💻

Aaron Li

Hours
15
Expertise
security, smart contract, wallet
Mentor
Ganesha Upadhyaya
Day ONE
May 1, 2021
End Date
May 31, 2022
Presence
Active
Telegram

April 2022

1wallet core and web edition (and completion status):

2022 Q1 self-assessment

  • 💻 With the team, completed theft investigation of Chrome Extension Wallet, prevented 8M loss (in ONE), 50M potential loss, patched >5 security bugs, improved processes, and stopped further incidents. Gathered team of experts and provided ongoing forensic evidence for FBI
  • 💻 Made 1wallet core and web edition production-ready with:
    • the release of v15: adjustable spend limit, 4 new ways of recovery, predictable address and verifiable code.
    • horizontally scalable relayer that eliminated >99% errors, comfortably supporting offline events and high concurrent use, made future-proof for arbitrarily large user base
    • New improvements in v16 (underway): staking, multi-device sync, Apple’s built-in authenticators (auto-fill with FaceID / fingerprint), security patch for multisig use cases, and developer guides
  • 💻 Through Project X, made 4 investments (with Jack) based on proven track record that will provide infrastructure and cross-chain services on Harmony and other blockchains (in DeFi, fiat-payment, data transport privacy, and NFT risk assessment)

March 2022

1wallet core and web edition (and completion status):

Bio

Aaron built Qokka (crypto sentiment and analytics startup), 1wallet (a keyless smart wallet based on OTP), and is the technical mind behind multiple ambitious crypto projects where he oversees technical development and solves "impossible" problems. Previously, Aaron worked as a research engineer at Google AI and Scaled Inference, and is a recipient of Best Paper Award from ACM SIGKDD 2014 for his research in AI. Aaron has a research MSc in Language Technologies at Carnegie Mellon University, and a BSc with first class honors at Australian National University with quadruple majors in Computer Science, Computer Science, Mathematics, and Statistics. Aaron lived and studied in Beijing (China), New Zealand, Australia, Pittsburgh (USA), before moving to San Francisco Bay Area in California. He was attracted by the genius of Bitcoin in its early days, built several GPU mining clusters and intermittently dabbled in crypto since then. In his free time, he enjoys exploring innovations across law, AI, and crypto.

Links

Timesheet

Timesheet & Peer Bonus (with giv.one)

