ReadWrite
paint-brush
'Afisa Mtendaji Mkuu' Alinifikia Kwa Ajili ya Kazi Bora ya Mkataba—Ilikuwa Ulaghaikwa@edwinliavaa
Historia mpya

'Afisa Mtendaji Mkuu' Alinifikia Kwa Ajili ya Kazi Bora ya Mkataba—Ilikuwa Ulaghai

kwa Edwin Liava'a7m2025/03/21
Read on Terminal Reader
tldt arrow
en-flagENes-flagESja-flagJAcs-flagCSps-flagPSpl-flagPLsw-flagSWln-flagLNbg-flagBGiw-flagIWro-flagROsv-flagSVts-flagTS
SW

Ndefu sana; Kusoma

Mtu anayejiita "Joe," anayedai kuwa Mkurugenzi Mtendaji wa kampuni inayoitwa MindGeek Labs (yenye tovuti katika mindgeeklabs.com), alifikia kuhusu mradi unaodhaniwa.
featured image - 'Afisa Mtendaji Mkuu' Alinifikia Kwa Ajili ya Kazi Bora ya Mkataba—Ilikuwa Ulaghai
Edwin Liava'a HackerNoon profile picture

Kama Mhandisi wa Blockchain na Mtaalamu wa Wasanidi Programu wa Chainlink mwenye tajriba ya zaidi ya miaka mitano katika ukuzaji wa Web3, safari yangu ya utafiti mahiri wa usalama wa kandarasi ilianza kwa utambuzi rahisi, yaani, katika nafasi hii inayoendelea kwa kasi, kuwa na uwezo wa kujenga kwa usalama ni muhimu sawa na kuwa na uwezo wa kujenga hata kidogo.


Mandharinyuma yangu hufanya kazi katika mifumo mingi ya ikolojia ya blockchain ikijumuisha Ethereum, Hedera, Rootstock, na minyororo mbalimbali ya EVM iliyoimarishwa na mtandao wa oracle wa Chainlink. Katika maisha yangu yote, nimeunda mifumo changamano kutoka soko la huduma za mtandao wa setilaiti kwa kutumia NFTs zinazobadilika hadi itifaki za nishati mbadala zilizo na zawadi za ishara. Lakini jinsi uzoefu wangu katika nafasi ulivyokua, ndivyo ufahamu wangu wa udhaifu wake ulivyoongezeka.


Hii ndiyo sababu nilijiunga na mpango wa Cyfrin Updraft mnamo Novemba 2023. Kama Mhandisi wa Blockchain na Msanidi Programu Kamili wa Stack, nilitambua hitaji muhimu la kuwaona walaghai na watendaji wabaya katika kikoa cha Web3. Nafasi hii, ambayo bado ni changa, kwa bahati mbaya inakabiliwa na huluki hasidi zinazotaka kuwanyonya wasanidi programu na watumiaji wasiotarajia.

Ukweli wa Vitisho vya Usalama vya Web3

Mfumo wa ikolojia wa Web3, licha ya ahadi zake za ugatuaji na uwazi, unasalia kuwa msingi mzuri kwa walaghai. Safari yangu ya usalama imechochewa na kushuhudia miradi mingi ikiathiriwa na unyonyaji, udukuzi na miradi ya ulaghai. Kutoka kwa udhaifu wa kurejesha tena hadi mashambulizi ya mkopo wa flash, vekta za mashambulizi ya kiufundi ni nyingi. Lakini zaidi ya vitisho vya kiwango cha msimbo, kuna hatari ya hila zaidi, yaani, uhandisi wa kijamii unaolengwa watengenezaji wenyewe.

Arifa ya Mlaghai: Mkutano wa Hivi Karibuni

Hivi majuzi tu, nilifikiwa na matapeli kupitia LinkedIn, uwanja wa kawaida wa kuwinda wanyama wanaowinda wanyama wanaotafuta talanta ya kiufundi. Walijionyesha kama wataalamu halali wa biashara wanaotafuta ushirikiano kwenye mradi. Acha nishiriki uzoefu huu kama hadithi ya tahadhari kwa wasanidi wote wa Web3.


