dontfeedwolf.ethFrom 2023 into 2024
To dive directly into the highlights, skip down below to the End of the Year Web3 Highlights header. Otherwise enjoy this upfront read as a nice preface before diving in. As always, none of this is financial advice nor an endorsement of anything mentioned.Upfront Context:Reading last year’s End of the Year Recap made me reflect on how dated any mention of a project’s innovation can become, by the sole fact that most NFT projects die. Then again, even non-nft project posts can become dated.Rec...
dontfeedwolf.ethEnd of the Year web3 Highlights
This is my own personal list, not affiliated with any projects listed or any affiliation to my jobs or any work within this space. Not a shill, just a moment of reflection.TokenProofIf you went to an event in 2022, chances are you used TokenProof. Being able to physically confirm ownership without having to carry wallet that has the assets in them is HUGE move forward.. Including this at the top, after forgetting it for a moment because this is BIG and look forward to more innovation like thi...
dontfeedwolf.ethWAGDIE: Weekly Roundup (Aug 30th)
It’s been awhile since I’ve done one of these.. More of a monthly roundup than weekly. https://mirror.xyz/dontfeedthewolf.eth/a9SU4ZvjgNRzu2yRLHZ5WszO5ow7yLGyUUSTE2UJKnsWAGDIE?For the uninformed and mostly curious.. WAGDIE is interactive story-telling, across multiple mediums, both on chain and off, with a community of active creators and builders. It originally started in June 2022 as a free mint, cc0 project with no website and mint directly from The Contract. In the beginning, the story wa...
Strategy, writing, and collecting jpegs.
dontfeedwolf.ethFrom 2023 into 2024
To dive directly into the highlights, skip down below to the End of the Year Web3 Highlights header. Otherwise enjoy this upfront read as a nice preface before diving in. As always, none of this is financial advice nor an endorsement of anything mentioned.Upfront Context:Reading last year’s End of the Year Recap made me reflect on how dated any mention of a project’s innovation can become, by the sole fact that most NFT projects die. Then again, even non-nft project posts can become dated.Rec...
dontfeedwolf.ethEnd of the Year web3 Highlights
This is my own personal list, not affiliated with any projects listed or any affiliation to my jobs or any work within this space. Not a shill, just a moment of reflection.TokenProofIf you went to an event in 2022, chances are you used TokenProof. Being able to physically confirm ownership without having to carry wallet that has the assets in them is HUGE move forward.. Including this at the top, after forgetting it for a moment because this is BIG and look forward to more innovation like thi...
dontfeedwolf.ethWAGDIE: Weekly Roundup (Aug 30th)
It’s been awhile since I’ve done one of these.. More of a monthly roundup than weekly. https://mirror.xyz/dontfeedthewolf.eth/a9SU4ZvjgNRzu2yRLHZ5WszO5ow7yLGyUUSTE2UJKnsWAGDIE?For the uninformed and mostly curious.. WAGDIE is interactive story-telling, across multiple mediums, both on chain and off, with a community of active creators and builders. It originally started in June 2022 as a free mint, cc0 project with no website and mint directly from The Contract. In the beginning, the story wa...
Strategy, writing, and collecting jpegs.
Subscribe to dontfeedwolf.eth
Subscribe to dontfeedwolf.eth
Share Dialog
Share Dialog
<100 subscribers
<100 subscribers
Permissions and roles, the administrator needs to understand every permission and role in order to limit the attack vector and limit exposure. It’s about accountability, and taking responsibility for things we can control and understanding where we are vulnerable. Every discord we build should be built in mind with each and every single user being subject to compromise. Therefore, we have a PLAN in place BEFORE the attack, and do everything we can to mitigate and sometimes null the attack (before it takes place). But there is one role that must NEVER be compromised, and we can lock it down before the discord is open to the public.
The account that creates the discord should NEVER be an active USER in the server (once it is open) or even active anywhere outside of the server. It is OK if you use an active account to create the discord, but BEFORE going public, this role should be transferred to a burner account (preferably brand new account with email and discord name unassociated with the server/unrecognizable). This account is NOT used for anything else, other than being a ‘hardware wallet/ledger’ for the server.