DateHoursTagsFeedback
2022-05-06
1
Review strategies, polls, comments, do research and make votes
2022-05-04
0.5
Sync on recovery address and guardian matters with Timeless
2022-05-02
2.5
More granular stats histogram; Repeated runs for stats retrieval and verifications; Fix a bug with blank staking page caused by scientific representation of javascript numbers; Save output for stats histogram; Review suggested fix on tracked tokens (#314)
2022-05-02
0.5
Include staked balance for stats histogram; Update key stats numbers
2022-05-01
2
Backup APIs and verifyByEmail for users
2022-05-01
3
Initial review and request for information on Horizon Bridge launch; Research on backup approaches and GCS implementations; Review on Timeless source code pull request related to loading EOTP in memory; Review Timeless proposed security diagram; Provide feedback and guidance on deficiencies and potential areas of improvements
2022-05-01
1
(Continued) and research on best GCS approaches for backup services 
2022-05-01
3
Review of Harmony offsite initiatives; Research, summary, and written plan for Security, Monitoring, Alert initiative
2022-04-30
0.5
(Continued)
2022-04-29
2
Debugging stats generator; Fix stats issues related to factory deployed address; Identify root cause of zero-balance issues; Address deduplication
2022-04-29
4.5
(Continued) and deploy stats in production relayer; add api for stats in relayer; update client side stats retrieval and caching; More address and balance deduplication
2022-04-29
1
Stats histogram script and improvements; Granular stats counter including overall counter and balance and those related to Timeless
2022-04-29
1
(Continued)
2022-04-28
2
(Continued)
2022-04-28
2
Fix stats bugs with balance update and address caching; add scripts to refresh all balance
2022-04-28
2
Resolve merge conflict; Debugging with zero balance issues; Sync with John; Factory deployed transaction extraction and address computation
2022-04-27
1
Review v2 routes and components (#310)
2022-04-27
1
Review stats generator first draft (#312); Revise and debugging stats generator, simplify implementation, and significantly optimize the performance; Research on fast statistics retrieval and computation methods
2022-04-27
1
(Continued)
2022-04-27
2
(Continued)
2022-04-26
3.5
(Continued) and updating testing README; review dynamic custom theming (#301); Review recovery issue (#309)
2022-04-26
1.5
Fix recovery issues (#309); v2ui review (#304)
2022-04-26
1
Review and revise v2 routes and components (#310)
2022-04-26
0.5
Response team briefing
2022-04-26
1
Sync with John on testing, statistics generator, and web3 integration
2022-04-26
4
Debug and fix set-recovery-address and general operation issue; Fix major cause of failures in relayer (upgrading from old versions); Sync with Brayden Ooi (propsective frontend development)
2022-04-25
2
Review and debugging and fixing various issues with innerCore testing and adjustment of time in testing (#298); 
2022-04-24
5.5
(Continued) and various implementations for minimizing of user frictions
2022-04-24
4
(Continued) and extending signup to components where new verification code is set up; 
2022-04-23
5
Experiment with OS-managed verification code; Backend for user signup; Data validation; Autofill OTP in all pages wherever applicable
2022-04-22
2
Security AMA (Twitter Space)
2022-04-22
1
Security Reddit AMA and Medium blog review 
2022-04-22
2
Research and experiments with OS-managed verification code
2022-04-21
5
(Continued) and fix buggy implementation of BATCH operation in contract; Feature request for staked-transfer; RPC Log review for theft investigation
2022-04-21
1
Debugging and sync on InnerCore related tests
2022-04-21
1
Security AMA written responses
2022-04-20
4
v16 release notes and detailed updates and notes on several issues pertaining to v16; Require recovery address before upgrading; Integration with Transak USD gateway and Apple Pay; Security AMA preparation; USDC theft investigation
2022-04-20
0.5
Sync with John
2022-04-20
2
Fingerprint IP tracing manual review for theft investigation; Fix v2ui wallet header; Review new UI theming #299;
2022-04-20
1.5
(Continued) Fix and simplify tests pertaining to upgrade, innerCore, security, and spending limit; Simplify test utilities
2022-04-19
2.5
(Continued)
2022-04-19
0.5
Review Timeless Proposal
2022-04-19
0.5
Response team briefing
2022-04-19
5
Review, debug, and fix Create component refactoring (#292)
2022-04-18
10
Relayer analytics ElasticSearch setup, schema, persistence implementation, data capturing, fingerprint (user agent and IP) capturing, request parsing, debugging and testing; Fix Relayer early abort errors; Sync with John
