Crypto Startup School: How to build projects and keep them safe    

Editor’s note: Andreessen Horowitz’s Crypto Startup School brought together 45 participants from around the U.S. and overseas in a seven-week course to learn how to build crypto companies. Andreessen Horowitz is partnering with TechCrunch to release the online version of the course over the next few weeks. 

Week five of a16z’s Crypto Startup School gets into the inner workings of crypto projects, with a focus on security and project development from the front lines.

In the first video, Jutta Steiner, the CEO and co-founder of Parity Technologies, discusses “The Evolution of Blockchain Security.”

Steiner, who joined the Ethereum team in 2014 as chief of security, says the advent of that open ecosystem of interdependent “smart contracts,” or self-executing design programs, opened a whole new attack surface that requires successful organizations to prioritize a security-minded culture.

Potential coding risks include memory safety, input validation, privilege escalation flaws, fundamental design flaws, side channel attacks and cryptographic vulnerabilities such as insecure key storage. Security is not just code, however — it’s also people, operational procedures, and life cycle management of applications.

There is no single answer to any of these vulnerabilities, Steiner says. Instead, mitigation relies on a range of measures that are not perfect but can be used to create an overall system that is very difficult to penetrate. The key is to understand that crypto development is not like agile software development — once deployed, code is difficult to recall, and security must always be at the forefront.

She closes by noting that crypto developers can learn from security approaches used in other industries, such as aerospace, medicine, and hardware.

In the second video, Nitya Subramanian, product manager at Celo, discusses “Protocols and Products,” focusing on how building products is different in blockchain versus more traditional centralized products. The key question for builders: What is the need I’m meeting, and who are the users?

For projects seeking control over the end-user experience, such as with cryptocurrency wallets, typically the goal is to build the full stack, so that every layer can be changed to meet new use cases and find product-market fit.

For products built for developers, such as decentralized lending protocols, the focus should be on identifying a range of objectives that will bring developers to your platform while giving them the flexibility to customize and innovate.

No matter the end user, the rigorous focus at all times should be on what will bring people to your product and avoiding a “build it and they will come” mentality.

As an example of the full stack approach, she closes with a case study of the digital payments system Celo, which includes a blockchain forked from Ethereum that includes a native asset, topped by a layer of native smart contracts encoding a stablecoin, with a wallet and a developer SDK at the top of the stack.

While each layer of the project has separate development roadmaps, having the application layer allows Celo to identify issues with user experience and informs the development of lower layers of the stack.