DAO Weekly Meeting #61

March 9, 2023

0:00 Introduction • 0:55 Operations updates • 3:14 Development updates • 5:30 Design updates • 7:05 Publius update • 7:39 Hypernative showcase • 48:29 Closing statement

DAO Meeting


Meeting Notes

Operations update

  • The next Beanstalk update that is expected to come out is the Sunrise improvements BIP this includes the Dutch auction and Sunrise improvements
  • Silo v3.1 is in team review and the goal is to give Halborn a commit hash very soon
  • Engagement with Scrib3 has started and public Discord channels and meetings are being setup currently

Development update

  • Silo v3.1 is in review and team members are tweaking things
  • Had a meeting with Halborn to discuss changes to Wells that have been changed over the past few weeks
  • Lot of movement with the frontend of Wells that Beanstalk Farms is working on

Design update

  • Adding Claim and do X is shipping in the next couple of days
  • In design review of some of the UX for the forums since they will be so complex
  • SweedRedBeans is heads down working on the UI/UX for Wells UI

Publius update

  • Publius thinks we need a better name for Silo v3.1

Hypernative showcase

  • Hypernative is a platform that monitors on-chain data in real-time. The thinking is Hypernative can detect hacks and exploits before they impact the protocol. Gal (Hypernative co-founder) thinks that just detecting hacks or exploits in real-time is not enough which is why Hypernative can hook into preventive workflows. Risk in Web3 is very complicated, Hyperactive looks for dependencies and will monitor those dependencies. Hyperactive can look at economic risk, governance proposals, and more. The program can detect hacks and exploit and can blacklist or mitigate the hacker's contract. Gal goes on to say that the system can detect a vast variety of attack vectors. They also say it is very important to not boy who cried wolf every transaction and the product is very accurate. The system will look at a lot of byte and metadata to flag certain transactions.
  • Currently, the team tries to notifies all projects that they detect a hack or exploit via Discord but this is super inefficient. Governance attacks are just one of the many attack vectors they can monitor.
  • Gal says that there are many attack vectors and it is hard to have a quick response to all different types of attacks but I quick response can sometimes stop the loss of all funds. Hyperactive also offers an on-chain oracle that can be used kinda like a firewall that screens all transactions.
  • The response time can vary from seconds to minutes depending on the attack vector. Most of the hacks and exploits could have been prevented.
  • The pricing can be discussed later on, but it varies depending on what features the DAO wants to use.


