Ethereum & Web3 Security Initiative Selected for Ethereum Security QF Round #3
Replies: 12 comments 4 replies
-
|
Congratulations on this incredible milestone 🎉 I came across DeepScapy through your mail and deeply explored the repo and the related research work. The work on automated side-channel analysis using NAS is genuinely impressive, especially the way the project combines ML automation, attack evaluation, and modular experimentation pipelines into a usable framework. I found a few strong connections with BuilderOS (DMP 2026 project) as well. BuilderOS already includes an agentic co-pilot, modular dashboards, ecosystem analytics, and Web3 infrastructure support (WalletConnect, Filecoin/IPFS, programmable payments, MCP/ElizaOS integration). DeepScapy adds:
This could fit into BuilderOS as:
The repo is also useful architecturally because its modular pipeline structure aligns well with BuilderOS’s config-driven and plugin-oriented design. I’m also a past Summer of Bitcoin contributor, and my experience with React, TypeScript,Tailwind, AI-integrated workflows, Web3 tooling aligns well with the BuilderOS stack and direction. I’m really eager to work on this project and contribute long-term. |
Beta Was this translation helpful? Give feedback.
-
|
Many congratulations Sir ,on this initiative being selected for the Ethereum Security QF Round. Regarding "Hidden information leakage detection", one important area to look into is how local developer tools handle temporary data. While working on background tools using Python/Flask and cryptography, I noticed that a lot of data leaks happen silently through unencrypted local cache, loose file permissions, or metadata leaks during background syncs. As part of developer tooling, it would be very helpful to include a small check or linting rule to monitor how keys, state data, or session files are temporarily cached or backed up locally before they interact with Web3 protocols. |
Beta Was this translation helpful? Give feedback.
-
|
@seetadev Congratulations on the initiative getting selected for the Ethereum Security QF Round! Really well deserved!! |
Beta Was this translation helpful? Give feedback.
-
|
Hi @seetadev — congratulations to you and the team on being selected for the Ethereum Security QF round. I went through the repo + README and what I like most is the framing: you’re explicitly treating side-channel leakage as a first-class security surface (timing/power/memory/cross-layer), not an academic afterthought. The “automated evaluation” angle is also strong: using black-box NAS to search architectures and then reporting outcomes in terms of Guessing Entropy and a Vulnerability Score makes the results much easier to interpret and compare across targets. Two small, practical suggestions that could help adoption by wallet/client teams:
Happy to amplify the QF thread, and I’d be glad to review a draft quickstart / reproducibility doc if you put one up. |
Beta Was this translation helpful? Give feedback.
-
|
Congratulations @seetadev and your team. Let's not stop and keep progressing....💪😄 I went through the current NAS-based pipeline and the overall SCA setup in detail and I have a good approach of what can be implimented to improve this further. The current approach of using CNN-based architectures makes complete sense to me despite the traces being time-series signals, since leakage patterns are usually highly local and CNNs are extremely effective at capturing localized signal behavior efficiently. One thing I found particularly interesting though is the use of desynchronized datasets like ASCAD_desync, because this is exactly where fixed receptive fields may start becoming limiting. During a previous signal-processing project I worked on involving distortion analysis in lunar/solar signal data, we faced a somewhat similar issue where static receptive fields struggled to capture patterns appearing across varying temporal spans. What ended up working significantly better there was using atrous/dilated convolutions for adaptive multi-scale receptive field expansion, similar to approaches used in segmentation architectures. That made me wonder whether something similar could potentially improve robustness here as well, especially for desync-heavy traces where leakage signatures may shift temporally instead of appearing within a single fixed convolution window. I’m actually quite interested in experimenting with this on top of the current NAS pipeline, possibly allowing Optuna/NAS-style tuning over dilation rates and receptive field growth patterns dynamically instead of relying only on implicit receptive field expansion through depth/kernel sizing. Would genuinely love to try this approach and see whether it improves attack performance or vulnerability scoring consistency across datasets. |
Beta Was this translation helpful? Give feedback.
-
|
Congratulations, @seetadev and your team Some of the best areas that this initiative will target are those that deal with concealed information leaks, wallet protection, AI agent interaction security, and multi-chain security studies. The blend of research with tool development can generate tangible value for both users and developers in the ecosystem. I went through the repo + README, and what impressed me the most was the overall framing – seeing side-channel leakage as something that deserves to be taken seriously as a security surface, not some afterthought. In particular, I think it’s super cool how you guys have an automated way to evaluate things. Specifically, I thought it was cool how you guys used black box NAS to find the architecture, and then represented the findings using Guessing Entropy and a Vulnerability Score. What intrigues me further is the use of AI-based analysis and real-time wallet risk analysis capabilities in future Web3 environments, where autonomous and multi-chain connections are expected. It will be interesting to see how this develops into a larger part of the overall Ethereum security infrastructure |
Beta Was this translation helpful? Give feedback.
