Ditto Docs (WIP)

Appearance

Interview with Chris Dior of CD Security

September 23, 2024

Today, we are beginning a text interview series with various people working in Ethereum and cryptocurrencies, focusing on aspects ranging from auditing to developing new DeFi projects. Here, we hope to discuss what others are pondering in the space and what’s at the top of their minds. If you are interested in being part of an interview, just send me a message on X @dittoproj or email me at support@dittoeth.com.

In our first-ever text interview, we speak with Chris Dior of CD Security. CD Security has audited over 50 projects, including DittoETH contracts in 2022. Today, they are the official security provider and mentor for the Polygon Village Program. Chris, tell us a little about CD Security and how long you have been in the industry. What made you get into security auditing to begin with?

Hi, first I want to thank you for having me in this interview. I hope the people who read it find it informative and interesting. We officially created CD Security more than 1.5 years ago, but we've been in Web3 for more than twice as long. I was working a regular job in a big company doing traditional cybersecurity, and my partner Dimitar had just graduated from university in England and returned to our homeland to work in finance.

What brought us to the Web3 space was a mutual friend who now owns a very successful auditing company. At the time, he had just started a job as a smart contract developer. He was very passionate about the Web3 space and always talking about how we should learn how to code smart contracts and find good NFTs to trade. Me and my partner decided to give it a try and started by learning the basics--what blockchain is, what Ethereum is, how it works, and what Solidity is.

Initially, we wanted to become smart contract developers. But just as we were about to start applying for jobs, our friend introduced us to Code4rena and suggested we try finding bugs in Solidity code as a side hustle. We tried a couple of times and were hooked. It was fun, challenging, and much more interesting than writing code itself, plus it was a relatively new field in the space. That's how we got into security auditing.

What has been the most surprising and rewarding thing about the journey so far?

The most surprising thing has been how far we've come. I didn't have a clear idea of where we'd be in 2-3 years, but I believe we're making real progress. We're serving many protocols, always striving to improve and be of even greater help to our clients. The most rewarding aspect of the journey is the business knowledge we've gained and the connections we've made. We hardly knew anyone abroad when we started, but now we have friends all over the world. I'm very thankful for that--crypto is home to great people.

There are many young auditors out there, some of which who follow us. What is some advice that you have for them as they are considering a career in smart contract auditing or even maturing their professional career in this space. What do you think are the best opportunities for them?

It's not easy, but it's not impossibly hard either. If you're truly motivated to work as a smart contract auditor and have the persistence, you will definitely succeed. Keep studying and researching every day until you achieve the results you want or land the job you're aiming for. There are many opportunities. People can choose from contest platforms like Code4rena and Sherlock, bug bounty programs like Immunefi, or traditional security firms. Pick a path and strive towards it. And of course, it's okay to change paths along the way if something else suits you better.

What's your take on Ethereum right now. What are the things that get you most excited?

Ethereum is in a really exciting phase. The move to Proof of Stake has dramatically reduced its energy usage, making it more sustainable. Even better, Layer 2 solutions like Optimistic Rollups and ZK-Rollups are solving big problems like high gas fees and slow transactions, making Ethereum much more scalable and accessible.

DeFi is still growing strong on Ethereum, with platforms like Aave and Uniswap leading innovation. Plus, upcoming upgrades like EIP-4844 will make Ethereum even faster and cheaper to use. These changes are pushing Ethereum toward becoming a more efficient and scalable blockchain that can handle mass adoption.

Given you are Polygon Labs Official Security Partner, what is your take on the state of L2 today? How do you think this decision for scalability is stacking up right now, vs other networks that are using a monolithic approach such as Solana. Are you concerned about network fragmentation?

In my opinion, Ethereum's Layer 2 solutions like Optimistic Rollups and ZK-Rollups are really effective for scaling. They lower fees and boost transaction speed by processing transactions off-chain while still relying on Ethereum's secure base layer. This approach helps Ethereum maintain its decentralization and security while allowing for growth.

Compared to Solana's monolithic model, which handles everything on one layer, Ethereum's approach seems more robust in the long run. While Solana offers high performance with more transactions per second, I think it sacrifices some decentralization and resilience.

I do have concerns about fragmentation with Layer 2s, as assets and liquidity can become siloed across different rollups. However, Ethereum is actively addressing this with interoperability solutions like bridges, so it feels like a temporary challenge.

Where are the biggest areas of concern for you on Ethereum at the present moment. How do you think things need to evolve going forward?

In my opinion, Ethereum's biggest problems right now are scalability, fragmentation, and user experience. Even though Layer 2 solutions are helping, congestion and high fees remain issues during busy times. Fragmentation happens when different Layer 2s split up liquidity and assets, which reduces efficiency. Lastly, the user experience can be difficult for newcomers, with complex wallets and high gas fees.

For Ethereum to improve, I think it needs to:

  • Adopt Layer 2 solutions faster to handle more users.
  • Reduce fragmentation by making Layer 2s work better together.
  • Make the user experience easier with lower fees and simpler tools.

If you could make a protocol, what would you make?

If I were to create a protocol, I'd aim for something unique--not just another DeFi project since that space is already crowded. I'd explore an area where blockchain can make a broader impact. For example, a protocol focused on data privacy and ownership could be revolutionary. People are becoming more aware of how their data is used, and a system that allows individuals to own, control, and even monetize their personal data would be groundbreaking.

If you could have any superpower to make your job as an Ethereum security auditor easier, what would it be and why?

I don't currently audit codebases myself, as I've focused on scaling CD Security with the help of better auditors. But if I could choose one superpower, it would be instant code comprehension. This would let me fully understand any smart contract's code at a glance, making it easy to spot vulnerabilities or logic flaws right away. It would save time and reduce the risk of missing critical issues in complex projects.

This concludes our interview with Chris Dior. To follow and keep in touch with Chris, follow him on @chrisdior777 on X, or his company CD Security at @cdsecurity_ or visit their website at https://cdsecurity.site/.