DeFi Security 101

Lathrop Library, rm 282, 518 Memorial Way, Stanford, August 26

Preceding DeFi Summit

Registration Closed

If you are fascinated about code correctness and would like to learn more about DeFi security, you are welcome to attend this one-day hybrid event on the Stanford campus where top security professionals will teach attendees about DeFi security. 

This is a one-day crash course on DeFi security at Stanford, just before DeFi Security Summit. The goals are to prepare students for the DSS event and attract them to perform research in this space.  The course is in-person only.

 

Concepts that will be covered include:

  1. What is DeFi all about?
  2. How to identify and prevent billion-dollar coding mistakes?
  3. What are the best security practices in DeFi?
  4. Useful DeFi security tools
  5. Policies for bug disclosure and mitigation
  6. Practical hands-on experience with a CTF

Schedule (tentative)

09:00-09:45 Anton Permenev, ChainSecurity: DeFi invariants: examples and challenges [PDF]

9:45 – 10:30 Neville Grech, Dedaub: Building the Ultimate Bounty-Hunting Machine [PDF]

10:30-10:45 Coffee break

10:45-11:30 Natalie Chin, Security Engineer, Trail of Bits: Building secure contracts: How to fuzz like a pro [PDF]

11:30-12:15 Mudit Gupta, Polygon: Bridge Security

12:15-13:15 Lunch 

13:15-14:00 Nurit Dor, Certora: Bug finding with the Certora Prover [PDF]

14:00-14:45 Emiliano Bonassi, Rentable: SecOps 101: Security Automation and Incident Response Plan design [PDF]

14:45-15:30 Joran Honig, Consensys Diligence: Initiation to audits – the what and when of starting [PDF]

15:30-16:00 Break

16:00 – 18:30 Secureum a-MAZE-X CTF: Capture-the-Flag with four beginner challenges on Ethereum smart contract security [PDF]

organisers

Mudit Gupta

Shamiq Islam

John Mitchell

Curtis Spencer

Rajeev

Mooly Sagiv

Suggested Reading Material

  1. Ethereum Foundation Developer Material
     
  2. Secureum Reading Material on Ethereum Smart Contract Security
     
  3. Tools
    1. Slither
    2. Echidna
    3. Manticore
    4. MythX
    5. The Certora Prover

Who can attend

Anybody with an engineering background who is interested in learning DeFi security can attend. If you want to get more out of the event, please read the above suggested material and attempt to solve some well-known CTFs (e.g. Capture the Ether, Ethernaut, Damn Vulnerable DeFi) BEFORE formally registering.

Accommodation

Hotels close to Stanford include the Sheraton Palo Altothe Stanford Terrace Inn, and others listed in Stanford’s lodging guide.

Registration Closed

defi101@defisecuritysummit.org