2022-04-16
3
(Continued) ElasticSearch setup and persistence; Add more QR code supported formats (#233)
2022-04-16
2
Prompt warning about sending funds to exchanges; README update
2022-04-15
0.5
Review Timeless NFT avatar proposals and provide feedback
2022-04-15
3.5
Debugging panic issue of private RPC node; Experiment and tests with private RPC nodes in production and confirmation of working node
2022-04-15
5
Relayer analytics API and private RPC health check API
2022-04-14
1.5
(Continued)
2022-04-14
1
(Continued)
2022-04-14
2
(Continued) and experiments with GCP network SSD, local NVME SSD and mergefs
2022-04-14
3
(Continued) conclusion of the experiments and confirmed final, stable RPC node / validator setup
2022-04-14
4
Debug and fix an ambiguos method call in relayer that is present for older versions; Review and fix a bug with invoking contract call in web client (causing multisig authorization issue #291)
2022-04-13
4
(Continued) Compile script bug fixes, debugging cross-compile and dependency issues, and others; Setup validator
2022-04-13
2
Debugging and profiling RPC and validator node data sync issues
2022-04-13
1.5
(Continued)
2022-04-13
3.5
Harmony core / RPC node I/O issue debugging and experiments; Sync with John on testing
2022-04-12
3
(Continued)
2022-04-12
0.5
Response team briefing
2022-04-12
0.5
Sync with John
2022-04-12
1.5
Assist Timeless in meeting regarding NFT and its external partner; Sync with Timeless
2022-04-12
4
(Continued) RPC node and validator setup and debugging; Produce more messages in relayer
2022-04-11
0.5
Sync with John
2022-04-11
1
Relayer stablity improvement
2022-04-11
4
RPC node custom compiling, setup, data sync, and debugging
2022-04-10
1
Debugging relayer issues; Manual restart and inspections; Sync with Timeless on RPC issue
2022-04-10
1.5
Sync with Timeless
2022-04-08
0.5
Response and investigation into Timeless inquiries related to RPC issues
2022-04-08
0.5
Response team briefing
2022-04-08
0.5
Upgrade failure issue debugging
2022-04-08
0.5
Letter of Acknowledgement review and suggestions
2022-04-08
0.5
Response to Timeless inquiries related to domain registration and pricing mechanisms
2022-04-08
1
Continued Token Testing review (#274)
2022-04-07
1
Continued Token Testing review (#274)
2022-04-07
1
Recent major theft incident tracing, analysis, and TODO suggestions
2022-04-07
0.5
Sync with John
2022-04-07
2
Review of LittleSnitch safety and feasibilities of using VPN to restrict network connections for major asset transanctions
2022-04-06
1
Response to Timeless inquiry of issues related to an NFT contract and review the contract
2022-04-06
1
Token Testing review (#274)
2022-04-06
0.5
Further review and response to Timeless NFT contract
2022-04-06
1
Continued Token Testing review (#274)
2022-04-05
3
(Continued) Final review and testing of v16. Release v16; Release testing and documentation of issues (#287)
2022-04-05
1
Provide opinion and analysis to FBI follow-up questions
2022-04-05
0.5
Response team briefing
2022-04-05
0.5
Response and investigation to Timeless inquiry regarding wallet creation slowness on Android
2022-04-05
0.5
Sync with Timeless on RPC issues and solutions
2022-04-04
4
Simplify tests, fix issues and implementation errors; Validate all tests
2022-04-04
2
Review of Ogre theft incident report; Dispatch report to FBI and provide comments
2022-04-04
4
Further bug fixes and simplification of tests; Fix testing framework README and documentations (#273, #274, #282, #283, #279)
2022-04-04
3
(Continued)
2022-04-03
3
(Continued) and fixing red packet, upgrade core library for intelligently flow with commands, fix issues with core flow
2022-04-03
5.5
(Continued) and debug, testing, live testing in production of key features related to command; Validate security patch and implications
2022-04-03
1
Merge conflict resolution with testing branch; Validate and review tests and test framework
2022-04-03
7
Ogre theft incident investigative report (report #4)
2022-04-02
1
Use command library whereever applicable; Unify commit-reveal
2022-04-02
2.5
(Continued) Implement command library in core flow
2022-04-01
4.5
Security issue (#276); Event parsing library issue (#277); Command library issue (#278); Verifying Reliable Relayer (#259); Security Vulnerability (#253); Testing (#279); Test Framework (#282); Test Coverage (#283) Self-hosted RPC nodes (#281); Deliverable documentation and organization
2022-04-01
1
Response team briefing
2022-04-01
6
Command library design, implemetation, debugging
2022-03-31
1
