Immunefi
Published in

Immunefi

The High School Files With t11s

By the time he was 8, t11s was playing Mozart’s Piano Sonata №1 in C major, K 279/189d (Munich, Autumn 1774). By the time he was 11, he mastered Klingon (eclectic interests, we’ll admit). And by the time he was 14, he sat down to read the Ethereum whitepaper and soon became a widely-respected developer, later picked up as a research engineer at Paradigm. After hearing about t11’s prowess, we used OSINT to track him down to a high school in the San Francisco Bay Area, where we pretended to be his parents so we could pull him out of class early. Upon learning that we were not, in fact, taking him for ice cream, t11s agreed to talk to us with only the most extreme reluctance.

You’re famously known for being a high school student. You doodle gas optimizations on the back of a half-crumpled piece of paper during class and then run home during recess to feed it into an analog compiler. The pressing question here: what made you choose Solidity over TikTok as a path? What is your origin story in crypto?

Although I’ve got a mean griddy, I find crypto especially interesting because the space is still very greenfield. It excites me that even as an outsider you can quickly enter and have an outsized impact while defining the meta for years to come.

In terms of how I got into crypto, it started just hearing about Bitcoin on the news and online. It sounded interesting but after watching a bunch of YouTube videos on the blockchain and proof of work function I couldn’t find one that didn’t over simplify everything to hell. I decided to just dive straight in and try my hand at writing a blockchain from scratch to figure out how everything really worked. It was an amazing learning experience and I would definitely recommend everyone in crypto to try their hand at writing a toy blockchain at least once.

You recently unironically tweeted, “I LOVE CELEBRITIES I SPEND EVERY WAKING MOMENT OBSESSING OVER CELEBRITIES”. Given that it’s a clear passion of yours and also of our audience, we’d like to spend most of the interview covering this topic. Who is your favorite celebrity and why?

Daniel Phillip Robinson.

You’ve got a dream job at a young age. How do you go up from here? What are your plans and aspirations for the future? IC? Founder? A different field altogether? Probably the alpha is in writing software to optimize beverage distribution. Let’s go into business.

To be brutally honest I don’t know right now. I’m fortunate enough to have the privilege of being able to just live in the moment and drill into all the areas that interest me to soak up as much knowledge as I can, without a big emphasis on where it will take me. Being able to work on all sorts of unique projects with my co-workers at Paradigm has definitely accelerated that journey and really been a dream come true.

Many critics have argued that DeFi/Web3 doesn’t have a real future beyond circular capital flows in yield farms that boast unsustainable returns. They say that even in the most generous scenario, where crypto continues to attract capital and use, that it still isn’t good or productive and could also turn into a surveillance machine escapable by only the giga smart and giga conscientious. How do you respond to these accusations?

The ugly reality of these criticisms is that, at least in the context of what has been done in DeFi so far, they are mostly true. Much of DeFi was circular and unsustainable, but it’s important to remember that smart contract technology itself does not bias toward these unsustainable outcomes, and the past does not dictate the future. As market cycles flush out grifters while the principled remain, slowly but surely I am confident that DeFi will grow to manage more and more of the world’s capital fairly and transparently. Just like the walled gardens of AOL were knocked down by the open web, so too will the outdated and inefficient banking system which continues to fail its users, especially the un and underbanked population.

In terms of DeFi being a surveillance machine, I believe the ability to spin up a nearly unlimited number of unique private keys at a moment’s notice is already a very strong privacy primitive, but I would contend that true privacy is not here yet for most applications. Yet, seeing as the crypto space is one of (if not the) leading patreon of zero knowledge cryptography research I’m very excited to see how we can apply this research in the real world in and outside of web3 to provide world class privacy to anyone who needs it, without compromising on the principle of transparency that DeFi is built on. Transparency for the powerful, privacy for the vulnerable.

What is the most overrated aspect of crypto, and the most underrated?

Governance tokens. IMO to uphold the principles of DeFi and fulfill the vision of creating free, uncensorable money there are 3 rules every protocol should strive to follow:

  • Everything that can be immutable and automated, should be immutable and automated.
  • Where not possible, control should not be determined by the size of your wallet.
  • Value extraction should occur outside of a protocol’s core smart contracts.

