Episode 5
Upgrading EVM Application Security w/ Bobafetador (Drosera)
November 27, 2025 • 1:11:32
Host
Rex Kirshner
Guest
Bobafetador
About This Episode
Drosera just shipped to Ethereum mainnet after two years of grinding weekends, audits, and architecture debates—and in this episode we unpack what they’ve actually built and why it matters. Boba, co-founder of Drosera, joins Rex to explain how “traps” let smart contracts watch on-chain conditions and automatically react, turning Ethereum into a far more expressive, always-on system without bolting everything onto a centralized backend. They dig into Drosera’s “L1.5 bandwidth layer” design, how shadow forks and ZK proofs make continuous off-chain execution verifiable on Ethereum, and why decentralization isn’t just about more nodes—it’s about who can realistically run them. The conversation closes with a candid post-mortem on restaking: what the original vision got right, how the incentives went sideways, and why ZK plus lean, grassroots communities may be a healthier path forward than hype-driven “crypto-economic security.”
Transcript
Rex (00:02.463)
Bobo, welcome to the Signaling Theory Podcast.
Boba (00:05.696)
Hey, great to be here man.
Rex (00:08.041)
All right, man, before we get started, just for those in the audience who don't know you and don't know what you're working on, can you just give a really brief introduction?
Boba (00:16.546)
Yeah, my name is Boba, co-founder at Dracera.
Rex (00:22.921)
Cool, all right, so I know right now is a super exciting time for Drosera because, well, at time of recording, I think we're one week into Mainnet. So first of all, congratulations. How's it gone? Like, how are you guys feeling? If feeling heavier or lighter, what's it like?
Boba (00:37.91)
no, it, it, think it feels really good. after building for like two years to get to this point, it took a lot of effort. and trying to get it across the line, actually get to main net, do all of our different audits and everything, work through all the different like types of problems, challenges, to get to this point. It required like, I mean, literally like two years of like constant effort, weekends.
weekdays, just like pushing every day. But we're really glad to finally be here. And it's a little bit surreal to think that, you know, we actually went and we created this like cryptographic protocol that lives on Ethereum. That was always the dream was to go and make something like that. And I kind of can't believe it's here. But it's it's kind of weird, because it's like the starting point to it's like people can actually go and use this thing.
on Ethereum with like real assets and actually build out like new protocols. So I'm particularly interested to see what comes out of what we're doing. But yeah, it's basically like last week or so. So the team is like, you know, we did it. Now we need to be able to actually get more people to build, get more people to actually like play with technology. So.
One of our buddies is down in DevConnect and meeting up with some people there and talking with the ETH Foundation and everything like that. things are looking really good right now.
Rex (02:18.665)
Yeah, you know, it reminds me a lot of the same vibes around major fundraising rounds where it's like you climb up the mountain, you break your back, you ruin your relationship with your family just to cross the line. And then you're like, this is day one.
Boba (02:34.002)
Yeah, yeah, that was kind of the feeling. It was like, we need to take this moment to be proud of ourselves. But then like also realize that like, this was like only like a part of the, you know, ultimate like mountain. And so it's like, okay, like, now how comes for the really big pieces of making thing? Yeah, basically, right. It is like that because you're gonna find like some parts of that mountain are just like so sheer, like
Rex (02:52.265)
Yeah, welcome to Everest Base Camp.
Boba (03:03.518)
You need to have all the equipment to carry all of your stuff up that mountain and everything. And you need help, you know, like trying to go in and do it all yourself. Originally, you know, that was the thought process. Yeah, I'll just build out this protocol with one other person and like, we can do that. Only to find like, yeah, no, that's like, no, you need a team of people to help you.
Rex (03:08.127)
Yeah.
Rex (03:28.553)
Yeah, for sure. I, you know, audience, know this, that I am very much not a fan of the like, tell me about your protocol. Like the typical interview thing here. But you know, I do think I like kind of can't avoid some of that in this situation because I think that what you guys are bringing to the table is so compelling and different from the way that most people understand what crypto projects are. So without.
you know, with risking the kind of generic formula of what podcasts are, maybe you can start off by just talking a little bit about what is the problem you guys saw, you know, two plus years ago when you set out to create Drosera, and I guess just to like show my cards that I know a little bit too much, like what was wrong about on-chain security that gave you an opportunity to build this?
Boba (04:02.476)
Yup.
Boba (04:25.504)
Yeah, and I think that kind of like finding the problem came from me making a bunch of different like monitoring and kind of security systems for other companies. They were specifically doing something on chain. They're doing something on the blockchain or they're doing something with more contracts. And what I found was that it was just really difficult to create solid, robust monitoring systems.
for these projects without having to do it all from scratch. You just didn't really have any standards in place for you to easily build it. also, it kind of took away from the point of Web3, which was you create this Lego block, and now that you've built that, you can kind of help the rest of the industry, because now other people can use that Lego block. But the problem was that there's no standards for this stuff.
for making monitoring and security. And so I was like, we really should have some type of standard. We should have something that makes it so that devs can easily build out monitoring infrastructure in a way that makes sense to them, in a way that's easy, in a way that's reliable, in a way that's safe, verifiable. And I started to think, what if we had a way to have people build out infrastructure
that could be used for security with just smart contracts. You know, the thing that the, you know, the rest of the industry is basically built on. Like, there's people who have a lot of experience building smart contracts, because they can make all these different complicated protocols. However, you know, when it comes to actually making monitoring systems to, you know, detect malicious things happening or risky things that are happening on the protocol, they're kind of just like on a beach with like a rock.
Like they just don't have anything. They have to put it all together themselves. And I was like, that just doesn't seem right. Like we should have something in place there. So we started focusing on like security. We're like, we can make a standard that is only using smart contracts to create security services and like risk mitigation services. And then as we started to build that out and we started to get some traction, we talked with a lot of different devs, we started to get more of a community.
Boba (06:51.742)
It was funny because the community started to say, you know, this stuff can actually be used for a lot more than just security and risk mitigation. Like you can actually make like automation, like generally speaking, using the system where like smart contracts can do more. And, know, that was the ultimate problem, right? Is it smart contracts are so limited in what they can do right now for people that you kind of even see it in the space right now where.
