First Annual DeFi Security Summit

Paul & Mildred Berg Hall, Stanford, August 27-28

DeFi is an emerging suite of applications for decentralized asset management over blockchain technology. DeFi is becoming a major economic vehicle in modern society. The Ethereum blockchain alone already manages more than 235 billion USD worth of assets. One of the basic principles behind DeFis is that the code is law and computer programs called smart contracts that run on the blockchain dictate the conditions and the effects for asset transactions. This groundbreaking idea has many desirable benefits that originate from trust-minimizing and immutable aspects of decentralized public blockchains. However, vulnerabilities in smart contracts and in their applications may be exploited to steal or deny access to assets managed by them. Mitigation and prevention of such damages are challenging and require new software development and security design methodologies. Hundreds of millions in USD value have already been lost due to vulnerabilities in smart contracts. Therefore, smart contract security is a significant concern for DeFi applications.

Please note that sponsorships and speaker requests are closed.

Confirmed Speakers

Mitchell Amador, CEO of Immunefi

Kurt Barry, Smart Contract Specialist, MakerDao

Emiliano Bonassi, DeFi Italy

Boring Crypto

Julien Bouteloup, Founder of Rekt, Blackpool & Stake DAO, Curve Team Member

Tarun Chitra, CEO and Co-Founder of Gauntlet

Nurit Dor, VP Product at Certora

Jared Flatow, VP of Engineering at Compound Labs

Emilio Frangella, Head of Smart Contracts at AAVE BGD

Jesse Tasman, Head of product at Redefine

Mudit Gupta, Security Researcher at Delta Blockchain Fund

Hugh Karp, Founder of Nexus Mutual

Dmitry Khovratovich, Researcher at Ethereum Foundation, Principal Cryptographer at Dusk Network, Founder of ABDK Consulting

Michael Lewellen, Head of Solutions Architecture at OpenZeppelin

Richard Ma, CEO of Quantstamp

John Mardlin, Security Engineer at Optimism

Christoph Michel, Security Researcher

Jack Sanford, Co-Founder of Sherlock Protocol

Sam S, Research Partner at Paradigm and White-Hat Hacker

Gon çalo Sa, Co-Founder and Security Researcher Consensys Diligence

Mehdi Zerouali, Co-Founder and Director of Sigma Prime

Christopher Whinfrey, Co-Founder at Authereum

Ryan Zarick, Co-Founder and CTO of LayerZero

Nicolás Venturo, Head of Smart Contracts at Balancer Labs

Tina Qian, Blockchain Security Engineer at Coinbase

Richard Chen, General Partner at 1confirmation

Jonathan Alexander, CTO of Openzeppelin

Michael George, Director of Product at Certora

Joran Honig, Security Researcher & Product Lead at ConsenSys Diligence

Georgios Konstantopoulous, CTO of Paradigm

Everett Hildenbrandt, CTO of Runtime Verification

Kostas Ferles, Principal Scientist at Veridise

Arjun Bhuptani, Founder of Connext

Nick Selby, VP, Software Assurance Practice, Trail of Bits

Filipe Casal, Cryptography Analyst at Trail of Bits

Neville Grech, Security Engineer and Founder of Dedaub

Schedule

Saturday

08:30am-09:00am John & Mooly – Opening

Session 1:

DeFi Protocols, Moderator: Zaki Manian, Co-Founder of Iqlusion

09:01am-09:20am Kurt Barry, Smart Contract Specialist, MakerDao – Maker’s safety and security practices

09:21am-09:40am Jared Flatow, VP of Engineering at Compound Labs – Secure by Design

09:41am-10:00am Emilio Frangella, Head of Smart Contracts at AAVE BGD – The butterfly effect – How simple oversights turn into smart contract nightmares

10:01am-10:20am Mark Toda, Uniswap – TWAP Oracles After the Merge

10:21am-10:35pm Kurt Barry, Jared Flatow, Emilio Frangella, Mark Toda – Discussion

