domains/internet-finance/defi-security-incident-response-networks-improve-coordination-but-cannot-eliminate-human-coordination-layer-attack-surfaces.md

@@ -0,0 +1,17 @@
+---
+type: claim
+domain: internet-finance
+description: SIRN-type networks address response capability and coordination speed but are architecturally incapable of preventing attacks that target human operators rather than code vulnerabilities
+confidence: experimental
+source: CoinDesk, Solana Foundation SIRN/STRIDE announcement April 2026
+created: 2026-04-08
+title: DeFi security incident response networks improve ecosystem coordination but cannot eliminate attack surfaces that exploit the human coordination layer rather than smart contract logic
+agent: rio
+scope: structural
+sourcer: CoinDesk
+related_claims: ["[[futarchy-governed DAOs converge on traditional corporate governance scaffolding for treasury operations because market mechanisms alone cannot provide operational security and legal compliance]]"]
+---
+
+# DeFi security incident response networks improve ecosystem coordination but cannot eliminate attack surfaces that exploit the human coordination layer rather than smart contract logic
+
+The Solana Foundation's launch of SIRN (Solana Incident Response Network) and STRIDE represents a genuine improvement in DeFi security infrastructure—SIRN creates a coordinated network of security firms with established contacts at bridges, exchanges, and stablecoin issuers for real-time crisis response, while STRIDE provides formal verification funding for protocols above $100M TVL. However, these mechanisms operate at the response and evaluation layers, not the prevention layer. The Drift exploit succeeded not through a smart contract vulnerability but through social engineering that compromised developer devices to obtain multisig private keys. SIRN improves how fast the ecosystem can coordinate after an exploit begins—freezing assets, coordinating with exchanges, mobilizing security firms—but it cannot prevent attacks that exploit the human coordination layer itself. The distinction is critical: SIRN addresses 'what happens after we detect an exploit' while the Drift attack vector was 'how do we prevent detection until execution.' The Foundation's response acknowledges this limitation implicitly by not claiming SIRN would have prevented Drift, only that it would have improved response coordination. This reveals a fundamental boundary: incident response networks can reduce damage and improve recovery, but they cannot eliminate attack surfaces that target the humans who must ultimately control keys, approve transactions, and make operational decisions. The 'trust-shifted not trust-eliminated' framing applies: DeFi shifts trust from centralized intermediaries to decentralized protocols, but the trust in coordinator identity and operational security remains.

domains/internet-finance/solana-durable-nonce-creates-indefinite-pre-signed-transaction-validity-window-that-standard-multisig-security-models-cannot-address.md

@@ -0,0 +1,17 @@
+---
+type: claim
+domain: internet-finance
+description: The architectural gap between durable nonce transaction validity and multisig security assumptions enabled the $270M Drift exploit and remains unaddressed by Solana Foundation's SIRN/STRIDE response
+confidence: experimental
+source: CoinDesk, Drift Protocol exploit analysis April 2026
+created: 2026-04-08
+title: Solana's durable nonce feature creates an indefinite pre-signed transaction validity window that standard multisig security models cannot address
+agent: rio
+scope: structural
+sourcer: CoinDesk
+related_claims: ["[[futarchy-governed DAOs converge on traditional corporate governance scaffolding for treasury operations because market mechanisms alone cannot provide operational security and legal compliance]]"]
+---
+
+# Solana's durable nonce feature creates an indefinite pre-signed transaction validity window that standard multisig security models cannot address
+
+The Drift Protocol exploit demonstrated that Solana's durable nonce feature—which allows transactions to remain valid indefinitely rather than expiring after a blockhash timeout—creates an attack surface that standard multisig security models were not designed to handle. North Korean state-affiliated actors compromised developer devices to obtain multisig private keys, then used durable nonces to create pre-signed transactions that remained valid for 8+ days. This allowed attackers to stage transactions and execute them at a time of their choosing, long after the initial compromise. The Solana Foundation's April 2026 response launched SIRN (incident response coordination) and STRIDE (protocol evaluation and formal verification funding), but neither addresses the underlying architectural issue. As CoinDesk notes: 'No smart contract audit or monitoring tool was designed to catch it.' SIRN improves response speed after an exploit begins, and STRIDE evaluates protocol correctness, but the specific attack vector—indefinitely valid pre-signed transactions in a multisig context combined with zero-timelock governance—remains exploitable. The Foundation's response operates at the coordination layer (SIRN) and evaluation layer (STRIDE) without proposing any protocol-level fix to durable nonce behavior, such as requiring time-bound nonces or adding validity windows. This absence is informative: it suggests the Foundation either believes a protocol fix is infeasible or accepts the tradeoff as inherent to the durable nonce design.

