Second DeFi Security Summit
July 15th & 16th 2023
After an overwhelming response to the first DeFi Security Summit at Stanford, we’re thrilled to be back with the second iteration. This year we will convene at the historic La Maison de la Chimie in Paris, France for two full days directly preceding EthCC.
Over the course of two days, we will hear from the world’s leading DeFi security researchers, auditors, and hackers on how they are working to stay one step ahead – and how you can too. We’ll explore some of the biggest exploits, and dive into practical ways that you can integrate tools and techniques to prevent these types of attacks and increase security coverage for your code.
Since our last summit, we’ve continued to see novel DeFi hacks that have led to billions of dollars of losses. Preventing and mitigating these attacks is critical not only for protecting existing users, but for the success and growth of DeFi as a whole.
Schedule
Saturday
08:30-09:00 Opening – John Mitchell & Mooly Sagiv, Co-Founders of the DeFi Security Summit
Session 1: DeFi Protocols 1
Session chair – Merlin Egalité, Morpho
09:01-09:20 Eugene Pshenichny, Lido – Lido v2 upgrade from a security perspective [View Slides]
09:21-09:40 Anton Permenev, Security Engineer, ChainSecurity – DeFi invariants: examples and challenges [View Slides]
09:41-10:00 Peter Kacherginsky, Blockchain Threat Researcher, Coinbase – The State of DeFi Security
10:01-10:15 Coffee break
Session 2: DeFi Protocols 2
Session chair – Eugene Pshenichny, Lido
10:16-10:35 Mikhail Lazarev, Inventor & CTO, Gearbox Protocol – Continuous Management & Continuous Delivery [View Slides]
10:36-10:55 Quentin Garchery, Protocol researcher, Morpho Labs – Formally verifying Morpho [View Slides]
10:56-11:15 Daniel Von Fange, Security Engineer, Origin Protocol – Safe Upgrades: The most dangerous game [View Slides]
11:15-11:30 Break
Session 3: Network & VM
Session chair – Mikhail Lazarev, Inventor & CTO, Gearbox Protocol
11:31-11:50 Yoav Weiss, Security Fellow, Ethereum Foundation and Oren Fine, Co-Founder and CTO, SphereX – Masquerading code in Etherscan [View Slides]
11:51-12:10 Alex Manuskin, PM & blockchain researcher, Starkware – Unchained Starknet Security [View Slides]
12:11-12:30 Hari Mulackal, Co-founder, Spearbit – EVM Design Mistakes [View Slides]
Lunch break and sponsor interviews
12:31-13:30
Interviews:
12:31 – Trail of Bits
12:41 – Sigma Prime
12:51 – Lido
13:01 – Polygon
13:11 – Electric Capital
13:21 – Certora
Session 4: AI Panel
13:31-14:15
Moderator:
Curtis Spencer, Co-Founder, ElectricCapital
Panelists:
Chris Hart, CEO, Civic Technologies
Joe Van Loon, CEO, Auditware
Session 5: Economic Risks Panel
14:16-15:00
Moderator:
Tarun Chitra, CEO, Gauntlet
Panelists:
Alex Marx, Web3 Risk Consultant, former Analyst at Coinbase
Marijo Radman, Co-Founder & CTO, Solity Network
Primoz Kordez, Founder, Block Analitica
15:01-15:15 Break
Session 6: Tools Panel
15:16-16:15
Moderator:
Fraser Brown, CTO, Cubist and Assistant Professor, Carnegie Mellon University
Panelists:
Uri Kirstein, Developer relations and developer, Certora
16:16-16:30 Coffee break
Session 7: Monitoring Panel
16:31-17:30
Moderator:
Panelists:
Alexander Seleznev
Carlos Salort Sanchez
Domantas Pelaitis
Gal Sagie
Meir Dolev
Yajin (Andy) Zhou
Yaniv Nissenboim, Co-Founder & CEO, Hexagate
17:31-17:45 Break
Session 8: Wallets Panel
17:46-18:45
Moderator:
Francesco Andreoli, Developer Relations Manager, ConsenSys/MetaMask