GM, everybody. Welcome to today's Dow meeting. So maybe just to run through an agenda of sorts, we canceled the call for today that was scheduled for after this meeting. You know, I think as we start to have those discussion topics centered around things that are a few months out, we can probably start to spread those out a bit.You know, having 2 hours, 2 to 3 hour meetings a week has been a lot. But I think it's been very, very productive thus far. So we'll run through a couple updates from from different contributors. And then you have go from Native, which is a security and risk prevention project in crypto, give a little presentation on what they're working on and how it might be applicable to the Dow.So on this end, just to run through a couple of timelines, you had talked about kind of the three high level either being stock upgrades or, you know, ecosystem upgrades that being Farms is working on at the moment, the first of which is the sunrise improvements that was worked on by folks like Bryan and Cho Chokshi that introduced the the Dutch auction in the field and various improvements to the Sunrise incentive mechanism.I think some folks are currently do some doing some simulations as far as what that Sunrise Sunrise award would have looked like for past seasons. And hopefully the timeline for that as far as putting it up on a beautiful day, looks like one or two weeks and theoretically, at least, the hope is to put that up as the same time as a proposal to implement stock delegation, which was much discussed in about a month and a half ago.Silo V 3.1 isn't currently in review and hoping to get a commit hash to others sometime next week. I defer to Chad to talk about a little bit more about that later and then think that the intention is to get a command hash for pumps. And this week on Tuesday, just an f y for farmers or encourage folks to scroll up in that Barnyard chat and participate in a couple of the straw polls that were happening in the dev call on Tuesday.These are all related to decisions around what the CS per view rewards should be for various whitelisted assets, including the already whitelisted unripe being three curve. LP token. What the seeds for BBVA should be for a future being well LP token, etc.. And in other news, have kicked off the engagement with Scribe hoping in the next couple of days or over the weekend to set up some public channels for community members to give input on marketing efforts.And I think the intention is to start having those weekly calls described in the public discord on Wednesdays, but TBD on timing. So those are just a handful of things I want to mention today. Chad, anything in particular you wanted to share on the engineering front today? Yeah, for sure. What's up, everybody? So a couple of things going on this week on the Shiloh V 3.1 side, as I mentioned.So we've kicked off a internal code review process with with more contributors for that. So have a couple of people reading over the code and making some, some tweaks and suggestions in terms of, you know, how to structure the code and naming things. But generally that's moving forward and the hope is to deliver a hash for that to happen sometime next week.So we'll keep everybody posted on on progress there. The other major thing is that yesterday we had a call with Holborn to review the changes to Wells over the past couple of weeks. The changes encompass a couple of the remaining components which we've been talking about, notably the aquifer and the pump we presented to them, as well as some changes related to their feedback over the past few weeks.And so those are getting packaged up as we speak to deliver as a committee hash to them today. So they'll begin their process of reviewing that imminently. And so we'll keep everybody posted on how things are going there. But overall, I think we're feeling pretty good about the state of the Wells code base. So beyond that, I mean, lots of lots of movement in terms of the front end for wells, which is being actively developed by Bienstock Farms right now and then some other, you know, testing related stuff going on with respect to the upgrades that will be coming out in the coming months.So generally things moving forward and looking forward to getting this code to audit and moving on to some new some new components. Maybe at this point we just to just call silo V 3.1. So it will be three like we're not doing it justice. I would agree. Yeah, we need a cooler name so you guys get on that one.IDEAS Welcome. All right. Red beans, Anything you want to share on the design front? Hey. Hey, guys. Yeah, So keep it brief. Sort of two, two updates this week. The first is, I believe we're going to be shipping the ability to add claimable assets and plant to any transaction sometime in the next few days or so. And then additionally, you know, sort of we are we're in design review to adjust some of the UX for the forms to be a little bit more friendly because we're adding so much functionality to them to be able to, you know, add claim or plant or rents or harvest and transfer the, the, the output to a different wallet.So hopefully the forms will, will have a nicer UX and that's something to look forward to then you know other than that sort of heads down working on the UI components for wells for the wells front end believe I should have a full sort of prototype skeleton within the next week or so. And then at that point we'll start looking for visual design partners to sort of help determine the visual identity and help us with some illustrations.So that's something we're really excited about. And yeah, that's, that's a for my interest. Oh great. Thank you, sir. Probably as anything that you wanted to share or talk about in particular, I think we need a better name and siloed 3.0. Roger. All right. Well, with that today we have a gal from Piper native and think that they plan on sharing their screen, giving a little demo of their product, but maybe to kick things off how it would be great to if you could introduce herself