Security is ‘Lindy’
Alana Levin (Investment Partner @ Variant Fund) nailed her take on twitter the other day. So much so that it inspired this post.
Alana’s thread was on the topic of the ‘5 sources of defensibility in web 3 that matter’.
From her post:
Broadly, I view these as some of the strongest sources of defensibility for projects building in web3: 1. First mover advantage 2. Network effects (same-sided vs. two-sided) 3. Brand & community 4. Security (very lindy) 5. Regulation
She went on to explain her reasoning for each of the 5 topics, but the security piece stood out the most to me:
Security = trust
Whether you’re connecting your wallet to an app, approving a transaction, staking tokens in a protocol, bridging to a new chain, claiming an airdrop, minting an nft, or anything in between — chances are your palms get at least a little sweaty each time. I’m guessing you breathe a sigh of relief each time you complete a transaction and your wallet hasn’t been drained and/or the contracts you deposited tokens into don’t end up hacked / rug pulled.
For the degens, maybe this is okay. Hell, Degenscore even gives you points for the times you’ve been rug pulled.
But if you’re a project and want to have staying power, you need to create a safe and secure environment for your users so they can trust using your protocol / app / site on an ongoing basis.
Those that can will develop lindy.
Those that can’t won’t be around.
Security as a flywheel accelerant
Let’s step outside of web3 for a minute and talk about Paypal to further my point. This is Paypal’s mission statement:
Our mission is to democratize financial services to ensure that everyone, regardless of background or economic standing, has access to affordable, convenient, and *secure* (emphasis mine) products and services to take control of their financial lives
Paypal’s an interesting case study because security is a feature they lean into heavily — so much so that it’s in their mission statement.
In the early days, Paypal acted as an intermediary between buyers and sellers on eBay to instill trust in the transaction. Today, Paypal enables you to purchase from a merchant without revealing your payment method details and while automatically receiving Paypal’s Buyer Protection (which entitles you to reimbursement for the item you bought if you don’t receive your item from a seller or the item isn’t what you ordered). Yes, I know Paypal does much more than this…
There’s more to the adoption and success of Paypal than just security (e.g. ease of use, UX, etc.), but providing a safe and secure commerce environment is definitely the reason why more consumers started using it and merchants wanted to adopt it to get access to those consumers.
Hence the flywheel: the more merchants and consumers that have a PayPal account, it makes the service more valuable and easier to use for the next person/merchant joining the network — aka lindy.
Security as lindy
So what does Paypal have to do with web3? Other than their mission statement sounding eerily like something you could slap on a ‘mission statement for DeFi’, Paypal ran much of Alana’s 5-step playbook largely by emphasizing security.
I believe web3 projects have a quasi-fiduciary responsibility to users, their project, and the industry to do everything in their power to eliminate exploits / mistakes that can harm users. Without this mentality, blockchain technology will never truly go mainstream. Unlike in web2, there’s no ‘Paypal’ sitting in the middle to remediate issues or errors that occur. If exploits or hacks happen, users are sh*t outta luck.
This also means that if exploits or hacks occur, projects are sh*t outta luck because users will lose trust in them.
Web3 security is multi-dimensional
My point to Alana was the web3 security stack has several angles. There’s a ton of good work going on many fronts — but most of the emphasis is at the smart contract layer.
IMO, in order for web3 to thrive and prosper long-term, we think every layer needs to be adequately addressed including at the UI level. This is where we’re focusing.
GuardianUI is a testing and monitoring SaaS platform for web3 teams. We primarily do three things:
- Test web3 applications and ensure their live UI creates the expected smart contract interactions (transactions point to the correct contracts and approvals give the correct addresses access to user funds).
- Monitor those same applications and interactions 24 x 7 x 365.
- Provide web3 teams with alerts and insights so they can quickly address errors or attacks.
You can apply to our private beta here.
Follow us on twitter to stay up to date with our progress!
About GuardianUI
GuardianUI is the testing and monitoring platform for web3 frontends. Our SaaS platform integrates and automates end-to-end testing, application performance monitoring for web3 critical paths, and real-time alerting and observability to ensure deployed applications create the expected smart contract interactions for users.
