First Annual DeFi Security Summit

Paul & Mildred Berg Hall, Stanford, August 27-28

Preceding SBC’22

DeFi is an emerging suite of applications for decentralized asset management over blockchain technology. DeFi is becoming a major economic vehicle in modern society. The Ethereum blockchain alone already manages more than 235 billion USD worth of assets. One of the basic principles behind DeFis is that the code is law and computer programs called smart contracts that run on the blockchain dictate the conditions and the effects for asset transactions. This groundbreaking idea has many desirable benefits that originate from trust-minimizing and immutable aspects of decentralized public blockchains. However, vulnerabilities in smart contracts and in their applications may be exploited to steal or deny access to assets managed by them. Mitigation and prevention of such damages are challenging and require new software development and security design methodologies. Hundreds of millions in USD value have already been lost due to vulnerabilities in smart contracts. Therefore, smart contract security is a significant concern for DeFi applications.

Please note that sponsorships and speaker requests are closed.

Confirmed Speakers

Mitchell Amador, CEO of Immunefi

Kurt Barry, Smart Contract Specialist, MakerDao

Emiliano Bonassi, DeFi Italy

Julien Bouteloup, Founder of Rekt, Blackpool & Stake DAO, Curve Team Member

Tarun Chitra, CEO and Co-Founder of Gauntlet

Nurit Dor, VP Product at Certora

Jared Flatow, VP of Engineering at Compound Labs

Emilio Frangella,  Head of Smart Contracts at AAVE BGD

Jesse Tasman, Head of product at Redefine

Mudit Gupta, Security Researcher at Delta Blockchain Fund

Hugh Karp, Founder of Nexus Mutual

Dmitry Khovratovich, Researcher at Ethereum Foundation, Principal Cryptographer at Dusk Network, Founder of ABDK Consulting

Michael Lewellen, Head of Solutions Architecture at OpenZeppelin

Richard Ma, CEO of Quantstamp

John Mardlin, Security Engineer at Optimism

Christoph Michel, Security Researcher

Jack Sanford, Co-Founder of Sherlock Protocol

Sam S, Research Partner at Paradigm and White-Hat Hacker

Gonçalo Sa, Co-Founder and Security Researcher Consensys Diligence

Mehdi Zerouali, Co-Founder and Director of Sigma Prime

Christopher Whinfrey, Co-Founder at Authereum

Ryan Zarick, Co-Founder and CTO of LayerZero

Nicolás Venturo, Head of Smart Contracts at Balancer Labs

Tina Qian, Blockchain Security Engineer at Coinbase

Richard Chen, General Partner at 1confirmation

Jonathan Alexander, CTO of Openzeppelin

Michael George, Director of Product at Certora

Joran Honig, Security Researcher & Product Lead at ConsenSys Diligence

Georgios Konstantopoulous, CTO of Paradigm

Everett Hildenbrandt, CTO of Runtime Verification

Kostas Ferles, Principal Scientist at Veridise

Arjun Bhuptani, Founder of Connext

Nick Selby, VP, Software Assurance Practice, Trail of Bits

 Filipe Casal, Cryptography Analyst at Trail of Bits

Neville Grech, Security Engineer and Founder of Dedaub

Schedule

Saturday

08:30am-09:00am John & Mooly – Opening


Session 1:

DeFi Protocols, Moderator: Zaki Manian, Co-Founder of Iqlusion


09:01am-09:20am Kurt Barry, Smart Contract Specialist, MakerDao – Maker’s safety and security practices


09:21am-09:40am Jared Flatow, VP of Engineering at Compound Labs – Secure by Design


09:41am-10:00am Emilio Frangella, Head of Smart Contracts at AAVE BGD – The butterfly effect – How simple oversights turn into smart contract nightmares


10:01am-10:20am Mark Toda, UniswapTWAP Oracles After the Merge


10:21am-10:35pm Kurt Barry, Jared Flatow, Emilio Frangella, Mark Toda – Discussion


10:36am-10:50am Coffee Break

Session 2:

DeFi Protocols 2 and Discussion, Moderator: Emilio Frangella, Head of Smart Contracts at AAVE BGD


10:50am-11:10am Nicolás Venturo, Head of Smart Contracts at Balancer Labs Towards Verifiably Secure Governance


11:10am-11:30am Yuchen Lin, Lead Security Engineer, TrustToken – Searching Outside the Streetlight: Capture-Recapture Estimators for DeFi Security Issues


11:31am-11:50am storm0x, Yearn – yearn risk management approach to security


11:50am-12:05pm Yuchen Lin, storm0x, Nicolás VenturoDiscussion


12:05pm-1:05pm Lunch

 Session 3:

Auditors Part 1, Moderator: Jared Flatow, VP of Engineering at Compound Labs


1:05pm-1:25pm Neville Grech, Security Engineer and Founder, DedaubBillion dollar bugs


1:26pm-1:45pm Richard Ma, CEO of Quantstamp – Flash Loans in the Wild: An Analysis of Attacks & Possible Mitigations


1:46pm-2:05pm Gonçalo Sa, Co-Founder and Security Researcher, Consensys Diligence – Clear as mud – How compilers look like VMs


2:06pm-2:25pm Anton Permenev, Founding Partner at ChainSecurity – Alpha for auditors: The vulnerabilities of tomorrow


2:26pm-2:45pm Coffee Break

Session 4:

Auditors Part 2 and discussion,Moderator: Mudit Gupta


2:46pm-3:05pm Filipe Casal, Cryptography Analyst, Trail of Bits – A profile of causes for early bug death


3:06pm-3:25pm Michael Lewellen, Head of Solutions Architecture, OpenZeppelin – Securely scaling decentralized governance


3:26pm-3:45pm Mehdi Zerouali, Co-Founder and Director of Sigma Prime – Favorite DeFi vulnerabilities


3:46pm-4:05pm Filipe Casal, Michael Lewellen, Mehdi Zerouali, Richard Ma, Gonçalo Sa, Anton Permenev – Discussion on Auditing


4:06pm-4:20pm Coffee Break

Session 5:

Bridges, Moderator: Mudit Gupta


4:21pm-4:40pm Christopher Whinfrey, Co-Founder at Hop Protocol – Cross-chain security


4:41pm-5:00pm Ryan Zarick – Co-Founder and CTO of LayerZero Labs – Pre-Crime: the future of omnichain security


5:01pm-5:20pm Arjun Bhuptani –  Founder of Connext: Breaking down bridge security models


5:21pm-5:40pm Christopher Whinfrey, Ryan Zarick, Arjun Bhuptani – Discussion – Bridges


5:41pm-6:00pm Break

Session 6:

Tools and Live Demos, Moderator: Kostas Ferles, Principal Scientist, Veridise  
Food and drinks being served


6:01-6:05 Jonathan Alexander, CTO of Openzeppelin – Runtime threat detection and automated response


6:06pm-6:10pm Michael George, a director of product at Certora – Preventing billion dollar coding mistakes with formal verification


6:11pm-6:15pm Nick Selby, VP of Assurance Practice, Trail of Bits – Overview on tools and demo – Slither, Echidna, Manticore, It-Depends


6:16pm-6:20pm Joran Honig, Security Researcher & Product Lead, ConsenSys Diligence – Scribble


6:21pm-6:25pm Georgios Konstantopoulous, CTO of Paradigm – Foundry, a blazing-fast, portable and modular toolkit for Ethereum application development, written in Rust


6:26pm-6:30pm Everett Hildenbrandt, CTO of Runtime Verification – Formal verification of Foundry tests

 Session 7:

6:31pm-8:00pm Tool workshops Forta, Certora, Consys, Runtime Verification, Foundry, Echidna, Slither, Manticore

Sunday

Session 8:

White Hat Hacking, Moderator: Curtis Spencer, Electric Capital


09:00am-09:20am Emiliano Bonassi, DeFi Italy – The big red button: How to plan and design for security events


