Welcome to our Ask the Expert series, featuring profiles from our employees across all teams and offices!
Here at CertiK, whether you’re an intern, recent graduate, or experienced professional, there are plenty of opportunities to learn and contribute to the overall culture of growth. Our world-class team leads the way in raising the standards of blockchain and cybersecurity.
Let’s meet Maxwell Foley, a full-stack software developer on our New York team. Max graduated from Washington University in St. Louis and is interested in computer graphics, blockchain, and painting.
Q: What introduced you to blockchain?
A: I was always vaguely aware of developments in Bitcoin and Ethereum in high school and college. I thought the field seemed interesting but I never understood how the technology actually worked. When I graduated from college, I found myself with the ability to choose how I spent my time and so I decided to educate myself on blockchain. This was also during the huge 2017 boom, and many of my friends were day-trading coins all day and excitedly talking about all sorts of exotic crypto projects I had never heard of, but wanted to learn more about. It was an exciting time to be entering the space.
Q: What interests you about blockchain security?
A: Cryptocurrency is a dream come true for a hacker because a single slip-up in a line or two of code can mean that the hacker can instantly steal hundreds of millions of dollars in digital assets from you. With such strong incentives for hackers to attack at the slightest sign of weakness, us security professionals have to be on our A-game when it comes to defense.
Q: How does your work make blockchain safer?
A: By auditing the projects our clients send us, we put their code through a variety of tests to ensure that the risk of an exploit lying around for a hacker is as low as possible. Similarly, the security auditors at CertiK contribute back to the community by creating open-source toolsets and knowledge hubs for developers to ensure a secure smart contract from the start. Visit our website to learn more about our audit process.
Q: What’s your day-to-day like at CertiK?
A: I’ve been working on auditing, and it’s extremely interesting to work with a diverse range of use cases. I work on projects from their application layer (smart contracts) to the platform itself. It’s truly exciting to work on all ends of a blockchain system in regards to security.
The time spent preparing and learning with a security-focused mindset can sometimes be challenging, especially while balancing the workloads between auditing and developing toolsets. However, our team holds frequent internal discussions where we chat about interesting updates and recent findings on tooling. This helps give us insights on pain points we can solve together.
Q: How can the blockchain community build safe projects?
A: Security needs to be the number one concern given the amount of money that flows through these systems every day. Blockchain is still at its early stages, so what we see today is just a fraction of the wealth that the system will contain. I had read that NASA averages 0 bugs for every 500,000 lines of code they write, so it is in theory possible to avoid errors if the stakes are high enough and security is taken seriously.
Q: Any security topic you find noteworthy or interested in?
A: Right now I’m taking a look at the CREATE2 opcode that Ethereum added to their Virtual Machine in the Constantinople hard fork back in February 2019. Before this change was made, many people were opposed to it because under certain circumstances it allows smart contract publishers to change the code of a contract that has been deployed to the blockchain, meaning that they could swap out a legit-looking smart contract with one that steals the money of anyone who participates in it.
The proponents of this change were saying this wasn’t a problem, and that it would simply mean Ethereum users have to perform an additional auditing step before trusting a smart contract. Once the change had been finalized, I noticed that the Ethereum community still hadn’t actually supplied the necessary tools to enable the users to make this audit. It seems difficult to perform even by a technical user. So I’m hoping to output some simple tool or script that will allow people to detect smart contracts’ creation to prevent sending their Ether to contracts which use CREATE2 in this malicious way.
Q: Fun Fact?
A: I was named after an ancestor of mine Maxwell Perkins who edited The Great Gatsby. In a way, as a source code auditor, I guess I am a sort of editor too.
CertiK is always looking for driven and motivated individuals to join our team. Learn more about our open positions at https://certik.io/careers.html!
CertiK is a blockchain and smart contract verification platform founded by top Formal Verification experts from Yale and Columbia University. Incubated by Binance Labs, Certik has strategic partnerships with the world’s leading crypto exchanges such as Binance, OKEx, and Huobi, as well as protocols such as NEO, ICON, and QuarkChain.
CertiK’s formal verification method works differently than traditional testing approaches: rather than working manually, CertiK mathematically proves blockchain ecosystem and smart contracts are hacker-resistant and bug-free at scale. CertiK has secured over $4B in asset value, auditing several projects across all major protocols, including BNB, Terra, Crypto.com, and TUSD.