral basket that is u

collateralizing the stable coins that

you hold is managed by uh yeah by a

diverse group of people with checks and

balances and a proper governance process

where ultimately you're probably also

going to get the best return on your on

your u on your stable coins because um

yeah there's less uh intermediaries.

>> Awesome. Awesome. Well looking forward

to it. I think Sky is super well

positioned. So, it's going to be a fun

year

>> for sure. Yeah. Thanks for having me on.

>> Yeah. Thanks so much for coming on,

Dennis. Appreciate it.