No matter what the permissions and roles are in a server, no matter the hierarchy of those roles, the FOUNDER/CREATOR account bypasses all restrictions and has absolute control over the entire server and every role within it. The good news is, we can completely eliminate this attack vector and keep it in cold storage, unmarked and hidden away on the server. This account doesn’t need any special roles or identifiable markings and we in fact recommend keeping it that way.
Users may be able to use tools to figure it out, or discord itself may do a poor job of hiding it, but we do NOT need to bring any extra attention to this role, nor do we need to put it at risk by using it on an active account. With the account taken out of play and not in use, there is no chance of anyone phishing or gaining access to this account. Furthermore if an Admin is compromised, we always have one role above it, hidden and ready to ‘break in case of emergency’ and regain control of the server/eradicate the threat. If this role is ever compromised in this way, we know the attack came from within and limit it to only the person who had access to it being responsible.
The next most vulnerable area of attack is ANYONE with administrator permissions in the server (humans and bots). Administrator permissions bypass ALL roles and restrictions within the discord and channels HOWEVER they still cannot change or alter the roles at or above them. This hierarchy of roles can be used to our advantage when structuring discord roles and permissions.
Understanding ADMIN access is vulnerable to attack, we place the ONLY human role with admin at the very TOP (+) role and we only grant it to few individuals who need it. I recommend 2-3 at max, depending on the size of the server. I furthermore recommend that those working in this position understand they are NOT allowed to use these accounts to degen into other servers or operate on them for anything else other than doing their administrator work in the discords they are working on. It’s a lot of responsibility, it’s a job and should be treated as such.
Notice this role is neither hoisted, nor visible on the sidebar, nor is it colored and meant to stand out. The vanity roles which mark and signify Admin, Mod, and Team do NOT have Admin access and they are restricted only to the channels they need for their job.
These roles have an identifiable color and mark, sometimes with emoji icons and hoisted above all other roles. We expect these roles to be targeted and plan for them to be compromised. Therefore we plan ahead of time to mitigate the damage anyone can do with these roles with this structure and limitation of perms. Again, the only true Admins of the server have the (+) role and no ONE can give them this role, except for the founder/creator role which is on ice and locked away. And those with this + role take on extra responsibility and limit their attack vectors and exposure.
After administrator permissions (which again bypasses all restrictions, except hierarchy of roles) the next biggest threat is who has access to INFORMATION channels, with the biggest targets being on #Announcements & #Official Links channels.
The standard setup takes away everyone’s ability to write in this channel except for the intended user/role which overrides the nulled send message permission. Again Administrators still have absolute access and bypass all restrictions.
Therefore we NEVER grant anyone permanent control of these channels and limit their access with the (++) role. Only the true administrator (+) role has permanent access (as admin negates these restrictions) and only the (+) role can grant access.
It is therefore recommend that his exchange of power and communication for it be done (off and away from discord). Either through the use of text, whatsapp, or other platforms. This way even if a users discord account is compromised, the attackers do NOT have a means to ask for access to these permissions (other than discord channels and DMs, which we will NEVER use to ask for these permissions).
Now attackers need full use to an admins device (phone or computer) to entirely compromise them. These attackers are not doing this yet, but as we up our security they may which means we will need more security and practices outside of discord.
After removing the attack vector from the Creator/Founder account, limiting attack vectors to only trusted admin (+) role, our last area of exposure are the bots we use and the permissions we grant them. For projects of larger scale, I highly recommend fully-custom built, in-house bots to limit exposure and responsibility. As much as we dislike Azuki’s founder, I do applaud their server for having no compromises as all their bots are custom built. They remain a high target and have completely avoided compromise, this is worth noting and paying attention to regardless of feelings towards Zagabond or their project.
Not everyone can afford this option, but for any project that is bringing in hundreds of thousands to millions of dollars, there is no excuse. The only other options are to completely remove all bots from the server (which takes away logs and much welcomed automation), or to have very limited bots in the server strictly permed for their roles, and having the structure setup in a way to prepare for their compromise.
