First Annual DeFi Security Summit

Paul & Mildred Berg Hall, Stanford, August 27-28

Preceding SBC’22

DeFi is an emerging suite of applications for decentralized asset management over blockchain technology. DeFi is becoming a major economic vehicle in modern society. The Ethereum blockchain alone already manages more than 235 billion USD worth of assets. One of the basic principles behind DeFis is that the code is law and computer programs called smart contracts that run on the blockchain dictate the conditions and the effects for asset transactions. This groundbreaking idea has many desirable benefits that originate from trust-minimizing and immutable aspects of decentralized public blockchains. However, vulnerabilities in smart contracts and in their applications may be exploited to steal or deny access to assets managed by them. Mitigation and prevention of such damages are challenging and require new software development and security design methodologies. Hundreds of millions in USD value have already been lost due to vulnerabilities in smart contracts. Therefore, smart contract security is a significant concern for DeFi applications.

Please note that sponsorships and speaker requests are closed.

Previous Speakers

Mitchell Amador, CEO of Immunefi

Kurt Barry, Smart Contract Specialist, Spearbit & Fixed Point Solutions

Emiliano Bonassi, Co-Founder of DeFi Italy

Anton Permenev, Founding Partner at ChainSecurity

Sebastian Bürgel, Founder at HOPR

Tarun Chitra, CEO and Co-Founder of Gauntlet

Nurit Dor, VP Product at Certora

Jared Flatow, VP of Engineering at Compound Labs

Emilio Frangella,  Head of Smart Contracts at AAVE BGD

Jesse Tasman, Head of product at Redefine

Mudit Gupta, Chief Security Officer at Polygon

Hugh Karp, Founder of Nexus Mutual

Sam S, Research Partner at Paradigm and White-Hat Hacker

Gonçalo Sa, Co-Founder and Security Researcher ConsenSys Diligence

Mehdi Zerouali, Co-Founder and Director of Sigma Prime

Christopher Whinfrey, Co-Founder at Hop

Ryan Zarick, Co-Founder and CTO of LayerZero

Nicolás Venturo, Head of Smart Contracts at Balancer Labs

Tina Qian, Blockchain Security Engineer at Coinbase

Richard Chen, General Partner at 1confirmation

Jonathan Alexander, CTO of Openzeppelin

Michael George, Director of Product at Certora

Joran Honig, Security Researcher & Product Lead at ConsenSys Diligence

storm0x, Contributor in Security and Core Development, Yearn Finance

Everett Hildenbrandt, CTO of Runtime Verification

Kostas Ferles, Principal Scientist at Veridise

Layne Haber, Research Lead, Connext

Nick Selby, VP, Software Assurance Practice, Trail of Bits

 Filipe Casal, Cryptography Analyst at Trail of Bits

Neville Grech, Security Engineer and Founder of Dedaub

Mark Toda, Protocol Engineer, Uniswap Labs

Yuchen Lin, Lead Security Engineer, TrustToken

Denys Ivanov, Hacken COO

David Tarditi, VP of Engineering at CertiK

Yoav Weiss, Security Fellow at the Ethereum Foundation

Jan Gorzny, Head of L2 Scaling, Quantstamp

Daniel Von Fange, Senior Engineer, Origin Protocol
Christoph Michel, Security Researcher, Price Manipulation Exploits
Zaki Manian, Co-Founder of Iqlusion

Curtis Spencer, Electric Capital

Dan Robinson, Paradigm
Vanessa Grellet, Managing Partner at Aglaé Ventures
Natalie Chin, Security Engineer, Trail of Bits

Schedule

Saturday

[Recording]

 

08:30am-09:00am John & Mooly – Opening [PDF] [VIDEO]


Session 1: 

DeFi Protocols, Moderator: Zaki Manian, Co-Founder of Iqlusion


09:01am-09:20am Kurt Barry, Smart Contract Specialist, MakerDAO – MakerDAO Smart Contract Safety – When Billions are at Stake [PDF] [VIDEO]


09:21am-09:40am Jared Flatow, VP of Engineering at Compound Labs – Secure by Design [PDF] [VIDEO]


09:41am-10:00am Emilio Frangella, Head of Smart Contracts at AAVE BGD – The Butterfly effect: Small mistakes, massive consequences – and how to avoid them [PDF] [VIDEO]


10:01am-10:20am Mark Toda, Protocol Engineer, Uniswap Labs – TWAP Oracles After the Merge [PDF] [VIDEO]


10:21am-10:35pm Kurt Barry, Jared Flatow, Emilio Frangella, Mark Toda – Discussion [VIDEO]


10:36am-10:50am Coffee Break

Session 2:

DeFi Protocols 2, Moderator: Emilio Frangella, Head of Smart Contracts at AAVE BGD


10:50am-11:10am Nicolás Venturo, Head of Smart Contracts at Balancer Labs Towards Verifiably Secure Governance [PDF] [VIDEO]


11:10am-11:30am Yuchen Lin, Lead Security Engineer, TrustToken – Searching Outside the Streetlight [PDF] [VIDEO]


11:31am-11:50am storm0x, Contributor in Security and Core Development, Yearn – Risk Management Approach to Security [PDF] [VIDEO]


