Callisto Security Team's Ask Me Anything on 02/09/2022
On September 02, 2022, Yuriy Kharytoshyn - CEO of Callisto Security, Dexaran - Founder & COO of Callisto Network answered questions from the community.
💬 Welcome to Callisto Security Team AMA!
👥 We are pleased to introduce our guests:
@yuriy77k aka Yuriy Kharytoshyn - CEO of Callisto Security @Dexaran - Founder & COO of Callisto Network
📣 Ladies and gentlemen, AMA with the Callisto Security team STARTS NOW!
Please be respectful, give our guests the time to respond, also do not repeat questions. Thank you 🙏
Yuriy: hi guys!
Dexaran: Hello Callisto Community.
Gary (Callisto Network Admin): Maybe we should start with what we should expect in next 3 months, then we can go to questions security related.
Yuriy: In next 3 months we will run new Soy staking, Master nodes, NFT bridge
Is new staking flexible?
Yuriy: Yes, it allow to stake for any period that are longer than minimal period of staking (will be 5 different periods).
Dexaran @Dexaran, good evening, I will add some criticism, let's be honest.
- 1.Team marketing does not work, that is, no one knows about your project, or does not want to know. (many are chasing hype)
- 2.Having an honest audit experience, it is not particularly interesting, most token smart contracts (over 70%) are written in templates (statistics).
- 3.Coinmarketcap Rank #805
- 4.Defilama Rank Soy Finance #565
- 5.Not promotions, not games, not staking, not farming, not masternodes will help.
- 6.That is, frankly, there are no own developments (except for EVM ETH Github copy-paste) or your written smart contracts
- 7.Everything that is told is on ETH and works great, why do you need your network, which does not work on the crypto market, high competition.
- 8.You need a rocket that will make a big break in Defi. P.S. I have been in the project since the start of 2018. If I'm wrong about something, correct me.
- 1.I don't agree that having "honest audits" is not important. Security is the greatest problem of the crypto industry as well as governance. So we are solving one of the most important problems.
- 2.If you are comparing CLO to ETH then yeah CLO is not in the best spot right now. However if you take into account that there were UBQ, Expanse, MSC, Pirl EVM-compatible chains during the previous cycle and now they all are gone but CLO still exists and the development is still going on - then it proves that we are doing something that is important on this market.
- 3."there are no own developments (except for EVM ETH Github copy-paste) or your written smart contracts" - this is true but the point is that we could learn from previous projects and improve the ecosystem. ETH has a lot of problematic aspects such as not-so-decentralized-Defi / ERC20 vulnerabilities / old NFT standard. We could build a more secure ecosystem with better standards and really decentralized approach.
Greetings Callisto team here question for @yuriy77k.You have a solution for hive ransomware and I understand it's an original solution. Please tell us:1 how the team find the solution (simple words)))2 do you pursying the researchs on ransomwares?Thank you
Yuriy: We reversed hive ransomware and found some issues in their encryption algorithm. It allow us completely decrypt files.
They didnt audited their code with CLO))
Yuriy: :) we don't provide audit for ransomware or MLM
the two articles on getting rid of ransomware were really hugh news and could save a lot of money for affected companies, are there already any plans on how to reach out to the companies and people that need this service and the cost if someone use this service
Yuriy: we will work on descriptors for other ransomware as well. For decryption we are using our mining datacenter that allow us to decrypt a lot of files very quickly.
I even have an encrypted and original file for example, how can I contact you for help in decrypting. In turn, I can help in the development of this direction, the search for clients and recommendations!
Yuriy: Please, contact me PM
So in the most cases ransomware will no longer could be an problem for the industrie i would say
Yuriy: it's endless war between "sword and shield"
true, both sides are developingthank you for the answers
Could we have client pay for this in callistoWe are talking about great things but how this impact callisto
At least 5-10%
Yuriy: We discuss it
Thanks we need all of the new tech to be connected otherwise we have different areas.
Yuriy: We will use some part of profit to buy CLO/CLOE and burn it.
@Dexaran is this chain developed for callisto nft? I came across this standard on Ethereum gitter
Dexaran: Callisto was founded before CallistoNFT standard was developed.
Is CallistoNFT more secure than ERC721? I see it on Ethereum but don't really understand the difference
Dexaran: CallistoNFT does not introduce any "security" improvements over ERC721
CallistoNFT introduces a number of features which are absolutely necessary for a number of NFT use cases:
- 1.built-in trades
- 2.user-generated data
- 3.standardized data attachment
Tonton: Hey mate, you could check this video after the AMA it explain the CallistoNFT in a simple and cool way
OK I got the buil in trades but what about data? What use cases are you talking about? No offence I'm really want to understand it better man.
Dexaran: User-generated content could be used in verification of the ownership
Imagine a system which is not directly connected to blockchain. For example an online store that accepts payments in crypto.
This exact store could ask you to prove that the transaction was sent from YOUR address. For this we could have a special "verification NFT"
A user could attach data - hash of some passphrase to that NFT
Anything can read data from that address and that NFT
This user could then input the pre-image of a hash to the store's website and thus prove the ownership of the address
Bro could it be something more obvious?
Dexaran: what do you mean?
You said imagine a systemIt's a bit hard to imagine this kind of system
Dexaran: I think that it is better to answer the question with an article instead of a message during AMA. I will write it during the weekend with proper explanation.
We are also preparing the demo that could illustrate the use cases as NFT developers are struggling to realize some advantages as well.