talk about what hyper native is and yeah, I'll let you take it away first.Thank you, guy. So hi everyone. I am gal, uh, founder of Hyper Native. I think also Andrew from our team is here. I come from security background. I do various companies Google, VMware, Intel and others. I sold my last startup to IBM a few years ago also in the space and then was a CTO for IBM Cloud for a few years and then decided that I want to do something interesting and important.And a good friend of mine, which is also my co-founder, introduced me to Web3 and crypto, and I think we we started hyper native early last year where the idea is that today know as unfortunate that you were also part of this statistics but a lot of projects are getting hacked and exploited, people getting phished and scammed and really understanding anomalies and monitoring on chain activity is is a hard and hard job where we see that audits, which is again something that everyone are doing, are important components, but they are not really covering all sorts of attack vectors and they are missing a lot of things.And in the end we wanted to do a post-deployment Real-Time Protection. So what we we've build it and I'll show you is is a platform that essentially monitor everything that is happening on chain in real time contract creations, transactions, governance proposals and augmented with some off chain information. And our assumption was that we can essentially detect attacks and exploit and all various attack vectors before they impact and provide preventive workflows to actually mitigate things That audit missed or couldn't have caught.And I think your your project, as unfortunate as it is, is actually our the system was we just started we actually deployed the first version. We didn't have a UI at that time, but we actually saw and we saw it a bit late because it was in the logs, but that was the first, the first basically success of of the system.And unfortunately we couldn't have helped back then. But I think since then, the product since September of last year, the product is, is launched and we are already working with two chains protecting their bridges and server protocols and other institutions. And I want to be sure and show you show you the platform. I'll share my screen and please like stop me if you have any questions, you can see my screen.By the way. Looks good. Okay, So so this is like the native word. The idea is that again, we are in SaaS based platform. That's also everything that you see here is supported by API. And of course, again, they just detecting bad things is not enough. We also connect the detections that you'll see here to real time preventive workflows.Again, depending on on the project and your preference, we have we can talk about it if it's interesting after, but there are few options, usually like the way that protocols use us is that they create these watch lists which are centrally and take ideas, for example, which are essentially inventory lists or assets. They could be contract address, cesspools, wallet addresses, oracles, bridges, complete protocols, tokens, everything the anything that it wants to monitor in real time.We realized very quickly that people don't really know what they want to monitor because risk in no in web three in crypto is a multi dimensional problem. So the system actually find all sorts of dependencies and add these to the list to monitor. And we had like a very interesting example in Alliance block and Bulk DAO incident, if you heard about that in Polygon we we were actually the first one to notify the team on their discord they weren't customer and they wrote in their postmortem date that they could actually mitigate that if they would have reacted in time.I think the interesting part there was that one protocol got hacked, but another protocol got damaged because they worried the same bull together. And what what happens after you've added these assets to the system, essentially monitor all sorts of risk insights that we have. Security is just one of them. We also monitor all sorts of economic risk governance proposal, everything that's happening on chain technical changes and the security aspects which are around basically detecting hacks and exploit before they happened.So we have each different categories also of these risk types that the system monitor from compliance aspects to the explosion suspect that the financial are around you know a large transfer the pegging pool composition talk token ratios, liquidations alert and so on community which is around phishing and scamming campaigns. We we know today in a very granular and accurate manner to understand that the contract is being created and its purpose is to do phishing, scamming or rob fool, and especially if it's linked or trying to do something close to your token.For example, and governance monitoring, which is very, you know, relevant for the incidents that happened to April. I think if I remember right last year, I'll show you maybe an example from audios. So audio, if you're familiar, it's Web three music platform that got audited by Open Zeppelin and Condensate, kind of the current was audited by Pop and Zeppelin and Gudinski last year, and then a few months later it still got hacked through.There was a bug in the initialization code and the hacker basically changed the voting mechanism. And I'll show you how you as the audience them would have seen the alerts in the system. And then maybe I'll also show you your incidents from April. So like if you were audience and you were using the system, you would actually add your Treasury contract and maybe the token address to the watch list.And then you would get these four alerts on the time of the hack where the first one and this is something that we do today for every governance decision that is on chain, we also bring some off chain governance from sites like Snapshot. We actually analyze and simulate and run some models to understand suspicious proposals. And this is, if you can see here, this this proposal, we understood that