11:50am-12:05pm Yuchen Lin, storm0x, Nicolás VenturoDiscussion [VIDEO]


12:06pm-1:05pm Lunch

Session 3:

Auditors Part 1, Moderator: Kurt Barry, Smart Contract Specialist, MakerDAO


1:05pm-1:25pm Neville Grech, Security Engineer and Founder, DedaubBillion Dollar Bugs [PDF] [VIDEO]


1:26pm-1:45pm Jan Gorzny, Head of L2 Scaling at Quantstamp – Not Quite Water Under the Bridge: Review of Cross-Chain Bridge Hacks [PDF] [VIDEO]


1:46pm-2:05pm Gonçalo Sa, Co-Founder and Security Researcher, ConsenSys Diligence – Clear as Mud – How Compilers Look Like VMs [PDF] [VIDEO]


2:06pm-2:25pm Anton Permenev, Founding Partner at ChainSecurity – Alpha for Auditors: The Vulnerabilities of Tomorrow [PDF] [VIDEO]


2:26pm-2:45pm Coffee Break

Session 4:

Auditors Part 2 and discussion, Moderator: Mudit Gupta, Chief Security Officer at Polygon


2:46pm-3:05pm Filipe Casal, Cryptography Analyst, Trail of Bits – Static Analysis for Zero-Knowledge Programming Languages [PDF] [VIDEO]


3:06pm-3:25pm Michael Lewellen, Head of Solutions Architecture, OpenZeppelin – Securely Scaling Decentralized Governance [PDF] [VIDEO]


3:26pm-3:45pm Mehdi Zerouali, Co-Founder and Director of Sigma Prime – Favorite DeFi Vulnerabilities [PDF] [VIDEO]


3:46pm-4:45pm Nick Selby, Michael Lewellen, Mehdi Zerouali, Jan Gorzny, Gonçalo Sa, Anton Permenev, Neville Grech – Auditing Panel [VIDEO]


4:46pm-5:05pm Coffee Break

Session 5:

Tools and Live Demos, Moderator: Kostas Ferles, Principal Scientist, Veridise  
Food and drinks being served


5:06-5:10 Jonathan Alexander, CTO of Openzeppelin – Runtime Threat Detection and Automated Response [PDF] [VIDEO]


5:11pm-5:15pm Michael George, Director of Product at CertoraFormal Verification with the Certora Prover [PDF] [VIDEO]


5:16pm-5:20pm Natalie Chin, Security Engineer, Trail of BitsBuilding secure contracts: How to fuzz like a pro [PDF] [VIDEO]


5:21pm-5:25pm Joran Honig, Security Researcher & Product Lead, ConsenSys Diligence – Scribble in a Nutshell [PDF] [VIDEO]


5:26pm-5:30pm Everett Hildenbrandt, CTO of Runtime Verification – Formal Verification of Foundry Tests [PDF] [VIDEO]

Session 6:

5:31pm-7:30pm Tool workshops Forta, Certora, ConsenSys, Runtime Verification, Foundry, Echidna, Slither, Manticore

Sunday

[Recording]

 

Session 7:

White Hat Hacking, Moderator: Curtis Spencer, Electric Capital


09:00am-09:20am Emiliano Bonassi, DeFi Italy – The Big Red Button: How to Plan and Design for Security Events [PDF] [VIDEO]


09:21am-09:40am Mitchell Amador, CEO of Immunefi – Security Incentives: From Six Figures to Billions in DeFi Bug Bounties [PDF] [VIDEO]


09:41am-10:00am Samczsun, Research Partner at Paradigm, White-Hat Hacker – How Do You Even Write Secure Code Anyways [PDF] [VIDEO]


10:01am-10:20am Emiliano Bonassi, Mitchell Amador, Samczsun – Discussion: White Hat Hacking [VIDEO]


10:21am-10:35am Break

Session 8:

Security 1, Moderator: Dan Robinson, Paradigm


10:36am-10:55am Daniel Von Fange, Senior Engineer, Origin Protocol – How to Understand a Smart Contract Hack [No Slides] [VIDEO]


10:56am-11:15am Christoph Michel, Security Researcher – Price Manipulation Exploits [PDF] [VIDEO]


11:16am-11:35am Tina Qian, Blockchain Security Engineer, Coinbase – Smart Contract Governance [PDF] [VIDEO]


11:36am-11:50pm Daniel Von Fange, Tina Qian, Kurt BarryDiscussion: Security [VIDEO]


11:51pm-12:50pm Lunch Break

Session 9:

Security 2, Moderator: Mitchell Amador, CEO of Immunefi


12:51pm-1:10pm Mudit Gupta, Chief Security Officer at Polygon – TWAP Oracle? No, Thanks. [PDF] [VIDEO]


1:11pm-1:30pm Tarun Chitra, CEO and Co-Founder of Gauntlet – Probabilistic Liquidity Attacks in DeFi [PDF] [VIDEO]


1:31pm-1:50pm Nurit Dor, VP Product at Certora – From High-Level DeFi Properties to Concrete Security Bugs [PDF] [VIDEO]