Panelists:
Clément Bihorel, Product Lead, Safe (Core)
Dima Kogan, Cofounder & CTO, Fordefi
Riad Wahby, CEO, Cubist & Assistant Professor, Carnegie Mellon University
Shahar Madar, Head of Security Products, Fireblocks
Taariq Lewis, Founder & CEO, Volume Finance
Yoav Weiss, Security Fellow, Ethereum Foundation
18:46-19:00 Drinks and snacks break
Snacks and drinks will be served until 21:00
Session 9: Focused Talks 1
Session chair –
19:01-19:10 Or Dadosh
19:11-19:20 Gal Sagie,
19:21-19:30 Andrew Beal, Ecosystem Lead, Forta Foundation – Web3 Threat Intelligence: What is it, how we get it, and how you can use it [View Slides]
19:31-19:40 Herman Junge
19:41-19:50 Liyi Zhou
19:51-20:00 Andres Monty, Founder and CEO, Range – Mitigative measures for bridge exploits: With an emphasis on the Cosmos ecosystem and IBC [View Slides]
20:00-20:15 Cocktail Break
Session 10: Focused Talks 2
Session chair – Mudit Gupta, CISO at Polygon & Technical Partner, Delta Blockchain Fund
20:16-20:25 Yaron Velner,
20:26-20:35 Picodes, Co-founder & CTO, Angle Labs – Assessing Risks for Stablecoin Protocols [View Slides]
20:36-20:45 Gary Thung
20:46-20:55 Riad Wahby, CEO, Cubist & Assistant Professor, Carnegie Mellon University – No Silver Bullet: A brief survey of key management technology [View Slides]
20:56-21:05 Kang Li, CTO, CertiK – Unpacking Move VM Security: Expected Guarantees and Implementation Pitfalls [View Slides]
21:06-21:15 Justin Jacob, Blockchain Security Engineer, Trail of Bits – Cairo 1.0: Differences and Security Considerations [View Slides]
Sunday
Session 11: Focused Talks 3
Session chair – Isaiah Wash, Coinfund
08:30-08:40 Mark Toda, Protocol Engineer, Uniswap Labs – Flash Everything with TSTORE: Uniswap V4 Architecture Overview – Singleton & Flash Accounting [View Slides]
08:41-08:50 Jeremiah Smith, Co-founder and CEO,
OpenCover – The state of DeFi insurance [View Slides]
08:51-09:00 Break
Session 12: Vulnerabilities & Exploits
Session chair –
09:01-09:20 Andrei Kozlov, Co-Founder of BGD Labs – Security challenges of Aave Governance v3 [View Slides]
09:21-09:40 Hossam Mohamed, Senior Security Architect, Halborn – Breaking Digital Asset Custody Solutions [View Slides]
09:41-10:00 Xin Wan, Research Scientist at Uniswap Labs – Economics Security Of Onchain Oracles [View Slides]
10:01-10:20 Matthias Egli, Co-Founder & CTO, ChainSecurity – Deployment Validation and the Introduction of the DVF Standard: Enhancing the Security and Accountability of Blockchain Projects [View Slides]
10:21-10:40 Dmitry Khovratovich, Cryptographer at Ethereum Foundation & Founder of ABDK Consulting – Zero Knowledge Security in DeFi and elsewhere [View Slides]
10:41-10:55 Break
Session 13: Monitoring & Incident Response
Session chair –
10:56-11:15 Yajin (Andy) Zhou, CEO of BlockSec and Professor of Zhejiang University – Securing Web3 Through Proactive Threat Prevention [View Slides]
11:16-11:35 Adrian Hetman, Tech Lead of Triaging, Immunefi – How Immunefi is fighting for you behind the scenes [View Slides]
11:36-11:55 Heidi Wilder, Lead Blockchain Security Research, Coinbase – Rekt pilled: What to do when your dApp gets pwned and how to stay kalm [View Slides]
11:56-13:00 Lunch Break
Session 14: Formal Verification
Session chair – Yannis Smaragdakis
13:01-13:20 Netanel Rubin-Blaier, Security Engineer, Certora – Improving the Security of DeFi Math Libraries [View Slides]
13:21-13:40 Palina Tolmach, Verification Engineer,