People are like, well, people have made a bunch of different types of apps, protocols with what smart contracts can do. But now, where do we go from here? How do I go and make a new application that hasn't been seen before, make something novel, something interesting, something that's good for the space without having to compromise and make a big Frankenstein centralized backend system?
that's like propping the whole thing up. And so that's where we kind of come in. We're saying, hey, we can do this thing that makes smart contracts do a lot more than they previously could. Right now we're kind of saying that this is an automation of smart contracts. Tricera is an automation protocol. So we can actually make it so that smart contracts can run constantly. So the logic in a smart contract can run every single block.
It can do a lot of different analysis and it doesn't actually have to cost you. Normally a smart contract to execute, you you get in your meta mask or whatever and you do a transaction on chain. Imagine doing something like that every single block. It would cost you like tens of thousands of dollars, right? It's just like no one can really do that, right? Other than like maybe really big bridging protocols that get fees that can pay for that stuff, but like normal people, they can't do that.
And so we made a system where you can actually run these smart contracts all the time for effectively free. And that's like a huge upgrade for the space. Now smart contracts can do way more than they could previously. And there's a lot of details to kind of go into like what are all these things they can do, but perhaps I could just give that a high level for now of what exactly it's doing.
Rex (09:10.921)
Yeah, perfect. Perfect. No, and, we'll definitely unpack a lot of those details throughout this episode, but you know, let me kind of give you my outsider. know, we, talked on a podcast once before, maybe, maybe two years ago, maybe a year ago. crypto years, it might've been a decade ago, but, yeah. So just, you know, kind of between our conversations, like our, DMS and just seeing what you guys are building.
Boba (09:27.192)
Yeah, something like that, Yeah, feels like, yeah, 20 years ago, yeah.
Rex (09:40.839)
you know, in public, let me give you kind of my narrative of what you guys have done and what you're building and like, tell me how much this resonates with you. So it sounds like, just kind of putting it together with how you started off the first, you know, 10 minutes of this pod is by the original idea was, okay, every single time someone needs monitoring, we're building it from scratch. Like, let's start out by just,
building something reusable. I don't know if you like this, maybe take offense to it or whatever, but to me, this almost sounds like let's build the century of on chain. that's cool. That's centuries of multi-billion dollar company. Like they provide so much value and that just poured it over to crypto makes so much sense. But then the next realization is, hey,
because we're in the EVM, because we are in the minutia of all these smart contracts, understanding exactly what's going and looking for moments in which we need to notify just through monitoring that something went wrong, we actually can trigger things. I don't wanna use your guys' buzzword here, but we can actually cause things to happen when we notice like.
particularly a security event happens, but then starting to generalize like, well, why does it have to be a security event? Why can't it just be something that happens? And then, you know, I think that story and evolution kind of forms what you guys are building. Is that correct?
Boba (11:18.658)
Yeah, yeah, yeah. I mean, effectively, that's it, right? Like, we basically allow for smart contracts to see any condition that can be seen on chain, and then these smart contracts can take automated, automatic action to do something on chain. Yeah, that could be like you see a DPEG event, and you want to buy USDC if it hits like 60 cents, right? Or you want to try to see, is something happening on Balancer?
Maybe there's some liquidity thing occurring and you want to take some type of action on chain that's DeFi related. Or even more so, you could do something that is like security related by having this smart contract look at like a multi-sig, like look at a safe multi-sig or multiple and just keep track of it. Like what is it doing? Is it, are new people being added to that multi-sig? Is there a transaction getting executed? Are there new signers?
Is there a new threshold? Those are important things for people and companies to know about and to be tracking. And I think right now in this space, I don't necessarily know that you see a whole lot of that, or at least not done in a very robust way. And so those are just a couple use cases. Right now, these automated smart contracts, we call them traps, because it's like a Venus flytrap, right? It's just looking for...
bugs or it's looking for certain types of events and then snapping. It's taking action to do something on chain. And we've kind of like built up to that point of making these things more generalized. It can be used for more than just security. can be used for DeFi, trading, gaming. It can be used really for a bunch of different use cases and some that we've kind of uncovered that really weren't possible before that are really really interesting.
But yeah, that's kind of where we've gone to at this point. So it's really exciting to see some of these new use cases crop up of like what's possible if you can make smart contracts do more than what they could before.
Rex (13:31.571)
And so how would you describe kind of your secret sauce here, right? Like say, let's say I'm working for,
Boba (13:40.365)
Mm-hmm.
Rex (13:40.374)
I could easily say, I very much understand the idea that there is almost zero legitimate reason that over, let's say even 20 % of TVL is withdrawn from the protocol. I know that if someone's attempting to do that, I want to put on the brakes and at the very least give humans time to react and either approve or deny this kind of transaction.
And, you know, this I think is a perfect use case for Drosero to say, Hey, we are, we set a trap here. We're looking for greater than X percent withdrawals and we will trigger all these mechanisms for you. What's your pitch to someone like me, potential Aave developer that says, why wouldn't I just build that into the protocol itself?
Boba (14:28.619)
Yeah, yeah, I think there's like a multitude of different reasons. One of the big things here is the fact that since the system is built in just solidity, this means that it's so much easier for the developer to not just like build it, but for other people to even like peer review it and make sure like this is actually what it's going to do. know, previously they would have to like go and
like spin up some type of like server, whether it's written in Rust or JavaScript, go and host that thing somewhere. So you need a DevOps engineer that's going and hosting it there. And then for all the testing that you're going to be doing, you need to use all these different tools to have like full end to end integration to make sure it's going to do what it's supposed to do. We're talking about like, you know, weeks, months of vetting, refinement, iteration to go and put this thing out into the water and still.
After you've done all of that, what you've done is you've created a centralized system that is doing this on your team's behalf. So what we're saying is if you do it just Solidity, it's really easy to test, it's really easy to review, and all you really need is to be like a Solidity engineer to go and create one of these traps that says exactly what it's going to be doing. It's verifiable because we use ZK to verify execution.
