The Ocean protocol uses smart contracts to allow for each datatoken to be exchangeable over the Ethereum network. Some key areas of the Ocean protocol where security is of the upmost importance are:
- The Ocean Market, which relies heavily on secure encryption practices, and
- The Ocean Compute-to-Data, where user privacy is of upmost importance.
Any threat vectors introduced here, such as reentrancy, integer overflows/underflows, or insecure fallback functions, which are exploited could irreparably damage Ocean’s reputation and end-user confidence in the protocol.
Luckily, we have not yet seen any breaches or hacks of Ocean protocols, but the inherent use of smart contracts themselves means there will always be a risk of misconfiguration or insecure development practices. Security should not be a reactive thought once a breach has occured. It is an all too familar concept that Web2 has struggled with for years. We highly encourage proactive security, and security by design, as a preventative measure - not a reactive one.
Our objective here is to partner with builders on Ocean to understand common development practices and to:
- Create a community of security knowledge and expertise in the Ocean ecosystem, holding regular discussions with developers and ‘white hat hackers’ to share insights, information, and experiences.
- Provide security education and consulting about how to secure Ocean apps in the early design phases
- Perform R&D on tooling that can support builders identifying risks in the development lifecycle
Please see our detailed pitch deck here for more information
- Initiate social media plan for Twitter and Discord
- Increase engagement on Ocean Discord with community sessions to talk about existing smart contract attack vectors, known attacks on other protocols, and learnings
- Create a list of Twitter accounts that have good security expertise and reach out to discuss partnerships and sharing of information
- Engage with the wider public on Twitter to talk about various security topics and domains
- Write job specification for Content Engagement Manager
- Create skeleton templates for security infographics
- Perform R&D on top Ocean protocol development practices to understand existing processes and operations
- Define list of top 5 security threats to create blogs on that will be shared and presented to the Ocean builder community
Our mission is simple: Invisible Security in Web3. Web3 will only become successful once we have lowered barriers to adoption, one of which is security. The ideas of privacy, identity, and security are being redefined, so there’s much to consider for users when interacting with Web3 technologies: protection of their private keys, malicious smart contracts, etc. Making security invisible to users will be one barrier we can lower to allow the onboarding of users to the Web3 space and to give them the confidence to explore and engage in a secure manner.
In the last 6-months alone, exploits, scams, and hacks have resulted in billions worth of losses across the Web3 ecosystem. Our mission is to empower end users with more informative and easily consumable security education and tools to proactively secure design and development of the future of Web3.
Our ambition is to create three service offerings:
- Security tooling - Starting with a smart contract verification product which we will build, we want to give confidence to the users that they are interacting with legitimate, verified, and trusted smart contracts on the Ethereum network. We will also be creating a revolutionary open source threat modelling product based on our framework to identify specific threats to Web3 architectures and applications built using the Ocean offerings.
- Security consultancy - We’ll want to attract and work with clients who are building on Ocean helping them consider all aspects of both ‘traditional’ Web2 security alongside Web3 concepts. By applying our established risk management techniques we will go beyond a traditional security audit to deliver effective, risk based recommendations based on threats and possible impact to end users.
- Security training and education - Unfortunately, the vast majority of threats still require human interaction to materialise. This is obvious with recent scams such as (enter example here). We want to create bespoke security awareness training and educational material that users and enterprises can use to better inform themselves of existing threats. We will use threat intelligence to inform our training curriculums, allowing users to stay ahead of threats and arming them with the skills necessary to spot potential attacks, and more importantly, how to safely remain engaged and active on the blockchain, and interacting with the Ocean ecosystem.
Usage of Ocean:
- Security is a blocker to adoption. By educating builders how to create secure and resilient applications on Ocean, it will drive more users to this ecosystem who will have the confidence to adopt these applications into their daily activities.
- We have a team of cybersecurity subject matter experts who have had over 30 years of collective experience in building security tooling and advising multi-billion dollar enterprises on reducing their cyber risk.
- Over the last 4 months alone, more than $1.6 billion has been stolen from users through hacks. We have absolute confidence that our products will reduce both the impact and likelihood of these attacks, ultimately enabling mainstream adoption.
- All three founders are active in the Web3 ecosystem, to varying levels of niche communities such as smart contract auditing, Web3 threat intel, real-time dollar cost averaging within crypto etc.
- The full team join the Ocean working groups, town halls and other voice events to engage with the wider community and keep up to date.
- Attended and presented both virtually and in-person at Web3 conferences and summits.
- The team are active on Twitter, supporting other similar companies and projects. Helping to raise awareness to other great minds within the space.
- Automating the latest Web3 security news into Discord for easier consumption for the community.
- Public Discord to be finalised and opened to the public, allowing anyone interested in Web3 security to join, learn, participate and network.
Adding Value to the Ocean community / ecosystem:
- Security is a key pillar of Web3. Our aim is to make Web3 more secure for users and builders alike. Secure Web3 will enable increased mainstream adoption and a thriving ecosystem.
- Security education is lacking within the space. Our focus on education will drive attention towards Ocean which will be viewed as a pioneer in making the Web3 ecosystem safer for users.
Jared Henderson, Co-Founder
An experienced cyber security professional with nearly a decade of experience. Most recently, Jared threat modelled and advised on security for a well-established Web3 company, further helping the go to market.
Jared has a strong interest in business transformation and security principles. With deep understanding in secure design, threat management, and automation.
Youssef Hassoun, Co-Founder
A security professional with 7+ years of experience in technical advisory. Youssef has supported global players within the financial services industry with improving their cyber security capabilities.
Youssef has a special interest in security architecture design, threat modelling and vulnerability management with keen awareness of the Web3 space.
Danny Cortegaca, Co-Founder
With decade of experience in cyber security across New York and London, Danny has deep expertise in threat modelling methodologies and helping Fortune 100 companies in securing their critical assets both on premise and in the cloud.
Danny has a special interest in business development as well deep understanding of threats, risks, and end user security awareness.
Minimum Funding Requested