Runtime Verification – Towards Adoption of Symbolic Execution for DeFi Security [View Slides]
13:41-14:25 Formal Verification Panel
Moderator:
Kurt Barry, Security Researcher, Fixed Point Solutions LLC
Panelists:
Fraser Brown, CTO, Cubist and Assistant Professor, Carnegie Mellon University
Ghila Castelnuovo, R&D Director, Certora
Grigore Rosu, CEO, Runtime Verification
Jon Stephens, CTO, Veridise
14:26-14:40 Break
Session 15: Bridges Panel
14:41-15:25
Moderator:
Mudit Gupta, CISO at Polygon & Technical Partner, Delta Blockchain Fund
Panelists:
Hugo Philion, Co-Founder & CEO, Flare Network
Irene Wu, Head of Strategy, LayerZero Labs
Robert Chen, CEO, OtterSec
Valerian Callens, Senior Research Engineer, Quantstamp
Yosuke Aramaki, Optimistic x Liquidity less bridge, Pheasant Network
Session 16: Audits: Conventional vs Community Panel
15:26-16:25
Moderator:
Rajeev, Founder, Secureum
Panelists:
Gonçalo Sá, Co-founder, Consensys Diligence
Hari Mulackal, Co-founder, Spearbit
Jack Sanford, Co-Founder, Sherlock
Josselin Feist, Engineering Director, Trail of Bits
Mehdi Zerouali, Cofounder & Director, Sigma Prime
Mitchell Amador, CEO, Immunefi
Sock, Primary Sock, Code4rena
16:26-16:40 Break
Session 17: Focused Talks 3
Session chair – Mudit Gupta, CISO at Polygon & Technical Partner, Delta Blockchain Fund
16:41-16:50 Ren Crypto Fish, Engineer, Electric Capital – State of Audits [View Slides]
16:51-17:00 Zeeshan Meghji, Auditing Engineer, Quantstamp –The Largest Hacks of 2023 [View Slides]
17:01-17:10 Yaniv Nissenboim, Co-Founder & CEO, Hexagate – Building a Strong Defense: Best Practices for Securing Web3 Protocols [View Slides]
17:11-17:20 Felix Wegener, Security Services Manager (EMEA), OpenZeppelin – 100% test coverage but 0% security? [View Slides]
17:21-17:30 Jack Sanford,
17:31-17:40 Marc Weiss, Security Researcher, Paladin Security & Ambit Finance – Importance of Researchers/Auditors at the core of development of a DeFi protocol [View Slides]
17:41-17:55 Break
Session 18: Focused Talks 4
Session chair – Gonçalo Sá,
17:56-18:05 Noah Jelic, Lead Solidity Smart Contract Auditor, Hacken – Honeypots – Hacker traps on the blockchain [View Slides]
18:06-18:15 Fabrizio Romano Genovese, 20squares – Taking Compositionality Seriously [View Slides]
18:16-18:25 Martin Derka, Head of New Initiatives, Quantstamp – Automated Flash Loan Attack Synthesis [View Slides]
18:26-18:35 Alon Ram, Co-Founder & CTO, Redefine –Cracking the Code: Uncovering DeFi Scams with Symbolic Execution [View Slides]
18:36-18:45 Antonio Viggiano
18:46-18:55 Irene Wu,
18:56 Closing
Speakers
Francesco Andreoli, Developer Relations Manager, ConsenSys/MetaMask
Yosuke Aramaki
Tech Lead,
Pheasant Network
Kurt Barry
Security Researcher,
Fixed Point Solutions LLC
Andrew Beal
Ecosystem Lead,
Forta Foundation
Bhargav Bhatt
Research Engineer,
Web3 Foundation
Clément Bihorel
Product Lead,
Safe(Core)
Ernesto Boado,
BGD Labs
(Aave)
Fraser Brown, CTO, Cubist
Assistant Professor, Carnegie Mellon University
Lucas Martin Calderon
Founder & CEO,
Pentestify
Valerian Callens
Senior Research Engineer,
Quantstamp
Ghila Castelnuovo
R&D Director,
Certora
Nat Chin
Senior Security Engineer,
Trail of Bits
Ren Crypto Fish
Engineer,
Electric Capital
Or Dadosh
Co Founder & CEO,
Ironblocks
Martin Derka
Head of New Initiatives,
Quantstamp
Meir Dolev
Co-Founder & CTO,
Cyvers.AI
Matthias Egli
Co-Founder & CTO,
ChainSecurity
Josselin Feist
Engineering Director,
Trail of Bits
Quentin Garchery
Protocol researcher,