So and you have the ability to run multiple nodes that actually execute and run these smart contracts so you can decentralize it. And just those benefits alone are really solid. But I think personally for me, just from the nerdy dev side of things, the coolest thing I think here is actually like the composability aspect. What this means is like
when I want to go and create a system that reads data on chain and then takes an action on chain, then I want to be able to say like these are the pieces of information that I want to see. This is what I want to do without having to like go and look at five different other languages. Like I context switch to now I need to build out this piece, now I need to build out this piece. Instead you just kind of have like one file.
Boba (16:51.159)
that says this is exactly what it's supposed to be doing. You don't need to have something transforming data from on-chain through other pipes and other interfaces and encoding data differently and getting into all this really nasty Frankenstein stuff. Instead, it's like native. It's like a native composability. And that has a really good feeling when you're actually writing the code, because you can feel like this will work exactly how I expect it to.
And from our conversation with developers, that's been the biggest thing was that it's really transparent as to what exactly is occurring and they're not just going and like paying some third party to just kind of promise that their black box is doing what they say it's doing. And that was like the whole point, I think of this space, right? Was that like we could have transparent systems that were built on top of cryptography.
that we could put our trust into. And I don't think the answer is just to put trust into some business. I think it makes a lot more sense to have people be able to critically review code and say like, this is what's occurring. And that's been feedback we've gotten from one of our other groups that we're working with. They were saying just the ability for them to see transparently what's going to be happening makes them feel a lot more confident that
They're basically using a system that does what's supposed to.
Rex (18:23.891)
Yeah, 100 % like the point of all of this was we can trust it because of these trustless properties, whether it's crypto economic security or decentralization, like all this stuff that is supposed to be table stakes in this industry. I do think again, just to like get on your nerd level a little bit, there's something just. I don't know, wholesome or, just that feels right about.
If we build systems that are supposed to exist in this computational environment that is the EVM, but in order to get them to do anything kind of interesting or modern, have to like rebuild the system outside and then constantly trigger. It's like, did we just do this so that we could call it decentralized? Like what are we actually building here? And I think.
You know, I'd love to unpack a little bit more like why you're not just recreating that, like maybe how specifically you're implementing because, you know, I think that's really where the rubber meets the road, but you know, just taking a step back, I, it is so common to see, especially outside of Ethereum world where you start to get to these L ones that have, know, like one or two nodes or have like 15 nodes, but that are all like directly controlled by the foundations that.
Boba (19:27.735)
Yeah.
Rex (19:47.144)
It's just, I understand why you put the window dressing on, right? Like maybe in the past it made it more investable or like then you could call it your security, not a security or whatever, right? But like.
Boba (19:48.685)
Yeah, exactly,
Boba (19:58.574)
I think it just made it easier for people, right? Like, at the end of the day, it's just a lot easier for you to make a project that is promising to be doing something. And then at the same time, it's kind of like, oh, you know, it's crypto related, so you can trust it and it's safe. And like, they kind of feel like they got those benefits to be like, look, we're building with the ethos, but in like the background, the thing that nobody can see.
not actually what's happening. You don't know what's happening with these modern day dApps. Who knows what is actually happening behind the green curtain? And to be fair, if you want to provide some new and novel technology in this industry, you have to be able to build things that are off-chain. You just have to because inside of Ethereum,
you can't do certain things. It just has certain limitations, just like every kind of blockchain technology. But there are still ways to make sure that you're doing things right. It's just really hard. And that would be like making sure it's verifiable, making sure it's transparent. And I think that people, for the most part, have gotten away with making these hodgepodge systems, but only for so long.
And then an exploit occurs. Or oops, there was this one thing that nobody reviewed and now we have this issue. And I think that if we kind of don't start to reinforce some of these important narratives, I think that we're just gonna see a lot more security issues as time goes on. Because everybody wants more modern day applications.
that do new things, right? I think that's what the industry is craving. They want new, innovative things, but I think it's kind of like at what cost? Like, are these systems actually secure? Like, can you actually trust that it's doing what you expect it's doing? Yeah, yeah. So that is where the rubber meets the road for sure.
Rex (22:16.019)
Yeah. And I think the best example is like our latest darling right now, right? Tempo, which is like, like I have, I have every faith that when you deploy code to tempo, it'll execute deterministically in the way that you want. And I have every faith that all of the behavior that all of us expect from Ethereum will be replicated, but just much faster and all this stuff. Right. But I also, there.
Like none of us can have any wool of our eyes that when North Korea does a billion dollar hack that Stripe is not just going to be like, well, it's incredibly neutral system. They're an actor. Like, and so, you know, I think at the end of the day, you have to ask yourself if you're not building a system in which the
You know, the normal bogeyman that people use as North Korea, which is the easy one, but the more nuanced, challenging ones are things like, you know, Russian dissidents or Venezuelan refugees, or pick some horrible thing that's happening in Africa, right? Like if a government goes and puts their weight against Stripe or some other company, either there's nothing that Stripe could possibly do or
Boba (23:23.053)
Yeah.
Rex (23:38.601)
Like we're essentially saying we're building financial applications on AWS, but dressing it up a little bit so that we can call it crypto.
Boba (23:46.54)
Yeah, yeah, yeah. And I think that even today, you know, which I think was the second time this, maybe this month, that we had like another outage. Like there was another AWS outage and more cloud flare issues and you kind of see like spiraling happening for all these like different, different companies and different projects. And it's just clear that like, you know, the house of cards is like when you build these systems,
to give you that little shortcut like, you know, this will work. This will be just fine. Like, this issue won't happen. You know, that's not how you build robust systems, right? You build it for like, when this does happen, even if it's going to be very rare, like, you have a backup and you have something that you've thought of in advance. And you see a lot of teams that aren't affected by any of these issues, and it's because they thought ahead.
You know, they knew that these were going to be problems and like, you know, they should get snaps, right? Like, you know, you're actually doing the thing, you know, putting money where your mouth is. And I think like, you know, as this industry evolves, we're going to see a lot more of that, I think, where you're going to see like who's really building and doing what they say they're doing and then who's not. Yeah.