As it currently stands I have WICK above all other bots, with the quarantine role above them, but below Wick. This way we can rely on Wick to quarantine and remove all threats (including any of these bots being compromised). The problem with this build is that we are putting A LOT of faith in wick not being compromised. However, Wick is a PAID service and built with security in mind. Even if a user granted themselves a permission in this server, they wouldn’t be able to access and change the wick dashboard settings unless the server owner gave them access (which again, this account is locked away on cold storage).
When a Mee6 employee was compromised, and they were able to bypass server settings and change permissions and roles, the one server with Wick operating as intended (PXN) was able to instantly & automatically remove any webhooks and posts in their announcement channel. This was because the user was NOT whitelisted to post on the backend/dashboard of Wick. Even though an admin was compromised, Wick still didn’t allow that admin to post. Again it still puts a lot of faith in Wick and if you operate a large-scale project, I recommend you make your own.
Server Creator/Founder should be kept on ice and taken out of play. Humans with Admin access and perms above all other roles should be very limited and ready to take full responsibility and accountability for their role. It should be a paid job and those in that position should understand how to properly build and manage a discord.
BOTs in the server should be very limited in permissions and channels for only their needed purpose and those that aren’t we should understand fully how much faith and trust we are granting in them (as much as an ADMIN) if they have administrator access. Depending on the size and scale of your business, understand what that means.
There are discords that have NEVER been compromised, or if compromised, had minimal damage (threats instantly eradicated). We should all understand why that was and open-source our security as much as possible to team up against these threats. Understand this does NOT replace a much needed job and position within this space as we can give someone the keys to a helicopter and they still cannot fly it, or the schematics to a building and not everyone can build it.
Permissions and roles, the administrator needs to understand every permission and role in order to limit the attack vector and limit exposure. It’s about accountability, and taking responsibility for things we can control and understanding where we are vulnerable. Every discord we build should be built in mind with each and every single user being subject to compromise. Therefore, we have a PLAN in place BEFORE the attack, and do everything we can to mitigate and sometimes null the attack (before it takes place). But there is one role that must NEVER be compromised, and we can lock it down before the discord is open to the public.
The account that creates the discord should NEVER be an active USER in the server (once it is open) or even active anywhere outside of the server. It is OK if you use an active account to create the discord, but BEFORE going public, this role should be transferred to a burner account (preferably brand new account with email and discord name unassociated with the server/unrecognizable). This account is NOT used for anything else, other than being a ‘hardware wallet/ledger’ for the server.
No matter what the permissions and roles are in a server, no matter the hierarchy of those roles, the FOUNDER/CREATOR account bypasses all restrictions and has absolute control over the entire server and every role within it. The good news is, we can completely eliminate this attack vector and keep it in cold storage, unmarked and hidden away on the server. This account doesn’t need any special roles or identifiable markings and we in fact recommend keeping it that way.
Users may be able to use tools to figure it out, or discord itself may do a poor job of hiding it, but we do NOT need to bring any extra attention to this role, nor do we need to put it at risk by using it on an active account. With the account taken out of play and not in use, there is no chance of anyone phishing or gaining access to this account. Furthermore if an Admin is compromised, we always have one role above it, hidden and ready to ‘break in case of emergency’ and regain control of the server/eradicate the threat. If this role is ever compromised in this way, we know the attack came from within and limit it to only the person who had access to it being responsible.
The next most vulnerable area of attack is ANYONE with administrator permissions in the server (humans and bots). Administrator permissions bypass ALL roles and restrictions within the discord and channels HOWEVER they still cannot change or alter the roles at or above them. This hierarchy of roles can be used to our advantage when structuring discord roles and permissions.
Understanding ADMIN access is vulnerable to attack, we place the ONLY human role with admin at the very TOP (+) role and we only grant it to few individuals who need it. I recommend 2-3 at max, depending on the size of the server. I furthermore recommend that those working in this position understand they are NOT allowed to use these accounts to degen into other servers or operate on them for anything else other than doing their administrator work in the discords they are working on. It’s a lot of responsibility, it’s a job and should be treated as such.
