PoP #6 - Vlad Bochok - Casually Finding a bug in OpenZeppelin Library







Tune in to hear how @vladbochok1 casually found a bug in OpenZeppelin library while working as a security engineer at @zksync ! Other things discussed: ⭕️ Rollups Basics Explained ⭕️ Becoming More Security Minded: Tips for Improving Your Project ⭕️ Secure System Design: Unifying Efforts for Better Protection of Our Systems ⭕️ zKSync: A Holistic Approach to Security Timestamps: 00:00 Intro - Getting hired at zkSync 07:08 Transitioning from developer to security researcher 13:15 Difference between zKSync and other layer two's 31:09 What is a zero knowledge proof 36:07 Account Abstraction in Ethereum vs ZkSync 41:53 Casually Finding a bug in OpenZeppelin Library 44:11 To Build Or To Break 52:14 Switching from builder mentality to breaker mentality 55:08 Hacking in groups 55:59 Holistic Security vs Contests and Bounties


In this podcast episode, the guest was Vlad Bochok, a security specialist from ZK Sync. Vlad shared his personal journey, explaining how he developed a keen interest in mathematics and computer science from a young age, which led him to study applied mathematics in college. However, he found his studies too theoretical and moved towards software engineering. His curiosity led him to ZK Sync, a small crypto startup, where he has been working for three years.

In an in-depth discussion about ZK Sync, Vlad explained that the company's goal is to scale Ethereum through the use of advanced zero-knowledge proofs or validity proofs, offering improved speed and affordability for transfer transactions. He went into great detail about the different types of rollups and layer 2 solutions, highlighting the superiority of zero-knowledge rollups for securely scaling Ethereum while remaining decentralized.

Vlad also detailed ZK Sync's 'account abstraction' feature, which improves user experience by optimizing account management and transaction signing processes. Vlad explained that this feature is implemented natively, rather than as an extension to make it more seamless for users.

In terms of security, Vlad revealed how he discovered bugs in OpenZeppelin and StarkWare, two major participants in the Ethereum ecosystem, showcasing his skill at both building and breaking systems to enhance overall security. He explained that being a developer aids in security analysis as one understands the architecture and design of the system. He advocates for a holistic approach to security, considering both immediate and future threats.

On future plans, Vlad mentioned the development of ZK Credo, a new proof system that makes use of consumer GPUs, will provide greater decentralization and scalability. Overall, this podcast provided a deep dive into the technology and security aspects of ZK Sync and the broader Ethereum ecosystem.