Rex (25:12.341)
So let's talk about how Drosera works, right? Because I think before this conversation, how we would emulate this kind of behavior is, you know, I think we've had plenty of companies do, like I'm pretty sure Gelato did this, right? Where they were just a centralized, really just essentially a crying job on AWS that you would say, hey, here are the things that I want you to watch for. Here are the things that I want you to do. Here are the private keys that will allow you to execute against it.
When you, company, see something on chain, please promise me and do it. I trust you to take care of this for me. And that works. It's effective and as we say, it leads to lot of brittleness in the architecture and it only works until that moment where someone who has different political beliefs or beliefs about what's right and wrong...
are putting more pressure than you are on that centralized company. So talk to me about like, what are you doing that's different that is, as we've talked about building these same types of capabilities in the truly crypto native and crypto honest way.
Boba (26:30.197)
Yeah, I think that there's quite a few differences. If you use like Gelato for example, it's like a very simple system that just says, hey, provide some basic condition like if a balance changed or if a certain event occurred, I want this like on-chain action to occur. Or maybe just like every 50 blocks.
Every 100 blocks I want this action to occur. It's very straightforward, very simple system. But what it can't do is it can't actually leverage the full power of all of the data that actually exists on chain. These systems are set up in a way where it's like you click and you set up a very easy condition, one condition. With Drusera, because it's using solidity, it can check for like
thousands of different conditions. It can say I saw this event of this user's account transferring funds over here and then it could have a condition that says when that happens I also want to check what's the current yield on on Aave for this particular pool and then if that meets a condition I want to go and check how much liquidity is on this bridge and so this allows for you to do a lot more complex functionality.
where you really can't get that out of like some web interface. You know, it's not something that you can easily even do in a web interface. It's really something that you can only do by using programming, by like using something like Solidity in order to say, here's these complex conditions. It could be very simple still, but let's say very complex conditions. Here's an action I want to have taken and that action itself
can also be a complex action where it says only do this if this condition is hit and only do that if these conditions are hit. It creates this fully programmable composable system that allows you to do way more advanced things than something like a cron job can do. A cron job does exactly what it should. It's very simple. But if you need to do more than that, then you kind of just have to either build it out yourself or use something like Drosera.
Boba (28:55.127)
that allows you to do this really quickly.
Rex (28:58.517)
So correct me if I'm wrong, but it sounds like what you're saying is before.
you know, services like Jalapa and I don't mean to be picking on them. They've, they've moved the space forward so much and done such great things, but the way they operate is they look at the ledger after it has changed. Right. And that's like equivalent to, you know, the ledger really is the end of the day. Right. I like very complex.
Boba (29:07.932)
Yeah
Rex (29:27.465)
let's say Excel or Google spreadsheet. And what they're saying is like, okay, we can look at how the cells are changing, what happened there, and you can make decisions based on what we see the result of things are. And what you're saying is like, hey, let's introduce macros into this. Let's introduce an expressive programming language that allows us to not only look at the results, but understand these intermediate flow states, understand, like make very...
like complex control flow statements and really unleash the power of programming in a way that's again not possible in spreadsheet form.
Boba (30:08.053)
Yeah, yeah, that's basically the case is that we're providing like a dev tool that allows for developers to do more than what they could have done previously. If somebody wanted to go and test something like a gelato or some other automation protocol, if they wanted to go and actually test, when I set this up, will this do what I expect? There's not really a good way to do that. Perhaps you could test it on like a test net or something.
But there's no way for you in your developer environment to set it up really easily and then go and actually test and see, this will do exactly what I expect. And so that just means what are your options for using this stuff? You kind of just have to YOLO. You just gotta be like, all right, let's just go and send it out there and I test it on testnet and it should be good, I think.
That's obviously there's issues with doing that. Whereas like if you have just a dev tool that makes your life easier, it's easy to test with, it's easy to develop with, then it's all like much cleaner. It's like a much easier system to use than kind of like these other systems, which I think the biggest thing is to come as a comparison is that those systems are like really easy, would say for like easy for devs.
but easy for consumers. Just a user, somebody who maybe doesn't have the kind of expertise. They don't have the expertise to go and write some language. They just want to go and do something simple. And so it works as a use case there. But yeah, for the people that want to do something complex, that want to make things that aren't really possible with those systems, they just don't have any other options. And if they're a developer,
solidity developer, then using something like Drasera is very simple because it's already it's all solidity. So it's not like you need to learn anything new. You just need to understand like how does this smart contract have to be structured in order for me to get this this type of behavior and that's like really really powerful.
Rex (32:24.245)
So what does it mean to use Drosera and to set up a trap? Like I've got my application smart contract. Like let's say it's offing, right? It exists on chain and I want to build a trap. Again, let's say that if more than 10 % of TVL is withdrawn in one transaction, do X. Am I writing in solidity something that's running off chain? Am I?
deploying a new smart contract that sits next to it? Am I altering my smart contract to contain Drosera code? Like talk to me just how the architecture works and then for whatever exists off chain, how's that working? Who's running that? How do you square the circle and this whole conversation we've been having about ensuring that we're living in the EVM?
Boba (33:03.479)
B.M.
Boba (33:18.889)
Yeah, yeah I I would add a note that from some of the auditors that have like looked at the protocol They've also kind of like tried to think about like what do you like? How do you kind of like explain like what this is? You know, it's not an L1 It's not an L2 What is it and they're like, I think it's like an L1 and a half because it's Because it's not like another chain
say right it's not like a blockchain it's not an L2 it is Ethereum it's just this ability for smart contracts to run in like a bandwidth layer over Ethereum the nerdy way to describe this is it's a running these like smart contracts these traps on a shadow fork of Ethereum that just means
it's like a fork of Ethereum with all of its different state, like all the contracts and everything and protocols that exist on it. And then we basically have your trap running on that fork. And so because it's running on a fork, it's effectively like a simulation. And these nodes will run your trap, which just means they're running a simulation of that block. If this trap is on this block, then I'm going to go ahead and
I'm going to execute all the logic that you have in it. And if we see these nodes, if these nodes see, that trap indicated that it wants to trigger something, then the nodes running that trap will actually come to consensus and say, was this the result that you got? Did you also see that it wants to trigger for this block? And once they come to consensus, then one of those operators will actually push consensus information on chain.
which goes to the Drisera protocol that lives on Ethereum. So it's kind of like you have a contract that lives on chain on Ethereum, and then you have one that lives off chain. And so you can kind of think of it as like off chain smart contracts, where you have like your little subset of nodes that are coming to consensus on the results of your contract. Yeah, and so yeah, that's why it's kind of like L one and a half. That half.