10:36am-10:50am Coffee Break

Session 2:

DeFi Protocols 2 and Discussion, Moderator: Emilio Frangella, Head of Smart Contracts at AAVE BGD

10:50am-11:10am Nicolás Venturo, Head of Smart Contracts at Balancer Labs – Towards Verifiably Secure Governance

11:10am-11:30am Yuchen Lin, Lead Security Engineer, TrustToken – Searching Outside the Streetlight: Capture-Recapture Estimators for DeFi Security Issues

11:31am-11:50am storm0x, Yearn – yearn risk management approach to security

11:50am-12:05pm Yuchen Lin, storm0x, Nicolás Venturo – Discussion

12:05pm-1:05pm Lunch

Session 3:

Auditors Part 1, Moderator: Jared Flatow, VP of Engineering at Compound Labs

1:05pm-1:25pm Neville Grech, Security Engineer and Founder, Dedaub – Billion dollar bugs

1:26pm-1:45pm Richard Ma, CEO of Quantstamp – Flash Loans in the Wild: An Analysis of Attacks & Possible Mitigations

1:46pm-2:05pm Gonçalo Sa, Co-Founder and Security Researcher, Consensys Diligence – Clear as mud – How compilers look like VMs

2:06pm-2:25pm Anton Permenev, Founding Partner at ChainSecurity – Alpha for auditors: The vulnerabilities of tomorrow

2:26pm-2:45pm Coffee Break

Session 4:

Auditors Part 2 and discussion,Moderator: Mudit Gupta

2:46pm-3:05pm Filipe Casal, Cryptography Analyst, Trail of Bits – A profile of causes for early bug death

3:06pm-3:25pm Michael Lewellen, Head of Solutions Architecture, OpenZeppelin – Securely scaling decentralized governance

3:26pm-3:45pm Mehdi Zerouali, Co-Founder and Director of Sigma Prime – Favorite DeFi vulnerabilities

3:46pm-4:05pm Filipe Casal, Michael Lewellen, Mehdi Zerouali, Richard Ma, Gonçalo Sa, Anton Permenev – Discussion on Auditing

4:06pm-4:20pm Coffee Break

Session 5:

Bridges, Moderator: Mudit Gupta

4:21pm-4:40pm Christopher Whinfrey, Co-Founder at Hop Protocol – Cross-chain security

4:41pm-5:00pm Ryan Zarick – Co-Founder and CTO of LayerZero Labs – Pre-Crime: the future of omnichain security

5:01pm-5:20pm Arjun Bhuptani – Founder of Connext: Breaking down bridge security models

5:21pm-5:40pm Christopher Whinfrey, Ryan Zarick, Arjun Bhuptani – Discussion – Bridges

5:41pm-6:00pm Break

Session 6:

Tools and Live Demos, Moderator: Kostas Ferles, Principal Scientist, Veridise
Food and drinks being served

6:01-6:05 Jonathan Alexander, CTO of Openzeppelin – Runtime threat detection and automated response

6:06pm-6:10pm Michael George, a director of product at Certora – Preventing billion dollar coding mistakes with formal verification

6:11pm-6:15pm Nick Selby, VP of Assurance Practice, Trail of Bits – Overview on tools and demo – Slither, Echidna, Manticore, It-Depends

6:16pm-6:20pm Joran Honig, Security Researcher & Product Lead, ConsenSys Diligence – Scribble

6:21pm-6:25pm Georgios Konstantopoulous, CTO of Paradigm – Foundry, a blazing-fast, portable and modular toolkit for Ethereum application development, written in Rust

6:26pm-6:30pm Everett Hildenbrandt, CTO of Runtime Verification – Formal verification of Foundry tests

Session 7:

6:31pm-8:00pm Tool workshops Forta, Certora, Consys, Runtime Verification, Foundry, Echidna, Slither, Manticore

Sunday

Session 8:

White Hat Hacking, Moderator: Curtis Spencer, Electric Capital

09:00am-09:20am Emiliano Bonassi, DeFi Italy – The big red button: How to plan and design for security events

09:21am-09:40am Mitchell Amador, CEO of Immunefi – Bug Bounty Success Stories: War Rooms and New Vulnerability Classes

09:41am-10:00am Samczsun, Research Partner at Paradigm, White-Hat Hacker – How do you even write secure code anyways

10:01am-10:30am Emiliano Bonassi, Mitchell Amador, Samczsun – Discussion: Security

10:31am-10:45am Break

Session 9:

Security 1, Moderator: Dan Robinson, Paradigm

10:46am-11:05am Julien Bouteloup, Founder of Rekt, Blackpool & Stake DAO, Curve Team Member – DeFi Freemason Reptilian

11:06am-11:25am Christoph Michel, Security Researcher – Price manipulation exploits

11:26am-11:45am Mudit Gupta, security researcher at Delta Blockchain Fund – TWAP Oracle Manipulation Risks

11:46am-12:05pm Tina Qian, Blockchain Security Engineer, Coinbase – Smart Contract Governance

12:06pm-12:25pm Julien Bouteloup, Christoph Michel, Mudit Gupta, Tina Qian – Discussion: Security

12:26pm-1:30pm Lunch Break

Session 10:

Security 2, Moderator: Mitchell Amador, Immunefi

1:31pm-1:50pm BoringCrypto – Price manipulation exploits

1:51pm-2:10pm Tarun Chitra, CEO and Co-Founder of Gauntlet – Probabilistic Liquidity Attacks in DeFi

2:11pm-2:30pm Nurit Dor, VP Product at Certora – From high-level DeFi properties to concrete security bugs

2:31pm-3:00pm BoringCrypto, Tarun Chitra, Nurit Dor – Discussion: Security

3:01pm-3:30pm Break

Session 11:

Insurance, Moderator: Richard Chen, General Partner, 1confirmation

3:31pm-3:50pm Hugh Karp, Founder of Nexus Mutual – Concerns from a user perspective

3:51pm-4:10pm Jack Sanford, Co-Founder of Sherlock Protocol – DeFi hacks: A year in review

4:11pm-4:30pm Hugh Karp, Jack Sanford – Discussion: Insurance

4:31pm-4:50pm Break

Bird of a feather 5 min. talks, chair – Nurit Dor

4:51pm-4:55pm Kostas Ferles, Principal Scientist, Veridise – V for Verification: A Unified Service for Secure Blockchains

4:56pm-5:00pm Jess Tasman, Head of product at Redefine – DeFirewall: Combatting attacks and putting an end to “blind signing” on DeFi transactions. A live demo.

5:00pm-5:05pm David Tarditi, VP of Engineering at CertiK – Tools For Supporting Manual Auditing At Scale

5:05pm-5:10pm Denis Ivanov, Hacken COO – What should the scope of the Web3 audit look like?

Steering Committee

Jonathan Alexander, OpenZeppelin
Mitchell Amador, Immunefi
Kurt Barry, MakerDao
Julien Bouteloup, Rekt
Tarun Chitra, Gauntlet
Maria Christakis, MPI
Isil Dillig, UT Austin
Rajeev Gopalakrishna, Secureum
Dan Guido, Trails of bits
Aparna Krishnan, Opyn
Emin Gun Sirer, Cornell University, and Ava Labs
John Mardlin., Optimism
John Mitchell, Co-Founder, Stanford University
Sam S, Paradigm
Gonçalo Sá, ConsenSys Diligence
Mooly Sagiv, Co-Founder, Tel Aviv University and Certora
Curtis Spencer, Electric Capital
Kartik Talwar, General Partner ACapital

Accommodation

Hotels close to Stanford include the Sheraton Palo Alto, the Stanford Terrace Inn, and others listed in Stanford’s lodging guide.

Registration Closed

We have reached capacity for this summit.