Spearbit Labs/Cantina - Candidate for Security Council Elections - March 2025

Hello Arbitrum Community - we are formally publishing and expressing our intent to run for the March 2025 cohort of the Arbitrum Security Council.

Our core founders co-created the Solidity compiler while at the Ethereum Foundation and since then, they’ve identified a massive need within the industry specifically in providing high-quality security services (vCISO advisory, fuzzing/unit/e2e testing, audits, audit competitions, bug bounties, incident-response, etc) at affordable rates and at scale.

We currently work with Uniswap, Coinbase, OP Labs, Morpho, Eigenlayer, AAVE, and many more in securing their overall tech stack and on-chain assets. Spearbit Labs incubated Cantina - an open and free marketplace leveraging a custom-built innovative code review platform, Cantina Code, to provide dynamic security services such as incident response, competitions, bug bounties, and quality-gated solo as well as team reviews from our extensive network of security researchers. We’ve recently just kicked off the largest security competition at $2.5M with Eigenlayer and another $2M competition with Ethereum Foundation. Cantina also enables a diverse array of security providers in adjacent yet equally as important lanes such as traditional Web2 pen-testing and OpSec to provide protocols with a truly comprehensive approach to their security posture.

Please refer to the following links for additional context on Spearbit Labs/Cantina:

EF competition announcement: https://x.com/cantinaxyz/status/1893028114021978323
Eigenlayer competition announcement: https://x.com/cantinaxyz/status/1898071189995847783
Multi-sig Security Webinar: https://www.youtube.com/watch?v=sX_fzhPJxDA

2 Likes

Is Spearbit an organization compromised of several individuals who would all simultaneously act in this role, or an organization represented here by a single individual whom is running as the candidate?

I ask because the DAO Constitution as it is written seems to, by my interpretation, allow for “members” as in single individuals, but there is no mention or clear implied allowance for whole organizations being “members”.

I would feel more comfortable voting for an identifiable individual, even if under only an established pseudonym, than I would an organization whom I have no real insight into and which may shift in makeup at any time.

Edit: So as to not hijack this thread with discussion about the broader issue of how to interpret the DAO Constitution on this, I’ve made a separate comment about that in the overall submission announcement thread.

On the contrary, I know this team, which recently audited the Pectra update to Optimism.

Taking this into account, I consider the team competent enough to be a candidate for the Council.

The constitution does not quite clearly indicate the organization/person, and OpenZeppelin is currently a member of this Council.

love the questions! great points :slight_smile:
I see @cp0x has provided their input above but we are actually going to have our CEO, Hari Mulackal as the main signer. He was part of the team that created the Solidity Compiler and the other links in the post include some webinars with him speaking. Feel free to check em out!

To clarify, we are an organization but are planning to have our CEO, co-founder, Hari Mulackal as the main signer here.

3 Likes

For more context:

Hari is one of the founders and CEO of Spearbit and Cantina. Before starting the company, he worked on building the Solidity compiler at the Ethereum Foundation. Because of that, he’s deeply technical about both Solidity and EVM.

He also has a security background. Solidity was a foundational piece of crypto software, and every new update was critical because bugs in the compiler would lead to billions of dollars in losses. There are zero known compiler bugs in Solidity discovered on the mainnet, which speaks to the diligence and effort that went into building the Solidity compiler.

1 Like