Notice this role is neither hoisted, nor visible on the sidebar, nor is it colored and meant to stand out. The vanity roles which mark and signify Admin, Mod, and Team do NOT have Admin access and they are restricted only to the channels they need for their job.
These roles have an identifiable color and mark, sometimes with emoji icons and hoisted above all other roles. We expect these roles to be targeted and plan for them to be compromised. Therefore we plan ahead of time to mitigate the damage anyone can do with these roles with this structure and limitation of perms. Again, the only true Admins of the server have the (+) role and no ONE can give them this role, except for the founder/creator role which is on ice and locked away. And those with this + role take on extra responsibility and limit their attack vectors and exposure.
After administrator permissions (which again bypasses all restrictions, except hierarchy of roles) the next biggest threat is who has access to INFORMATION channels, with the biggest targets being on #Announcements & #Official Links channels.
The standard setup takes away everyone’s ability to write in this channel except for the intended user/role which overrides the nulled send message permission. Again Administrators still have absolute access and bypass all restrictions.
Therefore we NEVER grant anyone permanent control of these channels and limit their access with the (++) role. Only the true administrator (+) role has permanent access (as admin negates these restrictions) and only the (+) role can grant access.
It is therefore recommend that his exchange of power and communication for it be done (off and away from discord). Either through the use of text, whatsapp, or other platforms. This way even if a users discord account is compromised, the attackers do NOT have a means to ask for access to these permissions (other than discord channels and DMs, which we will NEVER use to ask for these permissions).
Now attackers need full use to an admins device (phone or computer) to entirely compromise them. These attackers are not doing this yet, but as we up our security they may which means we will need more security and practices outside of discord.
After removing the attack vector from the Creator/Founder account, limiting attack vectors to only trusted admin (+) role, our last area of exposure are the bots we use and the permissions we grant them. For projects of larger scale, I highly recommend fully-custom built, in-house bots to limit exposure and responsibility. As much as we dislike Azuki’s founder, I do applaud their server for having no compromises as all their bots are custom built. They remain a high target and have completely avoided compromise, this is worth noting and paying attention to regardless of feelings towards Zagabond or their project.
Not everyone can afford this option, but for any project that is bringing in hundreds of thousands to millions of dollars, there is no excuse. The only other options are to completely remove all bots from the server (which takes away logs and much welcomed automation), or to have very limited bots in the server strictly permed for their roles, and having the structure setup in a way to prepare for their compromise.
As it currently stands I have WICK above all other bots, with the quarantine role above them, but below Wick. This way we can rely on Wick to quarantine and remove all threats (including any of these bots being compromised). The problem with this build is that we are putting A LOT of faith in wick not being compromised. However, Wick is a PAID service and built with security in mind. Even if a user granted themselves a permission in this server, they wouldn’t be able to access and change the wick dashboard settings unless the server owner gave them access (which again, this account is locked away on cold storage).
When a Mee6 employee was compromised, and they were able to bypass server settings and change permissions and roles, the one server with Wick operating as intended (PXN) was able to instantly & automatically remove any webhooks and posts in their announcement channel. This was because the user was NOT whitelisted to post on the backend/dashboard of Wick. Even though an admin was compromised, Wick still didn’t allow that admin to post. Again it still puts a lot of faith in Wick and if you operate a large-scale project, I recommend you make your own.
Server Creator/Founder should be kept on ice and taken out of play. Humans with Admin access and perms above all other roles should be very limited and ready to take full responsibility and accountability for their role. It should be a paid job and those in that position should understand how to properly build and manage a discord.
BOTs in the server should be very limited in permissions and channels for only their needed purpose and those that aren’t we should understand fully how much faith and trust we are granting in them (as much as an ADMIN) if they have administrator access. Depending on the size and scale of your business, understand what that means.
There are discords that have NEVER been compromised, or if compromised, had minimal damage (threats instantly eradicated). We should all understand why that was and open-source our security as much as possible to team up against these threats. Understand this does NOT replace a much needed job and position within this space as we can give someone the keys to a helicopter and they still cannot fly it, or the schematics to a building and not everyone can build it.
No activity yet