Manual querying and analysis of all possible DFK contract addresses for theft investigation
2022-03-31
2
Sync with John on testing; Fix two security issues (#275)
2022-03-31
5
Continued research and design on proxy mechanisms and same-address upgrade (#189)
2022-03-31
1.5
Debug and fix issues with command; Add command tests; Finalize security patch #275
2022-03-30
2
Relayer overall error handling improvements; Better handling of cases when a contract is already deployed 
2022-03-30
5
Continued research and design on proxy mechanisms and same-address upgrade (#189)
2022-03-30
2
Ogre theft incident investigation (establishing theft amounts and events)
2022-03-29
1
Local testing and debugging, and documenting solution to Safari HTTPS issue
2022-03-29
1
Sync with Tao on various PRs (WalletConnect, TransactionViewer, hotfixes) and frontend development issues
2022-03-29
0.5
Response team briefing
2022-03-29
2.5
Research and design on proxy mechanisms and same-address upgrade (#189)
2022-03-29
2.5
(Continued)
2022-03-28
3
(Continued) review and next steps for (#251)
2022-03-28
2
Review and detailed feedback on Testing (#263)
2022-03-28
1
Sync with John and resolve key testing development issues
2022-03-28
1
Ogre theft incident investigation
2022-03-27
2
(Continued)
2022-03-27
4
More powerful and consistent log parser; Add message template and amount formatting capability in event library; Transaction viewer rendering fixes and use event library; Fix issues with parsing external payments; Update TODO; 
2022-03-27
2
(Continued)
2022-03-26
4
Review staking (#268) and detailed feedback on testing (#263)
2022-03-26
1
Review of theft incidents related to Ogre and others
2022-03-26
1
Transaction viewer: review, feedback, and planning (#251); Merge conflict resolution; new APIs for RPC methods 
2022-03-26
4
Transaction viewer fixes, transaction log parser fixes, support multiple events per transaction, fix staking events; Show commit transactions; Fix display pagination errors; Zero-day vulnerability research and its relation to theft incidents
2022-03-25
1
MetaMask Security Protocol Review
2022-03-25
0.5
Response team briefing
2022-03-25
1
Sync with John
2022-03-25
0.5
Sync with Timeless regarding NFT and MADNFT
2022-03-25
1
Review and debug testing issues (John)
2022-03-24
2.5
Review of Timeless response to security issues; Review Timeless Merkle Tree creation implementation; Experimenting and debugging with different collect reward reveal implementations
2022-03-24
0.5
Condensed Q1 assessment
2022-03-24
1
Sync with Tao and discuss next steps of developments
2022-03-24
0.5
Sync with cylim on next frontend developments
2022-03-24
2.5
Transaction viewer (#251) review and cleanup
2022-03-23
4
(Continued) Unstake functionalities, debugging, testing
2022-03-23
1
Collect reward page for staking; Common components; Fix bugs related to collect reward; Simplify utility functions; Compute funds available for redelegation
2022-03-23
5
(Continued)
2022-03-22
1
(Continued)
2022-03-22
1.5
2022 Q1 Summary and Assesment
2022-03-22
0.5
Response team briefing
2022-03-22
4
Simplify reveal calls; Remove dependency to Harmony JS SDK and providers; Fix provider setup for resolver contracts; Fix bugs related to operation code; Fix Enums.OperationType.UNTRACK executor logic; Event hash script update and new events related to staking; Working version of Staking from UI; Use websocket for truffle executions
2022-03-22
3
Staking api and its own rpc base; Improved staking UI, Stake table and reward display; Integration into main UI; Review Timeless custom implementation of Red Packet
2022-03-21
0.5
Theft investigation suspect finding review
2022-03-21
0.5
Follow up meeting from Protego (Projext X)
2022-03-21
1
Sync with Timeless regarding upgrade and tokens
2022-03-21
4
Staking client-side implementations, contract improvement, and debugging
2022-03-20
4
Relayer, deployment, scripts updates related to Staking; Sync with John; Sync with Timeless
2022-03-19
1
Theft Incident Analysis, Continued
2022-03-19
1
Relayer debugging, and retry and gas fees patch for more robustness 
2022-03-19
1
Theft Incident Analysis, Continued
2022-03-19
1
Sync with John
2022-03-19
1
Staking functionalities in contract
2022-03-18
0.5
(Continued)
2022-03-18
2.5
Theft Incident Analysis
2022-03-18
2
Chrome Extension Build and Review; Follow-up from Erfan (Projext X, NFT anti-scam project)
2022-03-18
0.5
Response team briefing
2022-03-18
4.5
Theft Incident Analysis, Continued; Sync with John (5pm)
2022-03-18
5.5
(Continued)
2022-03-17
3
Probablistics self-recover multi-account relayer implementation, experimentation, deployments