Would be cool
Is there any solution to prevent us from accidentally sending our assets to a coin/token contract address when transferring assets in the new callisto wallet?( such as the send button not working when we write a coin/token contract address to the address bar or white listed addresses )Thank you
Dexaran: I don't think that there is any right now.
We should introduce it in the coming updates.
I agree that additional safety checks are necessary for the wallet.
Stability helps to gain security, what do you think of the very limited restrictions (only having CLO/SOY/CLOE) for the masternode cluster? (since no one really wants to talk cpu/ram/disk/bandwidth).
Yuriy: master nodes don't use a lot of resources (CPU/RAM/Bandwidth) and can be run on free plan of AWS Lambda or any other serverless solution.
Free plan are very limited (time / resources) what is the data size if a node is > 26 G ?
Yuriy: The master node is different than full blockchain node. Master nodes will be used to secure our bridge transaction, in future we will extends their functionality for other task. For example will create decentralized Oracle.
Good to know, thank you.
@Dexaran Immortal Lotery is an amazing concept do you have more. Informations for us?
Dexaran: its still on-hold as its a side project
the documentation is written but there are always tasks with higher priority
I think that I will outsource this task to someone else or assign a bounty for the implementation.
What is immortal lottery?
Dexaran: You can find more info here:
Dexaran: I have a question for the community - would you like to participate in "development bounties" if there would be any? Like writing code for UI.
to be honest there are always bounties on ethereum.
Dexaran: Ethereum has bigger community but we have Treasury which is supposed to fund this type of projects. We also had "we fund you" program
Don't you think that exchanges are not suitable right now and that big exchanges are needed
Dexaran: If you are talking about exchange listings - yes, we need more exchange support.
I never heard about your project before until a dude invited me from ethereum chat.
invite more :)
Gary (Callisto Network Admin): There is alot to know, after ama I can share alot.
The security team dept is just 1 arm of the octopus.
you talk about "locked funds" for a MN but is it possible to lock fund for a wallet ?
Yuriy: sorry, did not get your question. Why do we need lock fund for a wallet?
It's written on the MN doc, the use case will be to lock malicious/suspicious wallet like 0x7971d8defa89bf68ff4142b2bb1e1e3866927b36.
Yuriy: Callisto blockchain is public we have no right (or ability) to block any address.
But bridge is controled by team?
Dexaran: bridge has different security model
Yuriy: for now - yes. But soon we will run master nodes and it will be decentralized
Don't you think about launching a token on ethereum?
There is ccCLo, Buy some.You will understand why Callsito chain is great 😍.
No I mean some projects scrap the chain and go as token.
Dexaran: We are not going to stop the Callisto chain right now. We have a number of features that could be inherited by other EVM-compatible chains and these features require some protobol modifications
For example Treasury and Cold Staking.
I do agree that there are good reasons to turn the project into a token and we have discussed it before
As for now - it is not the best idea right before ETH POS switch.
The idea of Callisto is to develop a mechanism of creating a self-securing smart-contract chain, Cold Staking, Treasury, Security Department were all parts of this system.
@Dexaran if you reimplement your coin as a token you can make it treasurable and stakeable in the contract code
Dexaran: In theory - yes. In practice CLO has emission (driven by mining). If we will simply migrate to a model with a token that is not supported by mining and then introduce Cold Staking and Treasury fee there then we will have to reinvent a new monetary policy.
@Dexaran @yuriy77k now that we have Callisto security company, what are the plans for the security department?
Yuriy: Our plan is provide more security audits. Now we will not limit only with smart contract audits, but also will provide audits for backend, servers settings, infrastructures. Another branch is data recovering that were encrypted by ransomware
Hello. Are there plans to fix the soy.finance website?
- 1.trading rates save only the last week. 🤯🤯
- 2.It is impossible to see the ratio of the exchange rate of two tokens without connecting a metamask or going through 10 pages. After adding new blochains on soy. Its awfullyI ask you to pay special attention to the second point. if I didn't know soy.finance and would have logged in for the first time, I would have thought that it was buggy, or there were almost no trades, or there was a scam. I definitely wouldn't want to connect my metamask to such a service. and generally people do not understand what and how. Where network btt, whehe classic, where clo. Find out only after connecting what is called.
Dexaran: I completely agree. I gave a task to SOY team to update the UI.
We will rework it. Work in progress.
Users should have opportunity to see on page switch button between blochains, see pools this chains and so on. This so big opportunity, but even i find it with big hardness)
Dexaran: Yes. I completely agree. We will update it - the task is already given to SOY team.
I see there is not much activity so it may be legit to ask to tell more about yourselfWhat background the team has?
@Dexaran was in eth before I remember him.
Dexaran: probably with ERC223 standard
Yuriy: I have Master Degree in Computer Science and experience in IT security more than 20 years.
Dexaran: I think there is no reason in re-writing what was already written before. There is an article about my activity in ETC and CLO: https://cointelegraph.com/press-releases/dexaran-the-lord-of-ethereum-classic-callisto-network
As for ETH - I was mostly known for my ERC20-ERC223 debates and then the ENS updates.
about 2 last big outage for the website ( ~3h each one), was it attacks ?
Dexaran: We can't say for sure at the moment.
I think that we answered all questions so we could finish an AMA
Chief! When will the bears be beaten ? We have talents in the RU chat , pay attention to them . People write things
Dexaran: Ok, It's a bit weird Im not in the RU chat.
Yuriy: Thank you, Callistonians, for good questions
Tonton: And that's all for today Callistonians
Thanks to the Callisto Security Team for their time and to all participants for their contributions and questions.
Tomorrow with the publication of the AMA recap!
Have a great evening Callistonians 💚