-
|
Deep congratulations to @seetadev, @prithagupta, and the entire team on being selected for the Ethereum Security Quadratic Funding round! Treating Side-Channel Analysis (SCA) as a first-class security citizen is exactly the kind of foundational public goods work the Web3 ecosystem requires as we transition toward population-scale infrastructure. After exploring the DeepScapy architecture, its focus on automating Neural Architecture Search (NAS) to optimize Guessing Entropy (GE) and Vulnerability Scores is brilliant. It bridges the gap between hardware security and automated ML pipelines seamlessly. Coming from a background in Theoretical Computer Science and distributed telemetry systems, I wanted to share a few distinct architectural and research-driven perspectives for the roadmap:
I am highly eager to contribute to these exact intersections of distributed infrastructure, ML pipelines, and cryptographic validation. Looking forward to connecting further at the upcoming meetup! |
Beta Was this translation helpful? Give feedback.
-
|
Belated congrats on the QF round selection it's a meaningful nod The framing of raw traces -> Vulnerability Score is a clean Reading the repo, I'm curious about the evaluation rigor: how On the AI-agents-interacting-with-Web3 direction: have you Coming at this from eval-harness discipline and OSS contribution |
Beta Was this translation helpful? Give feedback.
-
|
hi @seetadev @prithagupta After exploring the project overview, one aspect that particularly stood out to me is the focus on hidden information leakage. A significant portion of Ethereum security discussions today revolve around smart contract vulnerabilities, protocol exploits, and audit frameworks, while unintended information leakage often receives comparatively less attention despite its potential impact on user privacy and system security. I also found the intersection of AI agents and Web3 systems especially interesting. As autonomous agents become more involved in wallet operations, transaction execution, and cross-protocol interactions, understanding what information may be exposed through behavioral patterns, communication channels, or system interactions could become an increasingly important research area. One potential direction worth exploring is the development of benchmarking environments or evaluation frameworks for AI-driven Web3 workflows. Such frameworks could help researchers and developers systematically study leakage risks and establish security baselines for agent-powered decentralized applications. I believe initiatives like Leak Detect are valuable because they encourage the ecosystem to think beyond traditional attack vectors and proactively address emerging security challenges at the intersection of AI, distributed systems, and Web3 infrastructure. Looking forward to following the project's progress and learning more from the research and tooling that emerge from it. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you all for the thoughtful feedback, questions, and suggestions. We're currently reviewing the comments and will respond to each of them in detail soon. We greatly appreciate the insights around AI-agent security, wallet safety, side-channel analysis, benchmarking, reproducibility, and future research directions. A quick update: this repository is associated with an existing publication and is being maintained primarily for reproducibility. Therefore, we are not planning major changes here. For ongoing Ethereum/Web3 security research, new development, and future discussions, please use our active repository and discussion thread: https://github.com/LeakDetectAI/autosca-hw-wallet-tester Discussion: Looking forward to continuing the conversation and collaborating with the community there. |
Beta Was this translation helpful? Give feedback.
-
|
congrats on the qf round. building tet network (post-quantum L1, phase 1 ai inference following the new repo thread now too. |
Beta Was this translation helpful? Give feedback.
-
|
There has been prior work studying privacy leakage in tabular machine learning systems and synthetic data generators. Hyeong et al. investigated membership inference attacks against tabular data synthesis models and demonstrated that training-set membership can often be inferred from released synthetic datasets, highlighting significant privacy risks in tabular data generation pipelines [1]. More recently, Byun et al. conducted a large-scale benchmark of privacy leakage in foundation models for synthetic tabular data generation, including modern tabular foundation models such as TabPFN, and analyzed the trade-offs between utility and privacy across diverse datasets [2]. Our unpublished work explored similar questions in the context of AutoML systems, particularly AutoGluon and TabPFN, by evaluating their susceptibility to membership inference attacks. While prior research has primarily focused on synthetic data generators and foundation models, the privacy implications of automated model selection, ensembling, and hyperparameter optimization frameworks remain relatively underexplored. If you're looking for researchers doing meaningful work on membership inference attacks (MIA), Joshua Ward is worth following: https://dblp.org/pid/372/7149.html. References[1] J. Hyeong, J. Kim, N. Park, and S. Jajodia, "An Empirical Study on the Membership Inference Attack against Tabular Data Synthesis Models," in Proceedings of the 31st ACM International Conference on Information & Knowledge Management (CIKM '22), 2022, pp. 4064–4068. DOI: https://doi.org/10.1145/3511808.3557546 [2] J. Byun, X. Lin, J. Ward, and G. Cheng, "Risk In Context: Benchmarking Privacy Leakage of Foundation Models in Synthetic Tabular Data Generation," arXiv:2507.17066, 2025. Available: https://arxiv.org/abs/2507.17066 |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi everyone 👋
Hope you are doing well. Looking forward to connecting during the Park GHO contributors’ session tomorrow.
Wanted to share that one of our team’s initiatives focused on Ethereum and Web3 security has been selected for the Ethereum Security Quadratic Funding round by TheDAO Security Fund.
This funding round is part of a broader effort supporting Ethereum ecosystem security through community-driven funding and public goods contributions.
Reference:
About the Initiative
The initiative focuses on strengthening Ethereum and Web3 security research and tooling, especially around:
Twitter Threads
TheDAO Fund Announcement Thread
https://x.com/thedaofund/status/2054091453270536294
Project Overview Thread by Manu
https://x.com/manusheel/status/2054083699298472238
Request for Feedback
Would genuinely appreciate:
We would love to hear perspectives from builders, researchers, protocol contributors, auditors, wallet teams, AI/security researchers, and the broader Ethereum community.
Thanks a lot for your time and support 🙏
Beta Was this translation helpful? Give feedback.
All reactions