1:51pm-2:05pm Mudit Gupta, Tarun Chitra, Nurit Dor – Discussion: Security [VIDEO]


2:06pm-2:25pm Break

Session 10: Insurance

Insurance, Moderator: Richard Chen, General Partner, 1confirmation


2:26pm-2:45pm Jack Sanford, Co-Founder of Sherlock Protocol – The Unreasonable Effectiveness of Audit Contests [PDF] [VIDEO]


2:45pm-3:45pm Break

Session 11:

Bridges, Moderator: Mudit Gupta, Chief Security Officer at Polygon


3:46pm-4:05pm Christopher Whinfrey, Co-Founder at Hop Protocol – Securing a Cross-Chain Bridge [PDF] [VIDEO]


4:06pm-4:25pm Ryan Zarick, Co-Founder and CTO of LayerZero Labs – Pre-Crime and Library Upgrades: The Future of Omnichain Security [PDF] [VIDEO]


4:26pm-4:45pm Layne Haber, Research Lead, Connext – Breaking Down Bridge Security Models [PDF] [VIDEO]


4:46pm-5:05pm Yoav Weiss, Security Fellow at the Ethereum Foundation – Breaking Bridges – An Incomplete Sampler of Bridges Hacks [PDF] [VIDEO]


5:06pm-5:25pm Christopher Whinfrey, Ryan Zarick, Layne Haber, Yoav Weiss – Discussion – Bridges [VIDEO]


5:26pm-5:45pm Break

Bird of a feather 5 min. ​talks


Chair – Vanessa Grellet, Managing Partner at Aglaé Ventures


5:46pm-5:50pm Kostas Ferles, Principal Scientist, Veridise – V for Verification: A Unified Service for Secure Blockchains [PDF] [VIDEO]


5:51pm-5:55pm Jesse Tasman, Head of product at Redefine – DeFirewall: Combatting Attacks and Putting an End to “Blind Signing” on DeFi Transactions. A live demo. [PDF] [VIDEO]


5:56pm-6:00pm David Tarditi, VP of Engineering at CertiK – Tools For Supporting Manual Auditing At Scale [PDF] [VIDEO]


6:01pm-6:05pm Denys Ivanov, Hacken COO – What Should the Scope of the Web3 Audit Look Like? [PDF] [VIDEO]


6:01pm-6:05pm Sebastian Bürgel, Founder HOPR – Privacy and Security [VIDEO]

Steering Committee

  1. Jonathan Alexander, OpenZeppelin
  2. Mitchell Amador, Immunefi 
  3. Kurt Barry, MakerDao
  4. Julien Bouteloup, Rekt
  5. Tarun Chitra, Gauntlet 
  6. Maria Christakis, MPI
  7. Isil Dillig, UT Austin
  8. Rajeev, Secureum
  9. Dan Guido,  Trail of bits
  10. Aparna Krishnan, Opyn
  11. Emin Gun Sirer, Cornell University and Ava Labs
  12. John Mardlin, Optimism
  13. John Mitchell, Co-Founder, Stanford University
  14. Sam S, Paradigm
  15. Gonçalo Sá, ConsenSys Diligence
  16. Mooly Sagiv, Co-Founder, Tel Aviv University and Certora
  17. Curtis Spencer, Electric Capital
  18. Kartik Talwar, General Partner ACapital

Accommodation

Hotels close to Stanford include the Sheraton Palo Altothe Stanford Terrace Inn, and others listed in Stanford’s lodging guide.

Register Here


Sponsors

Join the Telegram group

Join on Twitter

Online Monthly Webinars first Wednesday 8-10:30 am PST Starting Nov 3, 2023

Date

Topic

Lecturers

Moderator

Nov 9, 2023

LiquidStaking

Dimitry Tsumak

Eugine Mamin

Drake Evans

January

Client Security

Geth, Nethermind, Besu,
SigmaP

Mudit

January 8, 2024

Cool Defi

Lido, Uniswap V4, Aave

 
 

Collaterals

Aave, Gearbox, 1inch, Euler, Silo

 
 

State Size

Nethermind

 
 

Wallets

Metamask, Safe, 1inch, Cubist, Foredefie, 

Yoav Weiss

 

NFTs

OpenSea, Blur, Astaria

 
 

Hacking

   
 

Auditing

 

Rajeev

 

Operational Security

 

Mudit

 

Fuzzers

Foundry, HardHat, Echidna, MythX

Chandra Nandi

 

Frontend security issues

   
 

Price manipulation attacks

   
 

View reentrancy

   
 

Static analysis

Trail of Bits, Chain security, Dedaub, Certora

 
 

Smart contract languages

Solidity, Vyper, Fei, Rust, Move

 
 

Bridges

LayerZero, Axlar

 
 

Layer2 security issues

   
 

Precompiled Code

   
 

Formal verification

Veridise, Nethermind, RV, Certora. Ottersec

 
 

MEV

   
 

Oracles

   
 

Object Capabilities (Access Control, etc)

Andrew Miller (UIUC), Mark Miller/Dean Tribble/Dan Connolly (Agoric)

 

You have Successfully Subscribed!