this is sending 99% of the tokens from the protocol Treasury, which are 6 million worth of tokens.We calculate these prices in real time, all the involved entities. And this this alert is actually triggered at 11:10 p.m. This is the actual hack that happened for audience event. It happened on 11:10 p.m. But if we look at the first alert of the system, this actually happened on 1064. So where we detected, again, a suspicious though proposer, we we run a combination again the theme expertise in in security machine learning and data analytics and defi and blockchain and we combined these expertise and as you can see here in this case we actually trigger it 17 minutes before on this proposal, before the actual hack.So enough time to, you know, blacklist this proposal or essentially do something and mitigate that attack completely. Any questions on that? So are your clients defining some set of triggers that set off these sort of alerts or notifications, or are these all set by your tool? No. So so the alert and the detection, everything you see here comes out of the box.So if I would have added, you know, as ideas, I just needed to add the contract under SAS and I would get all of these alerts that you see here, like the the, the proposals, the security, the economic risk, the technical risk, everything comes out of the blocks. What we are doing with the customers is actually connecting these alerts now to reactions.Right. So, for example, do you want to pass a contract? Another example is we have an integration with the Oracle that, for example, some important transaction you can send for verification before you apply them. Or maybe you want to limit the protocol or maybe a lot of like post incidents action that you can do in order to track the stolen funds and things like that.So this is the part that is being customized that the detections are all generic. What we are working with the protocols that our customers, we are also providing them, let's say, customized alerts for them. So the security aspects are all included, but sometimes they want to monitor anomalies in different kinds of of the protocol for, you know, for specific use case.And that's that's something that we also do. And just as you can see, again, there are a lot of like out of the box alerts that are coming. And again, I think the generic way of how we are detecting X and exploit them, the attack vectors, whether they are true, all sorts of different kind of attacks or true governance proposal or true smart contract with the tax code or true private key theft and things like that.I think the generic way that we have established with this, with this system lets us catch a lot of things that, you know, no one forgot about. Like for example, in the allianceblock in the Polkadot incident that that I mentioned was an Oracle manipulation attack. So we cover a lot of things and we monitor also bridges and again that this is like an extra besides the things, the contracts and the protocols that you run.It's also monitoring the ecosystem like bridges or oracles that you need and things like that. Again, for all sorts of like as you can see, there are many different types of risk types that that we currently monitor. I can show you like the example of how the system I actually entered the old bean token, and these are actually the alerts and by the way, this is today label, but obviously that wasn't labeled right.So as you can see here, I entered your token address. And the system, by the way, has historical data. So you can also search for every historical event that happened. And as you can see here, the system detected the suspicious download proposal that caused that happened on 60 April and also the contract upgrade, which is by the right by the hacker that happened after its a few hours after which is the actual right if I remember right, there was some diagonal proxy change there that the change to a code to send to send the hackers some the funds from the from the Treasury.So if you would have had this system knew they actually get the very you know good head start to mitigate that that risk. And it's important to note that our alerts, the high critical ones, are very accurate, by the way. Like it's important to catch everything, but it's also important not to, you know, not to cry wolf every 5 minutes or every day.Right. It's very important for us to be very accurate in the alerts that we produce and and make sure we don't have any false positive. So this this is the this let's see, maybe the hacker. So this is a high level of and and by the way, what you see here, I just click like on the attacker, like the exploiter address.And as you can see we can see here and sending to make service I guess to try to outflows the money and hide right the money that is stolen. So so you can also track these these things, which is again something that we also monitor I think other other use cases besides the is all sorts of inefficiencies and anomalies detection that that we do.And again monitoring the participants of the protocol because again you can add all the all the wallets monitoring all sides of anomalies in the in the economic metrics, the integration with third parties like oracles and bridges and others. Any questions or. I have a couple but on. I want to wait to see if other folks have questions. They want to bring up shortly.If you go back to the bean token, I'm curious why it was flagged as suspicious. The proposal. Let me search it or I don't know if it was the bean token page, but I know it what it was. Got a couple of minutes back. Okay. Yeah, it was done in Oakland. Took. Yeah. So a lot of what we do is around very accurate classification of bytecode and code.So for example, for governance, what we are doing is today we are actually classifying IT governance. And again, there are many different kind of vectors, right? This, this is one of them. But what we are doing for every proposal we are actually running a set of detectors which are actually analyzing like analyzing the actual bytecode, the