Governance tokens interfere with all of them.

For most underrated, I’d say NFTs with creative mechanism design behind them. It feels like NFT devs often forget that Ethereum is turing complete, and NFTs can be so much more than simple cookie-cutter collectibles. NFTs should be an epicenter of innovative mechanism design, as they are the perfect place to experiment without many real world repercussions if things go south. As these ideas mature and become battle tested, I expect them to bleed into DeFi and create new financial services that go beyond simple skeuomorphic reconstructions of the outdated banking system.

Solidity is a bit of a strange and awkward language. And yet, it’s clear given your focus that you care deeply about elegance, and it does seem intuitively true that both math and code are capable of being elegant or inelegant and aesthetic or unaesthetic. Resolve this tension for us. From your perspective, what could or should be improved or rebuilt from scratch? What is your philosophy of code, and where did it come from?

I think aesthetics of code are important because really what aesthetics are is evidence that whoever wrote that piece of code put deep thought into every aspect of it. On the blockchain where mistakes are costly, it’s more important than ever for developers to generate as much evidence as possible that their code is correct, secure, and efficient. Aesthetics emerge as a natural product of those lines of thinking.

Aesthetic code is defined by more than just aligning comments, it’s seeing that hot paths are properly optimized and well documented, it’s well thought out function names and contract interactions that make it as easy as possible to understand how a system works, it’s leveraging rigorous fuzz testing and symbolic execution to eliminate unnecessary checks and foster a deeper understanding of a contract’s invariants in the process, etc. We write aesthetic code when we want to write robust code, which in the world of smart contracts is pretty much always. My passion for writing this kind of overly thought-out code began long before crypto, just as a means to dig as deep as possible in whatever domain I was exploring. In other areas like web development where the top priority is just shipping an experience to the user as fast as possible, focusing on aesthetics can be a detriment, but in a field like blockchain where dollars are on the line, it’s almost a necessity.

This might sound a bit trite, but what is your well-considered advice to aspiring Solidity developers and EVM learners? What did you find most useful in your journey?

Off the bat it’s important to recognize that Solidity is really quite a simple language, and the EVM is an incredibly simple VM. I think it just may appear harder to break into for some because of the lack of resources around it compared to more mature and well adopted technologies like Java and the JVM. Use this to your advantage. Once you overcome that initial hump of getting your bearings on Solidity and the EVM, you can make a huge impact on this industry by being the person to document the dark parts of the ecosystem, and you’ll learn a ton in the process.

For me that was tweeting out interesting things I learned and publishing what I was learning about security in the Solcurity Github repo, and rebuilding common smart contract libraries from scratch with a focus on aesthetics and efficiency in Solmate.

The Department of Defense approaches you and demands that you assist in optimizing surface-to-air missile flight paths, or else they’ll tell your parents that you [REDACTED] that one time. How do you solve this ethical dilemma, if it even is one?

I’d tell the Department of Defense they need to wait their turn at the back of the line because I’m already busy helping these aliens optimize their UFO flight paths. Anyways I’m sure whatever [REDACTED] is does not compare to the threat of revealing to the public that the DoD does not possess any personnel more qualified than a random high school EVM nerd to optimize their surface-to-air missiles — not a good look.

Final question: why haven’t you reported any big bugs yet?

Most of the bugs I find are of my own creation. Unlike Paradigm’s resident omnipotent cyborg samczsun and our amazing research intern Riley Holterhus, I’m much better at spawning bugs than killing them.

Final, final question: if you received a $10 million dollar bounty, what would you do with the money?

After copping a pair of the Chicago Reimagined Jordan 1s when they come out, probably donate it. I won’t lie, it’d be more fun to hand it out on the street face to face, but donations to organizations that specialize in charity, welfare, etc would have a much larger impact thanks to economies of scale, which is what really matters.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Immunefi

Immunefi

Immunefi is the premier bug bounty platform for smart contracts, where hackers review code, disclose vulnerabilities, get paid, and make crypto safer.