Mtu anayejiita "Joe," anayedai kuwa Mkurugenzi Mtendaji wa kampuni inayoitwa MindGeek Labs (yenye tovuti katika mindgeeklabs.com), alifikia kuhusu mradi unaodhaniwa. Walikuwa na hazina ya GitHub (github.com/mindgeek-pm) na walidai walihitaji usaidizi wa kupeleka jukwaa lao "kiwango kinachofuata" yaani, jukwaa linalodaiwa kuwa limeundwa kuwawezesha watumiaji na zana za biashara na uwekezaji wa cryptocurrency.


Huu hapa ni ujumbe wao wa awali:


 Hi Edwin, I hope this message finds you well. We are in the process of expanding our EVM chain platform, and we are seeking highly skilled software developers to help us scale and enhance the platform. I'd like to explore the potential for collaboration with you on this initiative. 👉 Here are the key details: 1️⃣ Team: 6-8 members 2️⃣ Rate: $80-150/hr (depending on role and experience) 3️⃣ Project Timeline: 3-6 months 4️⃣ Estimated Budget: $700K–$800K (for 6 months) 5️⃣ Work Setup: Fully remote with flexible hours (Part-time opportunities available) 6️⃣ Payment: Crypto preferred (USDT, USDC, ETH) If this opportunity aligns with your interests and availability, I would be happy to discuss the specifics further and explore how we can work together. Looking forward to your response. Best regards, Joe


Chambo kilikuwa cha kuvutia kwa viwango vya juu vya saa, bajeti kubwa, kazi ya mbali, na malipo ya crypto. Lakini kuna kitu kilinikera, kwa hivyo niliamua kucheza ili kuelewa mbinu zao na kufichua operesheni yao.


Walifuata maelezo zaidi kuhusu mradi wao unaodaiwa:


 Okay, first of all, let me briefly share some details about our project. Our platform encompasses key functionalities such as pooling, liquidity provision, staking (farming), and trading. We are in the process of developing a decentralized exchange (DEX) platform for traders within the EVM network, with plans to integrate an Automated Market Maker (AMM) mechanism. Initially, we hired a team to help with our project, but unfortunately, their coding skills didn't meet our expectations. As a result, we are seeking a more experienced team to take over and lead the development of this project. Here's a brief overview of our requirements https://docs.google.com/document/d/1Ttr9CdQvSetonrumBKR2jiUIrIwezunmyKU0o9Q7Wvw/edit We also need to implement the mobile design. There are several modifications required to align the platform with our evolving vision. An important aspect to consider is the animation on the landing page. This is crucial because the landing page is the first thing users see when they visit the site. While there is currently an animation, feedback from visual experts and developers suggests that it would be better to remove it. The animation is too tiring on the eyes, and removing it could improve the overall user experience by creating a cleaner design. I'm excited about the direction we're heading, and I believe this project has potential. Our project is being developed using React, TypeScript, Node.js, and Web3. Given your expertise, I believe you would be an excellent fit for the lead role. Would you be available for a meeting with our CTO next week to discuss the project in more detail? Let me share his calendar link with you, Does that work for you?


Walishiriki hata Hati ya Google yenye mahitaji ya kina kwa kile kilichoonekana kama mradi halali wa uboreshaji wa jukwaa la DEX:


 DEX Platform Enhancement Project: Comprehensive Task List (4-Month Contract) 1. Expand Connected Chain List Integrate additional blockchain networks into the existing connected chain list to enhance interoperability and functionality. 2. Integrate Wallets into Connect Wallet Page Objective: Enhance user experience by allowing users to connect multiple wallets seamlessly. Wallets to Add: * MetaMask * Trust Wallet * Coinbase Wallet * Phantom Wallet * OKX Wallet * Binance Wallet * Coin98 * MathWallet * SafePal * TokenPocket 3. Update Trading Page Functionality * Crypto Token List Enhancement: Update the list of available cryptocurrencies to ensure it includes all current tokens. * Add 24-Hour Trading Volume: Implement a section displaying the 24-hour trading volume for each token. * Trading View Graph Updates: Enhance trading view graph features to provide real-time data visualization. * Order List Table Integration: Develop an order list table that displays active orders with real-time updates. * Token Icons in Dropdown: Incorporate brand icons for each token in the dropdown menu of the swap section for improved visual recognition. * Secure Links Section: Ensure all links in the "Useful Links" section are updated and functional, pointing to relevant resources. 4. Revamp Dashboard Page * Theme Update: Redesign the dashboard theme to prominently display key metrics such as 24-Hour Trading Volume, Open Interest, Long Positions, and Short Positions. * UPL Index Composition Table: Update and optimize the UPL Index Composition table for better clarity and data presentation. 5. Overhaul Earn/Buy Page * Token and Modal Links: Revise all token links and associated modal functionality to ensure accuracy and up-to-date information. * Decentralized/Centralized Services Links: Update links to both decentralized and centralized services to enhance the platform's service offerings. * Farm Section Addition: Design and add a new section or page dedicated to farming opportunities, providing users with insights and options. 6. Clean Up Testnet Integrations * Objective: Remove all U2U testnet settings, configurations, and integrations to streamline the platform and avoid confusion for end-users.

Bendera Nyekundu na Ufunuo

Usanidi ulikuwa wa kina, lakini bendera nyekundu kadhaa ziliibuka:

  1. Hati ya mahitaji ya kina ambayo haikuwa na maelezo mahususi ya kiufundi kuhusu codebase yao iliyopo iliyoshirikiwa kutoka kwa hifadhi ya google badala ya tovuti yao rasmi.

  2. Maelezo yasiyoeleweka kuhusu timu yao ya awali ya maendeleo.

  3. Kwa mradi mkubwa kama huu, Hifadhi yao ya Github iliundwa mnamo Machi 2025 bila wachangiaji wanaofanya kazi.

  4. Msingi wao wa msimbo ulikuwa hasa HTML, CSS, na JavaScript bila kandarasi mahiri au msimbo wa nyuma.

  5. Madhumuni ya simu ni kujadili mradi kwa undani zaidi na kuona ikiwa umeunda hazina yao na kuijaribu kwenye mashine yako ya karibu.


Kama mtafiti wa usalama, niliendelea kujihusisha nao, hatimaye nikaanzisha mkutano na CTO yao inayodaiwa. Wakati wa mkutano huu, nilikabiliana nao kuhusu kuwa matapeli. Mara tu walipogundua kuwa nilikuwa karibu nao, walitoweka kwenye LinkedIn bila kuwaeleza. Hata hivyo, bado nina mazungumzo yetu kwenye LinkedIn, kiungo chao cha Kalenda na hati ya Hifadhi ya Google kama ushahidi wa jaribio lao la kulaghai.

Kitabu cha kucheza cha Ulaghai cha Kawaida

Kulingana na utafiti wangu wa usalama na mkutano huu, hivi ndivyo ulaghai huu kawaida huendelea:


  1. Mawasiliano ya Awali : Walaghai hukaribia wasanidi programu kwenye majukwaa ya kitaalamu kama vile LinkedIn wakiwa na ofa nzuri
  2. Usanidi wa Kufafanua : Wanaunda kampuni bandia, tovuti, na hazina za GitHub ili kuonekana kuwa halali.
  3. Hati : Wanashiriki mahitaji ya kina ili kutoa taswira ya mradi halisi
  4. Hook : Wanapanga mkutano na "mwanachama wa timu ya kiufundi" ili kujadili maelezo ya mradi
  5. Mashambulizi : Wakati wa majadiliano ya kiufundi, hatimaye humwongoza mwathiriwa kuelekea:

    • Kufunga na kusakinisha hazina yao, ambayo itakuwa na programu hasidi

    • Kukushawishi kuendesha nambari zao ili kujaribu baadhi ya utendaji

    • Kupata ufikiaji wa pochi zako za crypto

    • Kuiba pesa zako zote


Pindi tu wanapopata ufikiaji wa pochi au kusakinisha programu hasidi, wanaweza kuiba pesa au kuhatarisha akaunti kwa mashambulizi zaidi.