change itself, analyzing a lot of metadata about the change, how it was created with the proposer, things like that.We our background is we have done my co-founder, which is not ear done. He's done Mugler detection for Microsoft. So through machine learning models again for endpoint protection. But the idea is very, very similar, right? You are trying to understand that something is suspicious in a very high accuracy. True. Again, a set of rules, the restricts machine learning models that are running either on the change itself, on the metadata of the train or the description, and it's deducting that it is suspicious.And I can tell you again, from our testing, we actually tested it cry, you know, quite extensively on yttrium historically as well. And again, usually when there is something like that, usually 99% is it's something bad that is happening. I think since September where the system went live, we detected all the hex and exploit that we know of in the chains that we support many of them, by the way, before where we again, if someone is not the customer, we are trying to warn them anyway.So you can I can send you some links that many protocols mention us as you know, alerting them in their discord. Obviously, it's not the optimized process. Right. Because it takes us time to find it. This can't find the relevant person. We tried to do it privately, obviously, because you don't want to disclose something like that publicly. But for example, the winter mail I can actually show you in the system, like the winter milk won $60 million that was stolen.That's like I have here. Like, that's that's an incident I, I believe we could have mitigated completely, if you're familiar with that. And and as you can see that this is like a demo accounts with all sorts of incidents that happened recently. And we have managed to find them in the system. And there are many others that are not here.It makes sense it answer the question or I see. So so if you if you click on this, are there any details that appear that tell you what about it is suspicious or just curious. So so we try to provide enough to make the data. But some of this is true. Again, models that are not you know, it's not we can provide you context, more context on that.But when when we are able we we provide the information. But in some cases, you know, you don't have enough information to understand why suspicious. But I guess that if you would have looked at it, you would see, you know, the problem like, gotcha. Well, not sure how relevant this is to this conversation, but the the April exploit was pretty interesting and that most folks were aware of the proposal, but the malicious code wasn't deployed until the moment of the exploit.But perhaps that's neither here nor there. Yeah, I think that's right. Like that contract upgrade. I think that's the deployment right, of the malicious code which happened I see here around a day after I write the, the suspicious proposal. Yeah. It was, it was 24 and a day after. Exactly. Yes. And you can see here like okay. And these are, this is history as as it was happening.And again, we find today we support also Binance. So, you know, just using the system you can see right like Binance chain has a lot of things that are happening. So again, we we see things live every, every few days now. So we feel very confident in the system. And as I mentioned, we also have some of the protocols that we work with.We work on like even proactive defensive mechanism like this security oracle that I mentioned that you can actually like, for example, and again, it depends if you want to do it or not as a protocol, but if you do want to get verification on several transaction, you can basically query that Oracle. And what it will do in the background is our system will actually verify that this is a valid and safe transaction and then return you.You know, the answer. And I think for governance monitoring, we've we've reached a very good level that we can detect maliciousness in proposals again just by scanning them. And you usually if you are setting a lock down right period, you use and you have enough time to react on it and definitely maybe even connect and do an auto blacklisting of this proposal until someone at least checks them.And as you can see, again, this is not something that happens, right? Like every minute or every day or every week even. Right. These are this is a very unique alert that happened here. And I guess you've done, you know, quite a few proposals before as well. So I got a question for you. So does your system work for non governance proposals?Because obviously with governance proposals you have two things that kind of make it more favorable as a thing to catch. One is that you have a body of text that kind of has the intent encoded in that text or somehow, right? So it gives you something to read. Plus, there's also a time piece, right, where you have time to like, detect and then before the actual exploit would happen, there's a time which would give somebody a chance to to react.But for non governance proposals, does your system do anything for that because A there's well, I'll let you answer that. I think if you understand my question you know, I think what what you're asking is if a text that are not related to governance proposal, are we catching this? And then there is. Yes. So again, Winter Realty is one case which I can show you.We governance is just one vector of attacks. I can show you like think that that happened on September last year. And if you remember and if you remember that case, it was the vanity address and some sort of an operational problem by by winter mail. But I think regardless of of the issue that they that they didn't and they didn't catch it in time, our system was actually and this is this is an interesting attack that actually spent over 45 minutes without anyone reacting to it.Basically, it's an attacker that stole through this operational problem and the vanity address bug stole the private key of the winter, ME Treasury. And