Boba (35:44.02)
is like that extra bandwidth layer outside of Ethereum that lets you do, you know, tons and tons of execution of logic without you having to pay a bunch of gas. Because if you were doing that all on chain, yeah, it would be tens of thousands of dollars to go and run all that execution. Like it just wouldn't be possible. And so that's why we've kind of talked to people saying like, it's like, it's kind of like a bandwidth layer where you get like this kind of free space.
go and do a bunch of different execution that you wouldn't be able to do normally. certainly you could try to include this logic on chain instead. However, you're just going to be making your protocol way more expensive for users, for yourself. It's much better if you have this logic off chain. You still have the decentralization nature of nodes running this stuff coming to consensus. And when execution actually
done on Ethereum, like an action. You know, some triggered automated action is done on Ethereum. We also use zk to verify, like, this actually was the correct result. Like, the trap did say it was going to trigger, this was the information that it triggered with, this was the function it was supposed to call on chain. So you get a lot of the benefits that you would normally get with Ethereum, and then also more.
Rex (37:12.021)
Yeah, I love how you explain this and you know, my thesis on ZK has always been this technology that was created for encryption and like all this privacy stuff and still of course has so many applications in that. What is interesting about ZK is that it has allowed us to take arbitrarily complex computation.
and kind of collapse that computation down into a like very easy to verify proof. And then you can run that proof in a resource constrained system. And generally you're like, well, why would I ever care about that except for when you have blockchains, which by definition are resource constrained computation environments. And so the like long and short of that is that ZK allows us to project this.
complex computation into these spaces that in order for us to stay decentralized have to stay, you know, raspberry pie-like.
Boba (38:17.641)
Yeah, yeah, I mean you have to have something like ZK just because like there's no way that we can get away from having to run other services outside of Ethereum. Like you just you're going to have to and with like other networks as well like other L2s and other networks and things like that we saw it back in the day with like all the bridging issues, right? Where
Rex (38:29.461)
Mm-hmm.
Boba (38:42.519)
there wasn't any ZK really being used at all. And there was a lot of issues there because like you're kind of just like trusting that these networks were doing things correctly and you didn't really have any cryptographic like proof that something actually occurred. And now with something like ZK, you can go and get those proofs. You can push them on chain in a way that's cost effective. And that's like really, really powerful.
But I think it's also one thing to note is that we tried this with Drosera. Like we tried to do it without ZK originally because we didn't, we were just kind of learning and kind of trying to figure out like how do you make this execution verifiable? And so we were going to do it the hard way where we actually like manually pushed a bunch of different data on chain and built all these crazy technical Merkle trees. And we found that
You know, it was really limiting. Like we could only prove like, I don't know, 10 or 15 pieces of data before we hit some type of like horrible gas limit. And one of our friends was like, hey, like, have you heard of RIS0? You know, have you heard of what these guys are building? Building a ZK VM where you can like run, you know, some arbitrary logic inside of that VM and it gives you a proof. And so we went and looked into it and we were like,
this is actually a dev tool that works? Holy crap, this is crazy. And we found we could do more than just proving 10 or 15 data points. We could prove thousands. And that's what allows for us to do all this crazy computation that's verifiable. Because inside of that ZKVM, we're actually running the shadow fork of Ethereum.
with your contract inside of it. And that's what kind of like allows for you to have all this verifiability. Because you can say all the execution that happened in that block was mathematically correct. Because we prove every piece of data. And that's like a really interesting new superpower that you get with zkvms and zk in general.
Rex (41:03.135)
So I have to ask though, right? Like I love this architecture. I love the use of these other primitives that, you know, in some sense, this is the story of crypto. What makes crypto so cool is the composability of all these different pieces coming to bring new functionality. You know, this time it's instead of just like DeFi Legos, it's also incorporating off-chain technologies. But at the end of the day, this architecture does rely on having
another network of computers that like hopefully will be decentralized and in order to function, right? And so my question for you is of course it is like totally fine and appropriate that on day one for the shadow forks are being run by like the Drossera company as well as maybe some like close.
like maybe some investors or maybe like you make a partnership with someone like P2P or whatever, right? But how, how do you make sure that you're not falling into the trap that basically every other blockchain aside from Ethereum and possibly Bitcoin, what you can make arguments about that. we don't really get into that, but like, how do you not fall into this trap where it's like,
Boba (42:24.927)
Yeah, yeah, exactly.
Rex (42:30.089)
We are crypto native, we're just as decentralized, but you peel back one or two layers and you realize, it's just, if I don't trust Boba and the Drosera company, then this whole thing kind of falls apart.
Boba (42:45.205)
Yeah, yeah, how do you not fall into into this kind of like trap or Yeah, is that it's what it yeah, I think there's there's a lot of different traps like that Fair enough and we're making these traps So the yeah, no the the traps themselves And they were built in a way where we wanted to focus more on flexibility
Rex (42:49.609)
call it the Celestia Trap.
Rex (42:55.764)
You
Boba (43:13.885)
I decentralization is one of those things where I feel like the term itself came from, you know, basically like Bitcoin and Ethereum and people like how they understood decentralization. It was this huge network of nodes and more nodes you have, it means you have more guarantees on uptime. You have more guarantees that like it's not just like one centralized group is running everything so they can have like these certain guarantees. And for us,
rather than having like a traditional blockchain or a traditional node setup of like here's these 30 nodes that are running every trap. That's not how it's set up. How it's set up is actually because it's your trap, it's your infrastructure, so you can run it however you want to run it. So let's say I go ahead and deploy a trap and I want to run the node for that trap.