Morpho Labs
Mudit Gupta
CISO at Polygon & Technical Partner, Delta Blockchain Fund
Adrian Hetman
Tech Lead of Triaging,
Immunefi
Justin Jacob
Blockchain Security Engineer,
Trail of Bits
Noah Jelich
Lead Solidity Smart Contract Auditor, Hacken
Herman Junge
Lead Security Technical Manager, MetaMask
Peter Kacherginsky
Blockchain Threat Researcher,
Coinbase
Dmitry Khovratovich
Cryptographer at Ethereum Foundation & Founder of ABDK Consulting
Uri Kirstein
Developer relations and developer,
Certora
Dima Kogan
Cofounder & CTO,
Fordefi
Primoz Kordez
Founder,
Block Analitica
Andrei Kozlov
Co-founder,
BGD Labs (AAVE)
Mikhail Lazarev
Inventor & CTO,
Gearbox Protocol
Taariq Lewis
Founder & CEO,
Volume Finance
Dr. Kang Li
CTO,
CertiK
Zeeshan Meghji
Auditing Engineer,
Quantstamp
Spencer MacDonald
Co-founder
Spearbit
Shahar Madar
Head of Security Products, Fireblocks
Alex Manuskin
PM & blockchain researcher, StarkWare
Alex Marx
Trust & Reputation Lead Gitcoin DAO, formerly Risk Analyst at Coinbase
John Mitchell
Professor of Computer Science, Stanford University
Hossam Mohamed
Senior Security Architect,
Halborn
Andres Monty
Founder and CEO,
Range
Hari Mulackal
Co-founder,
Spearbit
Yaniv Nissenboim
Co-Founder & CEO,
Hexagate
Anton Permenev
Security Engineer,
ChainSecurity
Hugo Philion
Co-Founder & CEO,
Flare Network
Picodes
Co-founder & CTO,
Angle Labs
Eugene Pshenichnyy
Tech Lead,
Lido
Marijo Radman
Co-Founder & CTO,
Solity Network
Netanel Rubin-Blaier
Security Engineer,
Certora
Carlos Salort Sanchez
Senior Data Scientist,
Forta Foundation
Jack Sanford
Co-Founder,
Sherlock
Yannis Smaragdakis
Co-Founder,
Dedaub
Jeremiah Smith
Co-founder and CEO,
OpenCover
Curtis Spencer
Co-Founder,
Electric Capital
Gary Thung
Software Engineer,
Electric Capital
Mark Toda
Protocol Engineer,
Uniswap Labs
Palina Tolmach
Verification Engineer,
Runtime Verification
Yaron Velner
Founder,
B. Protocol
Antonio Viggiano
Independent Security Researcher
Daniel Von Fange
Security Engineer,
Origin Protocol
Riad Wahby CEO, Cubist
Assistant Professor, Carnegie Mellon University
Assaf Eli
Co-Founder & CTO,
Ironblocks
Xin Wan
Research Scientist,
Uniswap Labs
Felix Wegener
Security Services Manager (EMEA), OpenZeppelin
Marc Weiss
Security Researcher
Paladin Security & Ambit Finance
Yoav Weiss
Security Fellow,
Ethereum Foundation
Heidi Wilder
Lead Blockchain Security Research,
Coinbase
Isaiah Washington
Investor,
CoinFund
Irene Wu
Head of Strategy,
LayerZero Labs
Gonçalo Sá
Co-founder,
Consensys Diligence
Mehdi Zerouali
Cofounder & Director,
Sigma Prime
Yajin (Andy) Zhou
CEO of BlockSec and Professor of Zhejiang University
Merlin Egalité
Engineering Lead,
Morpho Labs
Maison de la Chimie
Steering Committee
- Jonathan Alexander, OpenZeppelin
- Mitchell Amador, Immunefi
- Kurt Barry, Fixed Point Solutions
- Fraser Brown, Cubist
- Julien Bouteloup, Rekt
- Tarun Chitra, Gauntlet
- Maria Christakis, MPI
- Isil Dillig, UT Austin
- Josselin Feist, Trail of bits
- Arthur Gervais, UCL
- Byron Gibson, Co-founder
- Chandrakana Nandi, Certora
- Rajeev, Secureum
- Grigore Rosu, Runtime Verification
- Dan Guido, Trails of bits
- Philipp Jovanovic, UCL
- Aparna Krishnan, Opyn
- Emin Gun Sirer, Cornell University and Ava Labs
- John Mardlin, Optimism
- John Mitchell, Co-Founder, Stanford University
- Sam S, Paradigm
- Gonçalo Sá, ConsenSys Diligence
- Mooly Sagiv, Co-Founder, Tel Aviv University and Certora
- Curtis Spencer, Electric Capital
- Kartik Talwar, General Partner ACapital