Kujilinda kama Msanidi wa Web3

Safari yangu kama Mtafiti wa Usalama wa Mkataba Mahiri huko Cyfrin Updraft imenipa maarifa ambayo kila msanidi wa Web3 anapaswa kuwa nayo:


  1. Thibitisha kwa Ukamilifu : Makampuni ya utafiti, watu binafsi, na miradi kwa upana kabla ya kujihusisha
  2. Ujuzi wa Uchanganuzi wa Kanuni : Jifunze kukagua kandarasi mahiri na kutambua mifumo hatarishi
  3. Mtazamo wa Kwanza wa Usalama : Fikia kila mradi na mwingiliano na usalama kama kipaumbele
  4. Usishiriki Kamwe Funguo za Kibinafsi : Kwa hali yoyote usishiriki funguo za faragha au vifungu vya mbegu
  5. Tumia Mazingira ya Jaribio : Kwa mradi wowote mpya, tumia pochi na mazingira maalum ya majaribio
  6. Amini Silika Zako : Ikiwa kitu kinakera, labda ndivyo

Mustakabali wa Usalama wa Web3

Uzoefu wangu kama msanidi programu wa blockchain na mtafiti wa usalama umenionyesha kuwa nafasi ya Web3 inahitaji wataalamu zaidi wanaojali usalama. Ninapoendelea na safari yangu kama Mtafiti Mahiri wa Usalama wa Mkataba anayebobea katika kusumbua, majaribio yasiyobadilika, na uthibitishaji rasmi ili kutambua hitilafu na kulinda itifaki za Web3, nimejitolea kushiriki maarifa ambayo husaidia kufanya nafasi hii kuwa salama zaidi.


Ubora wa mashambulizi, wa kiufundi na kijamii, utaendelea kubadilika kulingana na wakati. Lakini kupitia elimu, umakini, na mtazamo unaolenga jamii kuhusu usalama, tunaweza kujenga mfumo ikolojia unaostahimili zaidi.


Ikiwa wewe ni msanidi wa Web3, ninakuhimiza uwekeze muda katika utafiti na mafunzo ya usalama. Ujuzi wa kujenga kwa usalama ni muhimu sawa na uwezo wa kuvumbua. Kumbuka, katika ulimwengu ulio na madaraka, mara nyingi wewe ni timu yako ya usalama.


Twende!

Spacecoin
L O A D I N G
. . . comments & more!

About Author

Edwin Liava'a HackerNoon profile picture
Edwin Liava'a@edwinliavaa
Blockchain, Geospatial, Digital Connectivity & Transformation Engineer
Read my stories

HANG TAGS

purcat-imgweb3 #web3 #smart-contracts #security-researcher #society #social-engineering #cybersecurity #web3-job-scam #hackernoon-top-story

MAKALA HII ILIWASILISHWA NDANI...

Read on Terminal Reader Terminal
Read this story w/o Javascript Lite

HADITHI ZINAZOHUSIANA

Article Thumbnail
Speed up Swift compile time
by dejanatanasov
Jan 01, 1970
#swift
Article Thumbnail
Details of the Aerial Voyage.—Kennedy silenced
by julesverne
Jan 01, 1970
#adventure-fiction
Article Thumbnail
Sweet Security Unveils First Unified Detection And Response Platform
by cybernewswire
Jan 01, 1970
#cybersecurity
Join HackerNoonloading
Latest technology trends. Customized Experience. Curated Stories. Publish Your Ideas