I can go and I can opt in and I can be the one node running that trap. If I'm fine with that and I'm okay with that because of like cost reasons, I'm like, okay, that's fine for me. That's what I want to run. At least the thing is that it's transparent. People can see that trap is only being run by one node. But the nice part is that it's decentralizable. So anybody else can opt into this node, get incentives and help decentralize this thing. Let's say I want to have 10 nodes.
running my trap, then you can incentivize it and have 10 nodes opt in. So having this flexibility is really important because it makes the system more scalable. It means you're of like sharding the system, which is like something Ethereum has talked about, sharding where like basically you're having certain nodes handle certain aspects of the network. It's kind of the same concept here.
because you're the one who created the trap, it's your smart contract, you can decide who opts into it. If I only want one node, if I want multiple nodes, if I want as many nodes as possible, you can do all of that. You're in total control. And giving the user the control and making sure that even without the Drosera team, they could go and they could spin up the nodes and run the system however they want, they can go and they can do that.
Boba (45:36.834)
That was what was really important to us because we also didn't want to create a network of thousands and thousands of nodes where they all need to get some kind of constant incentive. And normally the way that chains do that is they basically create an inflationary token or something. And these nodes get paid out as inflationary token and it's like, yeah, I'm making this amount of money.
But it's like really RU because like all this like token value is being inflated away by the network. With Drosera, you know, that isn't the case. It's not some type of inflationary piece going on there. You can simply place incentive on your trap and have operators opt into it in a way that is like what you want. It's flexible for the way that you want to run these things. So if a really big protocol wants to run a trap,
and they're already a very decentralized protocol, it would make sense for them to have like, you know, 20 different operators running that trap, right? Or more, because they can pay for that. Whereas like a small dev, you know, he doesn't have money to go and pay for 50 some operators to run his trap. Maybe he wants to be able to run this thing in a really cost-effective, cheap way.
so that he doesn't have that barrier to entry to be able to even use the system. Which is kind the whole point of Ethereum, right? Is that reduce the barrier to entry, let people use the system, as many people as possible. So that's kind of been our take on building this thing out, which is a bit novel. It's not necessarily like anything else.
Rex (47:26.877)
Yeah, I think, I think let's be honest, right? There is a barrier to entry just in the, you have to know enough in order to be able to like pull your code and then probably spin up an AWS server and have it running and be able to troubleshoot. And, know, I'm sure you could even like containerize it perfectly or even offer to run it for other people and stuff. But once you're able to overcome that barrier, like if I'm a small dev and I want to.
build a trap that's watching my little thing. Like once I've overcome that barrier, like why wouldn't I opt into running other people's traps as well?
Boba (48:04.949)
Yeah, that's the beauty. That was my ultimate vision with this, was imagine everybody needs to have some form of monitoring for their protocol or some form of automation or risk mitigation. And it would make sense for them to run a node for their infrastructure. It's solidity as infrastructure. They go and they run it.
But what's cool is because they're running a node, that means that node can opt into multiple other traps. So you get to have this really cool network effect of like, let's say there's a big cohort, a group of protocols that are all kind of like working together. They have like ecosystem alignment and everything like that. They can run their infrastructure, but then they can also run their other protocols infrastructure as well. And they kind of create this web where it's like,
no one can be the centralized point of failure and they can all actually be supporting each other. And that idea I think is really cool, especially because the Drosera node itself is really lightweight. I think right now the hardware requirements are like, I don't know, it's like four gigs of RAM, 20 gigs of storage, like two CPUs. So like people could just run these things on like a Raspberry Pi.
Like they can run them on the smallest thing possible. And that was really important to me because I didn't want it to be like, you know, you need to have an AWS bill of like $2,000 a month, to like participate in something like, you know, I just, I don't think that that's reasonable. And especially for, getting more people involved in the space, like getting more devs involved. Yeah. Yeah.
Rex (49:52.758)
Yeah, that is the Celestia trap or the Solana trap, Is like, oh, anyone can participate with like $15,000 entry costs and then $3,000 a month on top of that.
Boba (49:57.825)
Exactly.
Boba (50:05.237)
Yeah, yeah, it's just not reasonable. And like, there are some benefits to it. I mean, sure, like for the people that can run that stuff and they have the hardware, great. Like they can run that, they can support that system. That's great and all good. But like there's a lot of people in the world and a lot of people live in, you know, like Africa and they live in like...
You know, Latin America, live in Germany, they live in Indonesia, live all over the place. And those people would like to be able to participate in these systems because like if crypto is really supposed to be the future of money, like participating in systems is, and understanding the system is like a massive benefit for them, the communities and everything. And if they can't participate, they're like totally locked out.
of the system. The whole point of the space was to lift everybody up and we should continue to be pushing on that in every way that we can. And you've seen some of that, I think, in the Ethereum space where they've tried to make some advancements of like, here's some hardware that's fairly cheap that's like a custom hardware you can buy and you can run an Ethereum node on it. I think stuff like that's great.
being able to do something like that because not everybody can spend thousands of dollars in the cloud.
Rex (51:32.874)
Yeah. All right. So last 10 ish minutes here, I want to like address like the kind of big thing. so let's talk about restaking, right? Let's talk about both the promise and like what I believe is the just absolute collapse. so feel free to push back or agree or how I just want to hear your honest thoughts. But you know, my, the reason that I fell in love with restaking back in 22, whenever that was, it was like,
Boba (51:59.67)
Yeah, I think that's right. Yeah.
Rex (52:02.044)
I am an Ethereum home staker and like, I'll tell you man, we talk about how you can run it on a Raspberry Pi and like everyone can participate and yeah, yeah, but it sucks, right? It's not fun. I'm not making really any money off of it. look, just problems come up that are really technical and like I...
The only reason I do it is because I'm a zealot in what we're trying to do here, right? But I just, I don't believe in this world in which we're gonna have a bunch of different people who are opting into running at home hardware and not only are they gonna be Ethereum stakers, but then they're gonna be other Alt-L1 stakers or they're gonna be Oracle participants or whatever. And, you know, my belief,
that is informed by my experience being a home node operator is that the best we can hope for is to have one decentralized node, like operation network. We can have one. And I think that's Ethereum and that's what makes Ethereum special and why Ethereum is real crypto and everything else is like probably AWS, we use it like taking advantage of regulatory arbitrage. And so when I first heard restaking, what I heard was look,
There's people that are have figured out how to run these systems and they're passionate about it. And they've already put at this point, literally hundreds of thousands of dollars up into these nodes in order to participate. so what they're probably not the raspberry pie people. They're probably, you know, like myself, I'm using a thousand dollar computer that has plenty of extra resources, just sitting, sitting idle all the way up to like the consensus of the world who can.
buy data centers if they want to to run this. And to me, restaking was let's empower these people to offer more services. And from that, we can really turn this from the Ethereum node operator network into this one general purpose decentralized compute network that can run all sorts of different things. And then,
Boba (54:20.171)
Mm-hmm.