09:21am-09:40am Mitchell Amador, CEO of Immunefi – Bug Bounty Success Stories: War Rooms and New Vulnerability Classes


09:41am-10:00am Samczsun, Research Partner at Paradigm, White-Hat Hacker – How do you even write secure code anyways


10:01am-10:30am Emiliano Bonassi, Mitchell Amador, Samczsun – Discussion: Security


10:31am-10:45am Break

Session 9:

Security 1, Moderator: Dan Robinson, Paradigm


10:46am-11:05am Julien Bouteloup, Founder of Rekt, Blackpool & Stake DAO, Curve Team Member – DeFi Freemason Reptilian


11:06am-11:25am Christoph Michel, Security Researcher – Price manipulation exploits


11:26am-11:45am Mudit Gupta, security researcher at Delta Blockchain Fund – TWAP Oracle Manipulation Risks


11:46am-12:05pm Tina Qian, Blockchain Security Engineer, Coinbase – Smart Contract Governance


12:06pm-12:25pm Julien Bouteloup, Christoph Michel, Mudit Gupta, Tina Qian​ – Discussion: Security 


12:26pm-1:30pm Lunch Break

Session 10:

Security 2, Moderator: Mitchell Amador, Immunefi


1:31pm-1:50pm BoringCrypto – Price manipulation exploits


1:51pm-2:10pm Tarun Chitra, CEO and Co-Founder of Gauntlet – Probabilistic Liquidity Attacks in DeFi


2:11pm-2:30pm Nurit Dor, VP Product at Certora – From high-level DeFi properties to concrete security bugs


2:31pm-3:00pm BoringCrypto, Tarun Chitra, Nurit Dor – Discussion: Security


3:01pm-3:30pm Break

Session 11:

Insurance, Moderator: Richard Chen, General Partner, 1confirmation


3:31pm-3:50pm Hugh Karp, Founder of Nexus Mutual – Concerns from a user perspective


3:51pm-4:10pm Jack Sanford, Co-Founder of Sherlock Protocol – DeFi hacks: A year in review


4:11pm-4:30pm Hugh Karp, Jack Sanford – Discussion: Insurance


4:31pm-4:50pm Break


Bird of a feather 5 min. ​talks, chair – Nurit Dor


4:51pm-4:55pm Kostas Ferles, Principal Scientist, Veridise – V for Verification: A Unified Service for Secure Blockchains


4:56pm-5:00pm Jess Tasman, Head of product at Redefine – DeFirewall: Combatting attacks and putting an end to “blind signing” on DeFi transactions. A live demo.


5:00pm-5:05pm David Tarditi, VP of Engineering at CertiK – Tools For Supporting Manual Auditing At Scale


5:05pm-5:10pm Denis Ivanov, Hacken COO – What should the scope of the Web3 audit look like?

Steering Committee

  1. Jonathan Alexander, OpenZeppelin
  2. Mitchell Amador, Immunefi 
  3. Kurt Barry, MakerDao
  4. Julien Bouteloup, Rekt
  5. Tarun Chitra, Gauntlet 
  6. Maria Christakis, MPI
  7. Isil Dillig, UT Austin
  8. Rajeev Gopalakrishna, Secureum
  9. Dan Guido,  Trails of bits
  10. Aparna Krishnan, Opyn
  11. Emin Gun Sirer, Cornell University, and Ava Labs
  12. John Mardlin., Optimism
  13. John Mitchell, Co-Founder, Stanford University
  14. Sam S, Paradigm
  15. Gonçalo Sá, ConsenSys Diligence
  16. Mooly Sagiv, Co-Founder, Tel Aviv University and Certora
  17. Curtis Spencer, Electric Capital
  18. Kartik Talwar, General Partner ACapital

Accommodation

Hotels close to Stanford include the Sheraton Palo Altothe Stanford Terrace Inn, and others listed in Stanford’s lodging guide.

Registration Closed

We have reached capacity for this summit.

Sponsors

Join the Telegram group

Join on Twitter