DeFi is an emerging suite of applications for decentralized asset management over blockchain technology. DeFi is becoming a major economic vehicle in modern society. The Ethereum blockchain alone already manages more than 235 billion USD worth of assets. One of the basic principles behind DeFis is that the code is law and computer programs called smart contracts that run on the blockchain dictate the conditions and the effects for asset transactions. This groundbreaking idea has many desirable benefits that originate from trust-minimizing and immutable aspects of decentralized public blockchains. However, vulnerabilities in smart contracts and in their applications may be exploited to steal or deny access to assets managed by them. Mitigation and prevention of such damages are challenging and require new software development and security design methodologies. Hundreds of millions in USD value have already been lost due to vulnerabilities in smart contracts. Therefore, smart contract security is a significant concern for DeFi applications.
Confirmed Speakers

Kurt Barry, MakerDao

Emiliano Bonassi, DeFi Italy

Julien Bouteloup, Founder of Rekt, Blackpool & Stake DAO. Curve Team Member

Tarun Chitra, CEO and Co-Founder at Gauntlet

Nurit Dor, VP Product at Certora

Jared Flatow,VP of Engineering at Compound Labs

Emilio Frangella, Head of Smart Contracts at Aave

Dan Guido, Co-Founder & CEO of Trail of Bits

Mudit Gupta, Security Researcher, Delta Blockchain Fund

Hugh Karp, Founder of Nexus Mutual

Dmitry Khovratovich, Researcher at Ethereum Foundation Principal Cryptographer at Dusk Network Founder of ABDK Consulting

Michael Lewellen, Security Project Manager, OpenZeppelin

Richard Ma ,CEO – Quantstamp, Inc.

John Mardlin, Security Engineer at Optimism

Christoph Michel, Security Researcher

Sam S, Research Partner at Paradigm and white-hat hacker

Goncalo Sa, CoFounder and Security Researcher Consensys Diligence

Jack Sanford, Co-Founder at Sherlock Protocol

Grigore Rosu, Runtime Verification

Duncan Townsend, CTO and Security Researcher at Immunefi

Christopher Whinfrey, Co-Founder at Authereum
Tentative Schedule (subject to change)
Saturday
8:30-09:00 Opening
09:00-10:30 Session 1: Protocols Chair: Aparna Krishnan, Opyn
09:00-09:25 Kurt Barry, MakerDao – Maker’s safety and security practices
09:26-09:50 Jared Fatelow, VP of Engineering at Compound Labs – Secure by Design
09:51-10:15 Emlio Frangella, Head of Smart Contracts at Aave – The butterfly effect – How simple oversights turn into smart contract nightmares
10:15-10:30 Discussion
10:30-10:45 Coffee Break
10:45-12:00 Session 2: Auditors Part 1 Chair: Emilio Frangella, Aave
10:45-11:10 Dmitry Khovratovich, ABDK – audits of circuits for zero-knowledge proofs
11:11-11:35 Richard Ma ,CEO – Quantstamp – Flash Loans in the Wild: An Analysis of Attacks & Possible Mitigations
11:36-12:00 Goncalo Sa, CoFounder and Security Researcher, Consensys Diligence – Clear as mud – How compilers look like VMs
12:00-13:00 Lunch Break
13:00-14:45 Sesion 3: Auditors Part 2 and discussion Chair: Kurt Berry, MakerDao
14:45-15:05 Dan Guido, Co-Founder & CEO of Trail of Bits – A profile of causes for early bug death,
15:06-15:30 Michael Lewellen, Security Project Manager, OpenZeppelin Lessons –Learned from 5 Years of Ethereum Security Incidents
15:31-15:25 Mehdi Zerouali, Co-founder and Director of Sigma Prime` – Sigma Prime’s Favorite DeFi Vulnerabilities
15:26-15:50 Discussion on Auditing with all auditors
14:45-15:00 Coffee Break
15:00 -16:05 Session 4: Bridges Chair
15:00-15:25 John Mardlin, Security Engineer at Optimism – A review of Bridge contract vulnerabilities
15:26-15:50 Christopher Whinfrey, Co-Founder at Authereum – Cross-chain Security
15:50-16:05 Discussion on bridges
16:05-16:30 Coffee Break
15:30-16:30
16:30-18:00 Session 5: Tool workshops open
18:00-19:00 Dinner
19:00-21:00 Bird of a feather ideas (with wine and cheese) Chair: John Mitchell
Sunday
09:00-10:30 Session 6: White Hat Hacking Chair: Curtis Spencer, Electric Capital
09:00-09:25 Emiliano Bonassi, DeFi Italy
09:26-09:50 Duncan Townsend, CTO and Security Researcher at Immunefi – Bug Bounty Success Stories: War Rooms and New Vulnerability Classes
09:50-10:15 Sam Sun – How do you even write secure code anyways
10:15-10:30 Discussion
10:30-10:45 Break
10:45-12:15 Session 7: Security 1 Chair: Dan Robinson, Paradigm
10:45-11:10 Julien Bouteloup, Founder of Rekt, Blackpool & Stake DAO. Curve Team Member – DeFi Freemason Reptilian
11:11-11:35 Christoph Michel, Security Researcher – Price manipulation exploits
11:35-12:00 Mudit, Security Researcher, Delta Blockchain Fund – TWAP Oracle Manipulation Risks
12:00-13:30 Lunch Break
13:30-15:00 Session 8: Security 2 Chair: Mitchell Amador, Immunefi
13:30-13:55 BoringCrypto – Price manipulation exploits
13:56-14:20 Tarun Chitra, CEO and Co-Founder at Gauntlet – Probabilistic Liquidity Attacks in DeFi
14:21-14:45 Nurit Dor, VP Product at Certora – From high-level DeFi properties to concrete security bugs
14:45-15:00 Discussion
15:00-15:30 Break
15:30-16:35 Insurance Chair: Richard Chen, 1confirmation
15:30-15:55 Hugh Karp, Founder of Nexus Mutual Security Concerns from a User Perspective
15:56-16:20 Jack Sanford, Co-Founder at Sherlock Protocol
16:20-16:35 Discussion
16:35-18:00 Panel on tools Moderator: Kartik Agarwal; Dan Guido, Paradigm; Goncalo Sa, Consensys Diligence; Grigore Rossu, Runtime Verification; Mooly Sagiv, Co-Founder, Tel Aviv University and Certora
18:00- Reception and DSS’23
Steering Committee
- Jonathan Alexander, OpenZeppelin
- Mitchell Amador, Immunefi
- Kurt Barry, MakerDao
- Julien Bouteloup, Rekt
- Tarun Chitra, Gauntlet
- Maria Christakis, MPI
- Isil Dillig, UT Austin
- Rajeev Gopalakrishna, Secureum
- Dan Guido, Trails of bits
- Aparna Krishnan, CTO of Opyn
- Emin Gun Sirer, Cornell University, and Ava Labs
- John Mardlin., Optimism
- John Mitchell, Co-Founder, Stanford University
- Sam S, Whitehacker and a security Researcher, Paradigm
- Gonçalo Sá, ConsenSys Diligence
- Mooly Sagiv, Co-Founder, Tel Aviv University and Certora
- Curtis Spencer, Electric Capital
- Kartik Talwar, General Partner ACapital