CSK3442

The evolution of small cap altcoins
2016/2018 - 4-6M - low cap gems 1-2M
Common target 50-100M+
2020/2022 - 20M-50M - low cap gems/degen sub 10M
Common target 500M-1B+
2024/2026 - sub 100K - low cap gems sub 25K
Common target 200-500K
Something went incredibly wrong here...

Can't deny that DeFi tech is ahead of its time however opsec is stuck in 2003

The biggest issue I find with security audits is that they validate a moment in time. It's the gap between them that needs more attention. A protocol can pass an audit Tuesday and rotate to a single signer with no timelock on Wednesday. To the general eye it looks fine with the audit displayed on the website. Yet the reality on-chain tells a different story
Continuous public opsec visibility does what audits can't. Protocols are 'motivated' to maintain the standard they passed on and holes get noticed faster. Same reason open source catches bugs faster than closed

Running a protocol multisig with weak governance is like running a high leverage trade with immediate liquidation risk. Only difference is it's other people's money on the line
Ten Solana DeFi red flags sitting in plain sight on chain
- Multi purpose governance keys. Same key approving multisig actions is also trading memecoins, farming airdrops, flipping NFTs, swapping on DEXs. Every dapp it touches is another place that signing power can get phished
- Single signer multisigs. No multisig at all, or one with multiple signers but threshold set to 1. Looks distributed, single point of failure i

Not sure how many warnings Solana DeFi protocols need to harden their security, but there's no better time than the present. Blast radius doesn't just impact internal users. Other protocols potentially get hit in the upstream and downstream too. We're better than this. Come on

Hundreds of millions exploited past few weeks. Drift & now Kelp. Many other protocols caught in the crossfire & impacted a lot of people. Still amazes me how this happens time & time again while protocols sit on the same vulnerabilities as the ones that got hacked. What else is so important? Upgrade your security, UI updates & new tools can wait. Wild how complacent people are. Hits different when it's other people's money at risk instead of your own, right? User safety > company revenue

Can we pump these charts

Two new tabs on solgov
GovWatch - tracks governance config changes, voter activity, and execution speed across 33 protocols. All on-chain verified
Blast Radius - helps map protocol dependencies so users can see what they're connected to. The Drift exploit affected 22 protocols through connections that caught people off guard

I think the next update on X should remove profile pictures and names so we just have to guess who's saying what on the feed

If you want an insight into how most people trade on CT, just look at how frequently they jump from one ai model to the next