2022-03-17
4
(Continued) and review, merge #265
2022-03-17
2
Timeless initial source code review and initial security issue analysis
2022-03-16
0.5
Meeting with code4rena (crowdsourced audit)
2022-03-15
3
Testing PR review and feedback (#263); Chrome Extension hash review and debugging
2022-03-15
1.5
Debugging, testing, and confirming Chrome Extension Build 1.2.7; Theft amount review
2022-03-15
1
Relayer debugging; Manual resets and devops scripts; Experimenting with local setups and various RPCs
2022-03-15
4
Theft incident cause analysis; Contract staking implementation review; Adding staking contract; Remove cached Truffle artifacts; Relayer issue analysis and feedback
2022-03-14
1
Recent theft incidents review and follow-up
2022-03-13
2.5
Experimentation with Ganache CLI setup and migration from UI version; README for env setup
2022-03-12
4
(Continued) and produce findings and next steps; Remove Harmony provider and use of JS SDK
2022-03-12
1
Chrome Extension buidling, review, and debugging
2022-03-12
1.5
Further experimentation and deployment of using websocket providers; Review and merge #261
2022-03-12
0.5
Chrome Extension further testing and debugging
2022-03-11
1
Relayer and RPC debugging and experimenting
2022-03-11
4
Relayer use managed nonce and overall improvements
2022-03-11
3
Analysis of relayer logs and interactions between relayer and Harmony transaction pool
2022-03-10
1
Chrome Extension building, build error fixes, and hash difference investigation; Celo incident research
2022-03-10
0.5
Sync with John
2022-03-09
1
Next generation UI review and planning (#260)
2022-03-09
1
Relayer error analysis and debugging
2022-03-08
2.5
Analysis and feedback on Shashank's Security Review Analysis
2022-03-08
1
Sync with Shashank; Review of minor implementation flaw identified
2022-03-08
1.5
Debug and fix constant variable references; Response team briefing; 
2022-03-08
1
Sync with SilentAuth
2022-03-08
5
Chrome Extension review, building and end-to-end testing; Relayer monitoring; Review and feedback on transaction viewer (#251), , truffle-removal changes (#240) and fix errors; Domain update functionalities Q&A
2022-03-07
1
RPC reliability investigation and analysis; Sync with Timeless
2022-03-07
0.5
Response team briefing
2022-03-06
1
Briefing with John
2022-03-04
2
Code review and testing of extension wallet patch #124
2022-03-03
1.5
1wallet core / web edition planning and work organization for March
2022-03-03
1
Response team briefing and discussion on next steps
2022-03-02
1.5
(Continued)
2022-03-02
0.5
Evaluation of Numisme (Project X) and discussions
2022-03-02
1
Joint evaluation on Project X prospect "FDIC for Wallet"
2022-03-02
0.5
Theft amount verification and correction
2022-03-01
1
Response team briefing; Review of Quoc's extension wallet final report
2022-03-01
0.5
Sync with Timeless: roadmap, planning, NFT, campains, adoption strategies, technology discussions 
2022-02-28
0.5
Initial engagement with mycryptomine on 1wallet integration and feasibility evaluation
2022-02-27
1
Joint evaluation on Project X prospect Panther Protocol
2022-02-24
1
Preliminary evaluation on POQ (Project X) and its legal materials (SEC letter, conclusion and patent)
2022-02-23
0.5
Term finalization meeting with C14; Scheduling with remaining Project X prospects; Term finalization with Protego
2022-02-23
1.5
Preparation and joint evaluation of Project X prospect Cedar
2022-02-23
0.5
Project X decision meeting and sync up
2022-02-23
3.5
Research and analysis on Panther Protocol (for Project X)
2022-02-22
2
(Continued)
2022-02-22
1
Silent Auth detailed proposal additional feedback and questions
2022-02-22
1
Diligence meeting with Deepwaters
2022-02-22
0.5
Statement of Work clarification meeting with Coalfire 
2022-02-22
1.5
Preparation and semi-joint evaluation of Project X prospect Shift
2022-02-21
2.5
Diligence meeting with Project X investee C14; Research and diligence on C14 thesis
2022-02-21
1
Research and technical diligence on Project X investee Deepwaters
2022-02-20
1.5
Joint evaluation of Project X prospect HOPR
2022-02-20
2
Research and independent evaluation on MetaLoop; Sourcing Project X leads; Analysis on Webacy
2022-02-20
1.5
Joint evaluation of HexaTorch
2022-02-20
1
Research and offline evaluation on Project X prospect Cytus
2022-02-19
1.5
Preparation and joint evaluation of Project X prospect Protego
2022-02-19
1.5
Joint evaluation of Project X prospect Deepwaters
2022-02-19
1.5
Project X deal sourcing (Xoogler meetup #2)
2022-02-18
0.5
Evaluation of Project X leads
2022-02-18
1.5
Joint evaluation of Project X prospect Gryphon; 1wallet design sync with Darren
