DeFi Security 101
July 14th, 2023
LA MAISON DE LA CHIMIE, 28 RUE SAINT-DOMINIQUE, 75007 PARIS, FRANCE
DeFi Security 101 is a one-day intensive course designed for developers to learn about security in web3, which will be held just before the DeFi Security Summit. The course’s objectives are to equip participants with the knowledge and skills needed to engage effectively with the DSS and encourage them to conduct security research. Please note that this is a hands-on technical event, and registration is only open to developers. While in-person tickets are currently available for registration, we also plan to provide a live stream of the event for online participation (details will be announced soon).
The following concepts will be covered in this course:
- Identification and prevention of billion-dollar coding mistakes
- Best security practices in DeFi
- Overview of useful DeFi security tools
- Policies for bug disclosure and mitigation
- Hands-on experience with a Capture the Flag (CTF) exercise
Speakers
Nat Chin, Senior Security Engineer, Trail of Bits
Kurt Barry
Security Researcher,
Fixed Point Solutions LLC
Dimitri Kamenski, Blockchain Security Engineer, Sigma Prime
Tincho, Ethereum Security, The Red Guild
Ernesto Boado, BGD Labs (Aave)
Anton Permenev, Security Engineer, ChainSecurity
Jaroslav Bendik, Senior Researcher, Certora
Joran Honig, Security Researcher & Engineer, Consensys Diligence
Mudit Gupta
CISO at Polygon & Technical Partner, Delta Blockchain Fund
Josselin Feist, Engineering Director, Trail of Bits
Tomer Ganor, Technical Lead of Security Engineering and Research, Certora
Schedule
09:00-10:30 Rajeev, Secureum – A-MAZE-X: Smart Contract Security CTF [View Slides]
10:30-11:00 Nat Chin, Trail of Bits – Smart Contracts: The Beta [View Slides]
11:00-11:10 Coffee break
11:10-11:40 Jaroslav Bendik, Certora – Testing your code on arbitrary states (aka formal verification) [View Slides]
11:40-12:10 Dimitri Kamenski & Richard Skinner, Sigma Prime – Protecting contract upgradeability through sound proxy pattern usage [View Slides]
12:10-12:40 Joran Honig, Consensys Diligence – The road to becoming a web3 security specialist [View Slides]
12:40-13:40 Lunch break
13:40-14:10 Tincho, The Red Guild – How to get started in smart contract security [View Slides]
14:10-14:40 Anton Permenev, Chain Security – DeFi invariants: examples and challenges [View Slides]
14:40-16:10 Josselin Feist, Trail of Bits – Building secure contracts: how to fuzz like a pro [View Slides]
16:10-16:20 Coffee break
16:20- 17:50 Ernesto Boado, BGD labs & Tomer Ganor, Certora – CVL 101 (feat. Aave) [View Slides]
17:50-18:20 Mudit Gupta, Polygon – How to hack a DeFi protocol
18:20-18:50 Kurt Barry, Spearbit & Fixed Point Solutions – Can code be trusted? [View Slides]
Suggested Reading Material
Who can attend
This course is open to individuals with an engineering background who are interested in learning about DeFi security. To maximize your learning experience, we recommend reviewing the suggested materials mentioned above and attempting to solve some well-known CTFs such as Capture the Ether, Ethernaut, and Damn Vulnerable DeFi BEFORE registering for the course.