First Annual DeFi Security Summit

Paul & Mildred Berg Hall, Stanford, August 27-28

                        Preceding SBC’22

DeFi is an emerging suite of applications for decentralized asset management over blockchain technology. DeFi is becoming a major economic vehicle in modern society. The Ethereum blockchain alone already manages more than 235 billion USD worth of assets. One of the basic principles behind DeFis is that the code is law and computer programs called smart contracts that run on the blockchain dictate the conditions and the effects for asset transactions. This groundbreaking idea has many desirable benefits that originate from trust-minimizing and immutable aspects of decentralized public blockchains. However, vulnerabilities in smart contracts and in their applications may be exploited to steal or deny access to assets managed by them. Mitigation and prevention of such damages are challenging and require new software development and security design methodologies. Hundreds of millions in USD value have already been lost due to vulnerabilities in smart contracts. Therefore, smart contract security is a significant concern for DeFi applications.

Confirmed Speakers

Kurt Barry, MakerDao

Emiliano Bonassi,  DeFi Italy

Julien Bouteloup, Founder of Rekt, Blackpool & Stake DAO. Curve Team Member

Tarun Chitra, CEO and Co-Founder at Gauntlet

Nurit Dor, VP Product at Certora

Jared Flatow,VP of Engineering at Compound Labs

Emilio Frangella,  Head of Smart Contracts at Aave

Dan Guido,  Co-Founder & CEO of Trail of Bits

Mudit Gupta, Security Researcher, Delta Blockchain Fund

Hugh Karp, Founder of Nexus Mutual

Dmitry Khovratovich, Researcher at Ethereum Foundation Principal Cryptographer at Dusk Network Founder of ABDK Consulting

Michael Lewellen, Security Project Manager, OpenZeppelin

Richard Ma ,CEO – Quantstamp, Inc.

 

John Mardlin, Security Engineer at Optimism

Christoph Michel, Security Researcher

Sam S, Research Partner at Paradigm and white-hat hacker

Goncalo Sa, CoFounder and Security Researcher Consensys Diligence

Jack Sanford, Co-Founder at Sherlock Protocol

Grigore Rosu, Runtime Verification

Duncan Townsend, CTO and Security Researcher at Immunefi

Christopher Whinfrey, Co-Founder at Authereum

Mehdi Zerouali, Co-founder and Director of Sigma Prime

Tentative Schedule (subject to change)

Saturday

8:30-09:00 Opening


09:00-10:30 Session 1: Protocols Chair: Aparna Krishnan, Opyn


09:00-09:25 Kurt Barry, MakerDao – Maker’s safety and security practices


09:26-09:50 Jared Fatelow, VP of Engineering at Compound Labs – Secure by Design


09:51-10:15 Emlio Frangella, Head of Smart Contracts at Aave – The butterfly effect – How simple oversights turn into smart contract nightmares


10:15-10:30 Discussion


10:30-10:45 Coffee Break


10:45-12:00 Session 2: Auditors Part 1 Chair: Emilio Frangella, Aave 


10:45-11:10 Dmitry Khovratovich, ABDK audits of circuits for zero-knowledge proofs


11:11-11:35 Richard Ma ,CEO – Quantstamp – Flash Loans in the Wild: An Analysis of Attacks & Possible Mitigations


11:36-12:00 Goncalo Sa, CoFounder and Security Researcher, Consensys Diligence – Clear as mud – How compilers look like VMs


12:00-13:00 Lunch Break


13:00-14:45 Sesion 3: Auditors Part 2 and discussion Chair: Kurt Berry, MakerDao


14:45-15:05 Dan Guido, Co-Founder & CEO of Trail of Bits – A profile of causes for early bug death,


15:06-15:30 Michael Lewellen, Security Project Manager, OpenZeppelin Lessons –Learned from 5 Years of Ethereum Security Incidents


15:31-15:25 Mehdi Zerouali, Co-founder and Director of Sigma Prime` – Sigma Prime’s Favorite DeFi Vulnerabilities


15:26-15:50 Discussion on Auditing with all auditors


14:45-15:00 Coffee Break


15:00 -16:05 Session 4: Bridges Chair 


15:00-15:25 John Mardlin, Security Engineer at Optimism – A review of Bridge contract vulnerabilities


15:26-15:50 Christopher Whinfrey, Co-Founder at Authereum – Cross-chain Security


15:50-16:05 Discussion on bridges


16:05-16:30 Coffee Break


15:30-16:30


16:30-18:00 Session 5: Tool workshops open


18:00-19:00 Dinner


19:00-21:00 Bird of a feather ideas (with wine and cheese) Chair: John Mitchell

Sunday

09:00-10:30 Session 6: White Hat Hacking Chair: Curtis Spencer, Electric Capital


09:00-09:25 Emiliano Bonassi, DeFi Italy 


09:26-09:50 Duncan Townsend, CTO and Security Researcher at Immunefi – Bug Bounty Success Stories: War Rooms and New Vulnerability Classes


09:50-10:15 Sam Sun – How do you even write secure code anyways


10:15-10:30 Discussion


10:30-10:45 Break


10:45-12:15 Session 7: Security 1 Chair: Dan Robinson, Paradigm


10:45-11:10 Julien Bouteloup, Founder of Rekt, Blackpool & Stake DAO. Curve Team Member – DeFi Freemason Reptilian


11:11-11:35 Christoph Michel, Security Researcher – Price manipulation exploits


11:35-12:00 Mudit, Security Researcher, Delta Blockchain Fund – TWAP Oracle Manipulation Risks


12:00-13:30 Lunch Break


13:30-15:00 Session 8: Security 2 Chair: Mitchell Amador, Immunefi


13:30-13:55 BoringCrypto – Price manipulation exploits


13:56-14:20 Tarun Chitra, CEO and Co-Founder at Gauntlet – Probabilistic Liquidity Attacks in DeFi


14:21-14:45 Nurit Dor, VP Product at Certora – From high-level DeFi properties to concrete security bugs


14:45-15:00 Discussion


15:00-15:30 Break


15:30-16:35 Insurance Chair: Richard Chen, 1confirmation


15:30-15:55 Hugh Karp, Founder of Nexus Mutual Security Concerns from a User Perspective


15:56-16:20 Jack Sanford, Co-Founder at Sherlock Protocol 


16:20-16:35 Discussion


16:35-18:00 Panel on tools Moderator: Kartik Agarwal; Dan Guido, Paradigm; Goncalo Sa, Consensys Diligence; Grigore Rossu, Runtime Verification; Mooly Sagiv, Co-Founder, Tel Aviv University and Certora


18:00- Reception and DSS’23

Steering Committee

  1. Jonathan Alexander, OpenZeppelin
  2. Mitchell Amador, Immunefi 
  3. Kurt Barry, MakerDao
  4. Julien Bouteloup, Rekt
  5. Tarun Chitra, Gauntlet 
  6. Maria Christakis, MPI
  7. Isil Dillig, UT Austin
  8. Rajeev Gopalakrishna, Secureum
  9. Dan Guido,  Trails of bits
  10. Aparna Krishnan, CTO of Opyn
  11. Emin Gun Sirer, Cornell University, and Ava Labs
  12. John Mardlin., Optimism
  13. John Mitchell, Co-Founder, Stanford University
  14. Sam S, Whitehacker and a security Researcher, Paradigm
  15. Gonçalo Sá, ConsenSys Diligence
  16. Mooly Sagiv, Co-Founder, Tel Aviv University and Certora
  17. Curtis Spencer, Electric Capital
  18. Kartik Talwar, General Partner ACapital

Register here


Sponsors

Join the Telegram group