entities/internet-finance/asymmetric-research.md

@@ -0,0 +1,17 @@
+# Asymmetric Research
+
+**Type:** Security firm  
+**Status:** Active  
+**Domain:** Internet Finance  
+
+## Overview
+
+Asymmetric Research is a blockchain security firm and founding member of Solana's SIRN (Solana Incident Response Network).
+
+## Timeline
+
+- **2026-04-07** — Named as founding member of SIRN (Solana Incident Response Network)
+
+## Notes
+
+Part of the coordinated security response network for Solana ecosystem incidents.

entities/internet-finance/neodyme.md

@@ -0,0 +1,17 @@
+# Neodyme
+
+**Type:** Security firm  
+**Status:** Active  
+**Domain:** Internet Finance  
+
+## Overview
+
+Neodyme is a blockchain security firm and founding member of Solana's SIRN (Solana Incident Response Network).
+
+## Timeline
+
+- **2026-04-07** — Named as founding member of SIRN (Solana Incident Response Network)
+
+## Notes
+
+Part of the coordinated security response network for Solana ecosystem incidents.

entities/internet-finance/ottersec.md

@@ -0,0 +1,17 @@
+# OtterSec
+
+**Type:** Security firm  
+**Status:** Active  
+**Domain:** Internet Finance  
+
+## Overview
+
+OtterSec is a blockchain security firm and founding member of Solana's SIRN (Solana Incident Response Network).
+
+## Timeline
+
+- **2026-04-07** — Named as founding member of SIRN (Solana Incident Response Network)
+
+## Notes
+
+Part of the coordinated security response network for Solana ecosystem incidents.

entities/internet-finance/solana-foundation.md

@@ -1,11 +1,18 @@
 # Solana Foundation
 
-**Type:** Organization  
+**Type:** Non-profit organization  
 **Status:** Active  
 **Domain:** Internet Finance  
+**Founded:** 2017  
 
 ## Overview
-Solana Foundation is the non-profit organization supporting the Solana blockchain ecosystem.
+
+The Solana Foundation is the non-profit organization supporting the development and growth of the Solana blockchain ecosystem. It provides grants, coordinates ecosystem development, and manages security initiatives.
 
 ## Timeline
-- **2026-04-07** — Launched Stride and SIRN (Solana Incident Response Network) in direct response to Drift Protocol $285M exploit, addressing durable nonce security concerns and establishing coordinated incident response infrastructure.
+
+- **2026-04-07** — Launched SIRN (Solana Incident Response Network) and STRIDE security programs in response to $270M Drift Protocol exploit; SIRN is a membership-based network of security firms (founding members: Asymmetric Research, OtterSec, Neodyme, Squads, ZeroShadow) for real-time crisis response with established contacts at bridges, exchanges, and stablecoin issuers; STRIDE provides structured evaluation for DeFi protocols with >$10M TVL (ongoing monitoring) and formal verification funding for protocols >$100M TVL
+
+## Notes
+
+The Foundation's April 2026 security response addressed coordination (SIRN) and evaluation (STRIDE) layers but did not propose protocol-level changes to address the durable nonce vulnerability that enabled the Drift exploit.

entities/internet-finance/squads.md

@@ -0,0 +1,17 @@
+# Squads
+
+**Type:** Security firm / Multisig infrastructure  
+**Status:** Active  
+**Domain:** Internet Finance  
+
+## Overview
+
+Squads is a multisig infrastructure provider and security firm, founding member of Solana's SIRN (Solana Incident Response Network).
+
+## Timeline
+
+- **2026-04-07** — Named as founding member of SIRN (Solana Incident Response Network)
+
+## Notes
+
+Part of the coordinated security response network for Solana ecosystem incidents.

entities/internet-finance/zeroshadow.md

@@ -0,0 +1,17 @@
+# ZeroShadow
+
+**Type:** Security firm  
+**Status:** Active  
+**Domain:** Internet Finance  
+
+## Overview
+
+ZeroShadow is a blockchain security firm and founding member of Solana's SIRN (Solana Incident Response Network).
+
+## Timeline
+
+- **2026-04-07** — Named as founding member of SIRN (Solana Incident Response Network)
+
+## Notes
+
+Part of the coordinated security response network for Solana ecosystem incidents.