2022-02-18
1
Joint evaluation of Project X prospect C14
2022-02-18
1
Sync with FBI (with Merkle Science)
2022-02-17
1
Project X deal sourcing (Xoogler meetup)
2022-02-17
1
Evaluation of Project X prospect DSCAPE, meeting, and internal discussion
2022-02-16
1
Sync with Merkle Science on Tornado Cash findings
2022-02-16
0.5
Response team briefing
2022-02-16
1
Evaluation of Project X leads (Xoogler Demo Day projects)
2022-02-15
0.5
Evaluation of Project X leads
2022-02-14
0.5
Sync with private investigator regarding suspect
2022-02-11
0.5
Response team briefing
2022-02-11
1.5
Sync with Timeless; Adjustment of 1wallet v14 RPC endpoint; Performance tests and analysis
2022-02-11
0.5
Revisiting zero-day and UAE vulnerability; Internal discussions; Victim password strength review and analysis
2022-02-10
0.5
Response team briefing
2022-02-09
1.5
Response team briefing; Investigation on new victim (GU); Emergency response
2022-02-08
1
Malware analysis and risk review
2022-02-08
1
Silent Auth proposal evaluation and feedback
2022-02-08
1
Onboarding Michael M and discussions
2022-02-07
1
Anchain finding presentation and discussions
2022-02-06
0.5
Malware investigation
2022-02-06
1
Theft case investigation (lead from Binance related activities)
2022-02-04
0.5
Response team briefing
2022-02-04
1.5
Finalization of "Use Ethereum NFT on Harmony as Avatar"
2022-02-03
1
Sync with Coalfire
2022-02-02
1.5
(Continued)
2022-02-02
1.5
Review and experimentation of Matthew's vulnerability report #1
2022-02-02
0.5
Revision on "Use Ethereum NFT on Harmony as Avatar"
2022-02-01
1
Receivng updates from AnChain and discussions of issues and next steps
2022-02-01
2.5
1wallet, project document: Use Ethereum NFT on Harmony as Avatar
2022-01-31
0.5
Response team briefing
2022-01-31
0.5
2022-01-30
3
New victim browser history analysis (BL, DD) and manual inspection of all common sites
2022-01-30
1.5
Investigation and analysis of reported suspicious Ethereum trasanction and contract address that invokes Harmony bridge
2022-01-30
0.5
Initial engagement with Merkle Science
2022-01-30
0.5
Research and feasibility study on amount-matching based Tornado Cash tracing techniques and past success stories
2022-01-29
1.5
Extension production deployment and hash-verification step-by-step guide; Quick analysis of new victim / incident
2022-01-29
1
New hackathon victim interview, analysis, and recommendation; 1wallet - engagement with Meson team (cross-chain stablecoin bridge integration)
2022-01-28
0.5
Victim interview and Q&A call (DD)
2022-01-28
0.5
Response team briefing
2022-01-28
1
Sync with Silent Auth
2022-01-27
0.5
Response team briefing
2022-01-27
0.5
Coalfire initial engagement and scope discussion
2022-01-27
0.5
Onboarding Matthew for extension wallet vulnerability investigation
2022-01-26
1
Reproduction and verification of Quoc's extension build; Review of private investigator preliminary report
2022-01-25
0.5
Victim interview and Q&A call (BL)
2022-01-25
0.5
Response team briefing
2022-01-24
0.5
Response team briefing
2022-01-24
0.5
Discussion Matthew for extension wallet code analysis
2022-01-23
0.5
Experimentation with XSS vulnerabilities in Vue; NDA with SecureLayer7 / Cure53
2022-01-23
0.5
Analysis of new victim profiles and priorities (unassigned code names)
2022-01-21
0.5
VueJS injection vulnerability experimentation
2022-01-21
0.5
Private investigator initial briefing and preliminary assignment of work
2022-01-21
0.5
Response team briefing
2022-01-20
3
Report #3 on theft incidents (New Victims, Perpetrator Tracing, Previous Victims, Suspect, Backend Server Log, Frontend Fingerprints, Total Economical Damage); Analysis of linkage between attacks on multiple victims 
2022-01-20
1
Response team briefing
2022-01-20
0.5
Sync with Sukanta and internal discussions
2022-01-20
0.25
Secureworks second and final engagement (not to proceed)
2022-01-19
1.5
Engagement with red teams and security firms; Review of all victim and perpetrator addresses, blacklisting states, and movements offunds; 
2022-01-19
0.25
Secureworks initial engagement
2022-01-19
0.5
Response team briefing
2022-01-19
1
MyContainer incident review, analysis, and discussion
2022-01-19
1.5
Engagement with private investigators and preliminary exchange of information
2022-01-18
1
Chrome extension wallet PR 117 review and testing; Sync with Quoc
2022-01-18
1
Sync with Anchain; Response team briefing
2022-01-18
1
Response team internal discussions and planning
2022-01-17
3
(Continued) Merged and launched v15; fix 6x6 restore failure after a wallet is upgraded and renewed from v14; Full release notes;