Rex (54:21.913)
LSTs were introduced into this. So you could be a restaker, but you're not running nodes that that for me was like the first time the mass came off that none of this really makes any sense. And then we can kind of talk through all this stuff, but like today, 2025, right? Like what restaking is it to me just seems like the Titanic that hit the iceberg and is now at the bottom of the ocean. and even if those ideas like
Boba (54:29.9)
Yeah.
Boba (54:45.665)
Hahaha
Rex (54:50.057)
do make sense. Like we have cruise ships today, Like Titanic didn't destroy the whole concept, but I can't see restaking really ever recovering from this. And so one, just want to get your reaction to my telling of this story. Two, I'd love to hear what you think went wrong. And three, I'd love to hear where you think we go from this.
Boba (54:52.343)
Yep.
Boba (54:59.478)
Yeah
Boba (55:10.995)
Mm-hmm. Yeah. Yeah, I mean, I think the my my reaction is I think like this is the story that I think you hear from most people that are actually like looking into this stuff and you know actually spending their time figuring out like I want to be involved with restaking and I want to like do all the stuff and I think what a lot of people Had this like really ideal vision in their head of exactly what you explained And that was kind of like what?
it was about. was supposed to be this is another way for you to use your ETH to get additional yield but also be kind of powering some new primitive, you know, and that is ultimately good because now we can get more primitives that are using cryptographic security or
That's not even the right word. It's a crypto economic security. And yeah, that was like what people were supposed to get out of it was additional yield, power some new things, should see some new innovations. And I think the ultimate question was like, the thing that was never really talked about was like, okay, where does the yield come from? Where are you getting this extra yield from?
Rex (56:08.757)
Curb to economic security. Yeah.
Boba (56:36.205)
And I think the idea there was, well, these projects that you're staking, you're restaking in are going to give you yield in their like native token, right? And then I think from there, it's kind of like, okay, so maybe it just depends on like the quality of the project that I'm using perhaps. And that's like where I'm going to get the yield.
I think what people found was that they were unsure of really what the point was of this thing. They were like, well it was supposed to be used for, it was kind of dual use case, it's used for security and that's good. But no one really saw the effects I guess of that. And then no one even really saw the yield piece either.
And so yeah, my reaction has just been like, I think it was an ideal attempt to add more security, but it wasn't thought through behind like where the demand is actually coming from or where the value is coming from. I think it was a bit of a hope that if these things are using restaking because they're more secure, like that should be valuable.
I think it's just not the case. I think people jumped in a little bit too quickly into it. And a lot of these new projects, like it would have made a lot more sense, I think, to just focus on the business. Focus on what you're building first. Get users, get demand. Once you're at that point where you kind of bootstrap your system, then you can go ahead and you can add these other pieces.
but people jumped into it like right away. It was mostly a narrative thing, right? Like was a lot of it was like narrative, maybe I can get some additional investment or something. And at some point for us, like we were looking at restaking and we were like thinking exactly what you were thinking. Just like, yeah, like this should be like a really nice ad benefit, additional security. And there might be some nice like ecosystem effects here. And then we realized like,
Boba (59:02.997)
I don't know, probably like a year and a half ago, like pretty soon into it, that like we just needed to focus on what we were building and making sure that we get users and generate value first before we kind of start looking at any of this other stuff. And what we found was that instead of focusing our time on restaking, we focused it on ZK. And that was like a way better move because like what stronger security is there than math?
You don't need to worry about the amount of liquidity you have and how much you have restaked to make sure that cost of compromise versus profit from cost from compromise is some weird equation. Instead, you just say, yeah, we don't need to worry about that because math is math. And we can just prove that this was correct or not. And so that's how we ended up moving with the industry there.
Which I think was ultimately the right move, you know, and so yeah So that's the initial reaction, yeah
Rex (01:00:03.828)
Mm-hmm.
Rex (01:00:10.005)
No, man. Yeah, I'm with you completely. And I think the way you talk about it to me highlights where we went wrong, right? Because for me, when I first heard Shriram talk about restaking in that A16Z whiteboard video from January 22 or whenever it was, was...
we can find a way to incentivize Ethereum node operators to run other services. And like that is the core value prop here. And from the video, think that was, that video was the high point of that sentiment. And every moment after that, it became less about that and more about crypto economic security, which let's be real, even in an Ethereum world, we don't know if that's a real thing, right? And it became about extra yield, which...
so supercharged it into being about speculative investing as opposed to providing real value that look, man, when you, when you jump up to 20 to $40 billion in TVL in six months off of hype, there's literally not a possible way to create enough fees in order to actually put yield into that. so I don't know, man, I just, feel like almost from
Day one, we lost the plot on this and I would love a world where restaking maintain that original vision. And then when we talked about Drosera today and I ask you, well, like who's going to be running these traps, the shadow fork of Ethereum, like what do we need to trust you? And instead of the answer being, well, this starts off with like app developers running their own shadow fork. And then you can.
you know, pay other operators to run as well. And maybe you can earn some, it would be, well, it's simple. You just tap into the Ethereum node operator system. This percentage of them is willing to run our software and you, it's a ready-made node operator set that you can trust to already be decentralized, incredibly neutral. And like that conversation fell out of restaking so, so early.
Boba (01:02:25.793)
Yeah, yeah man. Yeah, I think the note about like, what was it? People...
Boba (01:02:42.231)
When people started to jump into doing restaking and they were trying to figure out, we can power these other services, or there was particularly the note about TVL, how are you supposed to provide incentive to all that security? That was always the big question that people always, they had, I don't even know, thousands of AMAs about the same exact topic, which was, how do you know how much crypto-economic security you should have?