as you can see here, we actually outputs two alerts where if they would have reacted in an automated manner on the first one, they could have mitigated it completely, I believe. But even if they didn't react to that in that that that right it spent over 45 minutes were Wintemute actually kept sending sending money from centralized exchange.They had an auto liquidation process which actually filling the treasury and that Treasury kept getting stolen again and again from the author for 45 minutes. So even if you would have reacted, you know, every time, every minute after this alert, you could still save substantial amounts of money. They allianceblock I don't I don't have it here, I think, in the demo account.But allianceblock, if you read, for example, in the bonk down, if you read about the postmortem, I can send it to you by the way, in the tunnel after if you want, they'll say we detected it and warned them about it. This was an oracle manipulation. So at that, which again wasn't related to governance, and we actually alerted them in a way that they could have and they they mentioned it.They were kind enough to mention it in the postmortem. If they would have reacted, they could have mitigated that risk and other. Right. Like Olympus. Now, subtle finance, which is another if you're familiar with finance, they used the first library which was exploited they actually fixed it was exploited a few months before they got exploited. They fixed the code.But when they deploy the code, they forgot to change the proxy pointer. So they were still calling the exploitable contract against something that we cover and null to detect because we monitor everything that happens on chain and also understand vulnerabilities or vulnerable code that is being called error swap. So yeah, as you can see, pretty much all, all the attack vectors, not just governance and anything else.Another question I think again, yeah, I was just going to say to your point, I've been I think, you know, maybe what you're getting at is that in order for monitoring to be useful there, there does have to be some sort of a time component. Whereas if like all assets are stolen instantly, unclear how useful monitoring is in those cases.But you know, perhaps there's something to monitor in advance of that. Yeah. Yeah. Unclear what what we learned is that that and again, there are many different types of vectors, right? And there are many different types attacks that are happening and sometimes even reacting first after an attack can help you save a lot of the funds because again, you can limit the outflows.What we found, at least again, from our testing and from the platform, is that many attacks and this is related to the approach that we are taking. Basically, instead of finding the vulnerability itself, we are actually looking at the symptoms of the attack like the attacker preparation. There are a set of tooling that an attacker does and they need to do it on chain before they actually conduct the attack.And if you are fast enough and can detect these cases, then you can react. So like one other example is a lot of attacks are happening through a smart contract that has an attack code. So the attacker usually deployed a smart contract and then apply an attack. They can't do it in the same transaction most, most of the times.And what we do in that case, we classify today every smart contract that is being created on chain. Again, very similar to malware detection from traditional security world and we know to in, you know, very high accuracy to say this is a malicious contract and then do a process called fuzzing, which is essentially understanding who the target is going to be.And again, it was, you know, we see successful we see we can share some research that we have done on Ethereum for the past three years on all the hacks and exploit that that we know of. And we get the very promising results. But either iteration, you don't need this. Again, we still have the Oracle integration that I mentioned.So you can have like sort of a on chain firewall or validation process that before you apply a transaction and actually checks how safe it is. And that can obviously mitigate all, you know, attacks and exploit. If you if you want to use such measure. And I think the system is is more than just text and exploit. It also gives you all sorts of operational monitoring and anomalies that we we some of the projects and the big chains that we work with actually by looking at the anomaly, we actually uncovered security, critical security bugs.We are actually going to disclose it soon. So I can share it with you after they fix it. But even by monitoring, you can even catch bugs that are not yet basically abused. And again, that there are other things that I didn't show you like the phishing and scamming protection and, you know, economic monitoring that that might be I'm not sure but might be relevant for you as well.So if you go back in time for like three years, I'm just curious, have you done any online analysis to see roughly on average, how much time between when your system detects something, which is to the experts in other words, like what's the average notice time that you could give a customer? Yeah, so, so it ranges. So what what we checked again we I don't have the numbers of the time again sometimes it's minutes, sometimes it's hours, sometimes it's seconds and sometimes it's, you know, immediately.So it's it really depends again on the vector and, and the tech. I think that what we found out is that most of the attacks, if you had an automated process because again, like if it's even if it's seconds, 10 minutes, it really depends like are you doing an automated process here or are you doing a manual process?Uh, but what we believe is that most of them could have been saved on Ethereum. And by the way, the interesting thing is that we what we noticed we started with the subs set of alerts of hacks and exploit that we knew and we ended up with around four times that, that number where many, many hacks are