2022-01-17
2
Deploying v14 and v15 relayers, setting endpoints and system services; Monitor network stability and debug related issues
2022-01-17
4
Response team briefing; Victim counselling procedure consultation (MN); Further investigation into fingerprints and transaction patterns, based on new data collected from new victims;
2022-01-17
0.5
SecureLayer7 / Cure53 engagement and initial briefing; Internal discussions; 
2022-01-16
6
(Continued) check whether wallet hasSuperOTP; Fix issues with upgrade to v15 wallet; clear otp input only when it is nonempty; Restrict non-v15 wallets from adjusting limits; Blacklist some recovery addresses and make 1wallet DAO their recovery address during upgrade; keep react component loaded during restore to ensure wallet parameters are properly passed; Ensure worker parameter has seed; move debug message to debug mode only; Add innerRoots check on localExport; Add fallback params in Upgrade; Use api.harmony.one RPC by default; improve messages related to emitted events; fix metamask tool; remove Chrome extension wallet from readme; Improve renewal messaging; Fix an issue which may cause multiple workers to be created; 
2022-01-16
1
Chrome extension wallet incident response: new victim profile (MN), investigation, internal discussions; Emergency responses; Tornado Cash tracing and matching patterns against known hackers and victims
2022-01-16
9
(Continued); 1wallet: Fix some issues which may cause renewal to malfunction or incorrectly make wallet "expired". Fix worker spamming logs; More granular messages and instructions when user access functionalities that require renewed / upgraded wallets; Make upgrade box promptable; Fix a bug in renewal which causes the process to stall; Fix a bug on renewal which old core parameters are used, in lieu of new ones; Implement early terimination to enable much more efficient calls to deriveSuperOTP; Fix zero-valued effectivetime in renewal; 
2022-01-15
4
abortion mechanism in event message; Core lib: EOTPDerivation; core util: genOTPStr (for efficient debugging when multiple OTPs are required); Add more verbose logging to relayer; use EOTPDerivation in relevant functions; Revamp spending limit prompts and checking mechanisms; fix bug in remaining limit display in balance page; Fix renew-now link
2022-01-15
1
better organized renew page
2022-01-15
6
fix truffle distinction between dev and ganache; core lib: add sanity check of parameters to makeCore; CoreDisplaced and CoreDisplacementFailed error handlings; use oldInfo's (i.e. previous security parameters / OTP roots on contract) effectiveTime on deriveSuperEOTP; More structured frontend infrastructure utils (useSuperOps, useOpsBase); Fullly functional renewal for v15
2022-01-14
2.5
AnChain sync; Response team briefing; Sync with Quoc; Analysis of possible scammer/imposter and linkage of hacks
2022-01-14
6
1wallet: core flow util: deriveSuperOTP; use deriveSuperOTP in RestoreByCodes; fully functional spend limit adjustment component; 
2022-01-13
1
Response team briefing; New victim analysis and next step recommendations (MC); Formulation of special process for large accounts at risk; Internal discussions
2022-01-13
0.5
(Continued) Interview with owners of large accounts at risk
2022-01-13
3.5
Review and debug 1wallet #228 (bundle size reduction), #241 (hotfix of missing styles); Fix bug in core processing util (missing array initialization); Increase timeout in response to RPC instability; Utilities for intelligently producing wallet name hints and make use in every place where names are referred; Create wallet component shared functions regarding before/after commit and preparing proofs; Rearrange balance and spend limit components; Spend limit adjustment components; 
2022-01-13
6.5
(Continued)
2022-01-12
0.5
Response team briefing

Cultural Self Assessment

Cultural
Values
Read More
Self Assessment + Personal Story
Empathy
Communicative
conversation turn taking
Rate 1 - 10 with 10 being the best
disconfirm own beliefs
self-aware & articulate
Personal
share a drink
spend 10 hours daily together
nurture & mentor
Collaborative
make everyone shine
people over process
dare to disagree
Passion
Devoted
long-time craftsmanship
obsess over details
hungry & foolish
Aligned
share the mission
optimistic about flying off a cliff
your 50-year dream
Authentic
consistent with own actions
make tough decisions
admit mistakes
Excellence
Technical
top 1% superstar
effective tooling
relevant to our needs
Potential
10x growth
voracious learner
contrarian thinker
Impact
accomplish important work
activity < productivity
thrive in chaos