DeFi Security 101

Lathrop Library, rm 282, 518 Memorial Way, Stanford, August 26

If you are fascinated about code correctness and would like to learn more about DeFi security, you are welcome to attend this one-day hybrid event on the Stanford campus where top security professionals will teach attendees about DeFi security. 

This is a one-day crash course on DeFi security at Stanford, just before DeFi Security Summit. The goals are to prepare students for the DSS event and attract them to perform research in this space.  The course is in-person only.

 

Concepts that will be covered include:

  1. What is DeFi all about?
  2. How to identify and prevent billion-dollar coding mistakes?
  3. What are the best security practices in DeFi?
  4. Useful DeFi security tools
  5. Policies for bug disclosure and mitigation
  6. Practical hands-on experience with a CTF

Schedule (tentative)

09:00-09:45 Anton Permenev, ChainSecurity: DeFi invariants: examples and challenges [PDF]


9:45 – 10:30 Neville Grech, Dedaub: Building the Ultimate Bounty-Hunting Machine [PDF]


10:30-10:45 Coffee break


10:45-11:30 Natalie Chin, Security Engineer, Trail of Bits: Building secure contracts: How to fuzz like a pro [PDF]


11:30-12:15 Mudit Gupta, Polygon: Bridge Security


12:15-13:15 Lunch 


13:15-14:00 Nurit Dor, Certora: Bug finding with the Certora Prover [PDF]

14:00-14:45 Emiliano Bonassi, Rentable: SecOps 101: Security Automation and Incident Response Plan design [PDF]


14:45-15:30 Joran Honig, Consensys Diligence: Initiation to audits – the what and when of starting [PDF]


15:30-16:00 Break


16:00 – 18:30 Secureum a-MAZE-X CTF: Capture-the-Flag with four beginner challenges on Ethereum smart contract security [PDF]

Suggested Reading Material

Who can attend

Anybody with an engineering background who is interested in learning DeFi security can attend. If you want to get more out of the event, please read the above suggested material and attempt to solve some well-known CTFs (e.g. Capture the Ether, Ethernaut, Damn Vulnerable DeFi) BEFORE formally registering.

Accommodation

Hotels close to Stanford include the Sheraton Palo Altothe Stanford Terrace Inn, and others listed in Stanford’s lodging guide.

Registration Closed

[forminator_form id=”440″]

Online Monthly Webinars first Wednesday 8-10:30 am PST Starting Nov 3, 2023

Date

Topic

Lecturers

Moderator

Nov 9, 2023

LiquidStaking

Dimitry Tsumak

Eugine Mamin

Drake Evans

January

Client Security

Geth, Nethermind, Besu,
SigmaP

Mudit

January 8, 2024

Cool Defi

Lido, Uniswap V4, Aave

 
 

Collaterals

Aave, Gearbox, 1inch, Euler, Silo

 
 

State Size

Nethermind

 
 

Wallets

Metamask, Safe, 1inch, Cubist, Foredefie, 

Yoav Weiss

 

NFTs

OpenSea, Blur, Astaria

 
 

Hacking

   
 

Auditing

 

Rajeev

 

Operational Security

 

Mudit

 

Fuzzers

Foundry, HardHat, Echidna, MythX

Chandra Nandi

 

Frontend security issues

   
 

Price manipulation attacks

   
 

View reentrancy

   
 

Static analysis

Trail of Bits, Chain security, Dedaub, Certora

 
 

Smart contract languages

Solidity, Vyper, Fei, Rust, Move

 
 

Bridges

LayerZero, Axlar

 
 

Layer2 security issues

   
 

Precompiled Code

   
 

Formal verification

Veridise, Nethermind, RV, Certora. Ottersec

 
 

MEV

   
 

Oracles

   
 

Object Capabilities (Access Control, etc)

Andrew Miller (UIUC), Mark Miller/Dean Tribble/Dan Connolly (Agoric)

 

You have Successfully Subscribed!