And there's just, there's like maybe ways to do it based off of like TVL questions and stuff. But like ultimately it's like, is that actually the right like notion? Is that the right way to calculate this? Like people just like couldn't get around, like how do you know? And if like you're a small protocol, I was always under the impression that like if you're a smaller protocol, like it probably makes more sense for you just like use ZK. Just use ZK and like,
I still think there's a world where crypto economic security could be valuable, but I think it's almost secondary. The thing that matters most is that your product, your protocol, is providing real value to people above all else. That has to be the thing that's there. It has to have real demand or whatever. The demand can't just be this speculative thing where users are just trying to earn money.
That could be a secondary effect, right? That could be, and perhaps it could be good, but you have to have a real project. Has to be actually legitimate and have users and have people building cool stuff with it before anything else.
Rex (01:04:27.837)
Yeah. You know, what's funny is I can think of one example of where ZK is not relevant. And so you could almost make an argument that you need restaking because they do, which is, I believe it's called cap finance, which essentially is they are stable coin protocol in which like, you know, hedge funds can come in, restake some amount of capital. then once they've restaked the capital, they are able to
take the TVL and then go deploy it in strategies. And if they promise, let's say 8 % yield, but are able to generate 10%, they get to keep the 2%. Right. And so essentially what restaking is offering there is insurance, right? Like, you know that this person isn't going to take this money because they've put more money up as collateral. But then like, let's think this through. Like why create a situation where if they screw up that insurance money?
doesn't go to the people that they harmed, it just gets lit on fire.
Boba (01:05:27.437)
Yeah, you just hit on a point that I think is like the actual ultimate cornerstone of the problem, which is that when somebody goes and let's say like they stake some amount of capital that'll be slashed, right? The whole idea there is that well if they put a slashable amount of token, let's say
I don't know, 100k, right? And then there's like, I don't know, 50k of like other users assets to be managed. If they do something wrong, that 100k gets slashed and like they lost 50k, right? That's the idea, okay? But like, that's only the idea if that's actually their money. If that 100k is actually theirs. If it's maybe 10 % of it is actually theirs.
And then the other 90 % is other people's money. Wouldn't that mean that if they did something malicious with that 50k and they get slash 10k, they still made 40? Right? So, I think that's the ultimate thing that we kind of came to where we were like, the math just doesn't make sense. Like, and you can't even really prove that that 10k they put in was really even theirs.
Like could technically be somebody else's. like the whole cost of compromise profit from compromise equation, it's simple and easy to understand, but I don't think that the math actually, math's on that one.
Rex (01:07:07.497)
Yeah, no, for sure. And I think that eventually someone is going to crack the nut on how do we extend the capabilities of the Ethereum node operator network to do more interesting stuff and to actually provide decentralization and credible neutrality across compute. And I think Eigenlayer not only failed in that, but once they failed in that,
we kind of realized there was nothing there that was interesting.
Boba (01:07:39.566)
Yeah, yeah, I think that's been the case. I still have I'm not totally black-pilled I think I have some hope that there's gonna be something interesting that comes out of that But I think it mainly it was the hype I think that was the problem as it always is I think with a lot of these projects is that you focus on hype to get users But it's a total double-edged sword right where it almost always backlashes instead maybe
Rex (01:07:54.965)
Mm-hmm.
Rex (01:08:03.401)
Mm-hmm.
Boba (01:08:09.389)
You just focus on grassroot community building like how it was back in the day, 2017, 2018, stuff like that, where people were going to your project because they were interested, because they believed in it, they had conviction in it. They were like, I want to be part of this. And I think you see less of that today with a lot of these projects that are just full on focused on hype. When like really, you should just be like in the trenches talking to the users, talking to your community.
And so that's what I do on a daily basis. I jump into Discord with the community, play some Smash Cards with them, just hang out and talk. It's like a completely different vibe. Where these people, they show up, they're actually interested about what we're doing. it's like, we still have, I don't even know, it's like 16k follower count, 20k Discord users or something.
and you look at our post engagement from our community and compare it to a project that has like 600k followers and we just blow them out of the water completely and it's just like okay I see what's going on here
Rex (01:09:21.181)
Yeah. No, man, I, we were running out of time, so he can't even start down this path. like to me being on the media side, like, you know, it's just, if you know what to look for, it's so obvious. And if I have someone on this show who is part of a company that's like playing the hype game and I post, I'll post like a clip of the episode and within 10 minutes, it'll get 50 likes and then it'll get less than a thousand views. Whereas
Boba (01:09:27.381)
Yeah.
Boba (01:09:49.676)
Hey
Rex (01:09:51.029)
with like real organic stuff, like may get three likes, but then like 5,000 views. And it's just, you know, there's a whole separate conversation about the algorithms and how things have changed since Elon's come around and blah, blah, blah. But yeah, man, I think there's a real endorsement and value in just building something that works that people use and not just having your hype be the product.
Boba (01:09:55.936)
Yeah.
Boba (01:10:00.233)
Yeah, totally.
Boba (01:10:20.467)
Exactly.
Rex (01:10:22.143)
man. All right, so unfortunately running out of time, I would love to keep pushing forward. Maybe we'll have you back just to talk about how ZK is opening up the frontiers, like both, what are the interesting things that are being built on top of it and also like, why haven't we really seen that much interesting built on top of it yet? But for the interest of your schedule and I guess everyone's attention span, we will close it off here. So.
Before I let you go, can you just share with the audience where they can find you, where they can find Drosera, and if they're interested in learning more and getting more involved, what are the best next steps for you?
Boba (01:10:58.891)
Yeah, you guys can find me at Boba Fetidore on X. You can find Drisera at Drisera Network on X. If you want to get involved, honestly going to those pages, you'll be able to find tons of content from articles, dev docs, and how to get involved, how you can start playing with the technology at dev.drisera.io. But yeah, it was awesome to be on here.
I appreciate being able to do podcast number two, Numero Dos, maybe Numero Trace later, you know.
Rex (01:11:36.725)
For sure, man. Well, thank you so much. Really appreciate the time and have a good rest of your day.
Boba (01:11:40.78)
Yep, you have a day.