Vitalik Buterin
@vitalik.eth
People who work in large corporate settings where things like this are a risk, do you have any existing rules or standardized best practices for how to minimize the risk? https://twitter.com/RichardHanania/status/1754257428198416393
46 replies
31 recasts
503 reactions
christopher
@christopher
yes, it’s called approval levels. e.g. you need your manager, whom has a $500,000 approval limit, to approve anything. any more than that you need their manager to approve until you get to the board
1 reply
0 recast
3 reactions
Vitalik Buterin
@vitalik.eth
Is this a company policy, or is it enforced in code? (whether through multisigs for cryptocurrency, or instructions given ahead of time to the bank for fiat)
2 replies
0 recast
2 reactions
Vitalik Buterin
@vitalik.eth
If company policy, then how do you deal with the risk of an attack tricking whoever is "actually" the administrator (if you can impersonate 1 person on a video call, you can probably impersonate the entire board)? (And of course, how to deal with rogue administrator risk)
4 replies
1 recast
22 reactions
JStacks🎩🔵
@jstacks
Typically approval flows on financial transactions instead of just a person making a decision. You can have different approval rules depending on the amount of the txn and even exception approvals depending on other characteristics of the txn
0 reply
0 recast
1 reaction
kristin eberth
@keliz
in my experience it’s usually a question of signing authority, which finance departments will screen for before authorizing a transaction doesn’t preclude social engineering of people with sufficient signing authority, ofc
0 reply
0 recast
1 reaction
Pranav Prakash
@pranav
Sometimes this is prevented at banks levels. We had a similar scenario (although not this much sophisticated) in my last startup and the Bank flagged the transaction and reported to us.
0 reply
0 recast
0 reaction