not disclosed today, so many hacks are happening and they're not disclosed like on the project's Twitter or something like that.So we really had to investigate them one by one. And a lot of times what helped us understand that this is an actual hack is to see communication that is happening on chain between the the victim and attacker after a third attack. So so I think we are again, we from the research that we did on material may not have it can be prevented.And as I mentioned I think even even if you react after an incident happens, there are still a lot of things that you can do, you know, to mitigate and prevent some of the some of the loss of. So Mr. Moji had a question in the chat that I'll just read aloud for you. They said, Why did it not detect the flash loan itself?Presumably as high risk? How does the system decide what is medium or high risk? It said a new proposal for a bit is still quite a wide net to cast, especially in a decentralized environment. So perhaps they're able to speak more on the proactive mitigation part, i.e. if triggered an action. How does this set up, how is it set up and what is possible?Okay, So so the way that again, I'm not I don't remember I'm not sure what the fledgling is, is talking about, but the flash loan by itself is not is not the hack or exploit. We do have a slash long detector, by the way, if you want to see flash loans, I'm not sure it's it was in that date.So I can I can even search for it. But I think after seeing this letter on that one, that's what they meant. But but but again, for us, it's very important to be accurate. So a flash loan by itself is not you know, there are a lot of flash loans that are not an and exploit. So we do detect them.And by the way, if you do want to change and customize these alerts to be like high or medium, you can play like you can do that in the system. But I think to your question, so so the first thing starts with the very accurate alerts and not noisy alerts. So when you get an alert, you can be sure that this is something bad that is happening.And then what we do, all of these alerts, everything that you see here is also API driven. So for some of the protocols that we work with, we can attach that to automatic process that fouls the contract or limit the contract for some measures for some protocols, they can actually blacklist an address. So we in advance knows where an attack is going to come from, like which address.So if there is such a mechanism, we can call that mechanism and basically blacklist the address that we think that that is going to come through. So these are these are the three methods that we currently work with, protocols. The other method is, again, it's an oracle that you can call for every transaction or important transaction and essentially get the validation before you apply.So again, the idea is a firewall like on chain firewall. So if this is something that you want to use, you can use that and that that to verify works with the system and we can it's either from Chainlink or other Oracle provider that that we work with. So you can also use that if this is something you're interested and we have post-incident measures like how do you track that automatically track the stolen funds, How do you notify exchanges to block outflows and things like that makes sense.So just to confirm, when you talk about does that mean there's an on chain component of hyper native where you're saying upon upon some particular trigger or, you know, severity of notification, that's something some entering can be automated, like you mentioned, passing a contract or or blacklisting an address. Yes, we we today we tailor we tailor that there per customer.Got it. Thanks. Mr. MERRITT Yes. Another question I tried to said, could you show an example of how of Oracle manipulation that hyper native detected? So yeah, so you can read let me set terms I as one set so I can send you. I'm sending you I can send in the in the channel in the bar Barnyard said yes if you want to you want to draw up some link of some sort, feel free to.Yeah. This is just like and again, there are many examples that I can share with you but this is just like if you search for hyper native, for example in this report, this is something that happened in Polygon I think three weeks ago with the Oracle manipulation that we the system alerted on. I'll have to search it again in the system.I don't think he wants that could maybe maybe 18 or so this is actually like something that again the system the system was if you read about it, this is an Oracle manipulation that the system was able to to discover. We do monitor also today for other protocols we we provide Oracle monitoring for deviations like not not the manipulation itself but risks that could lead to a manipulation that you might want to know about.I can I can send you some details if that's interesting. So. Right. This is very interesting stuff. Any anyone else have any other questions, thoughts, comments? Great. Well, Gal, thank you very much for coming in, presenting this very interesting stuff. So appreciate it. Thank you. Thank you very much for letting me present it. How much does this cost?Uh, we have a monthly subscription, which again, if, if it's interesting, we can discuss the price. It's like a few few thousands amounts. Again, depending on the use case and what we are doing exactly. Because as you saw, there are different kind of alerts. We would love to give you, you know, an evaluation trial for you to see the system play, see the other kind of risks that we monitor.Because again, what we find out from other protocols that it's not just the security there are other things that are interesting. And we would love to to show you these things if you're interested. Right. All right. Well, maybe we can touch base over. Over. Telegram. Um, and thanks for coming and presenting. And just just a reminder for everyone.No, no, Dev, call today at the top of the hour, So think we can call it there and see everybody next week. Thanks, everyone. Thank you.