DeFi Security 101

July 14th, 2023

LA MAISON DE LA CHIMIE, 28 RUE SAINT-DOMINIQUE, 75007 PARIS, FRANCE

DeFi Security 101 is a one-day intensive course designed for developers to learn about security in web3, which will be held just before the DeFi Security Summit. The course’s objectives are to equip participants with the knowledge and skills needed to engage effectively with the DSS and encourage them to conduct security research. Please note that this is a hands-on technical event, and registration is only open to developers. While in-person tickets are currently available for registration, we also plan to provide a live stream of the event for online participation (details will be announced soon).

 

The following concepts will be covered in this course:

  1. Identification and prevention of billion-dollar coding mistakes
  2. Best security practices in DeFi
  3. Overview of useful DeFi security tools
  4. Policies for bug disclosure and mitigation
  5. Hands-on experience with a Capture the Flag (CTF) exercise

Speakers

Nat Chin, Senior Security Engineer, Trail of Bits

Kurt Barry
Security Researcher,
Fixed Point Solutions LLC

Dimitri Kamenski, Blockchain Security Engineer, Sigma Prime

Tincho, Ethereum Security, The Red Guild

Rajeev, Founder, Secureum

Anton Permenev, Security Engineer, ChainSecurity

Jaroslav Bendik, Senior Researcher, Certora

Joran Honig, Security Researcher & Engineer, Consensys Diligence

Mudit Gupta
CISO at Polygon & Technical Partner, Delta Blockchain Fund

Josselin Feist, Engineering Director, Trail of Bits

Tomer Ganor, Technical Lead of Security Engineering and Research, Certora

Schedule

09:00-10:30 Rajeev, Secureum – A-MAZE-X: Smart Contract Security CTF  [View Slides]


10:30-11:00 Nat Chin, Trail of Bits – Smart Contracts: The Beta  [View Slides]


11:00-11:10 Coffee break


11:10-11:40 Jaroslav Bendik, Certora – Testing your code on arbitrary states (aka formal verification)  [View Slides]


11:40-12:10 Dimitri Kamenski & Richard Skinner, Sigma Prime  – Protecting contract upgradeability through sound proxy pattern usage [View Slides]


12:10-12:40 Joran Honig, Consensys DiligenceThe road to becoming a web3 security specialist [View Slides]


12:40-13:40 Lunch break

13:40-14:10 Tincho, The Red Guild – How to get started in smart contract security [View Slides]


14:10-14:40 Anton Permenev, Chain Security – DeFi invariants: examples and challenges [View Slides]


14:40-16:10 Josselin Feist, Trail of Bits – Building secure contracts: how to fuzz like a pro [View Slides]


16:10-16:20 Coffee break


16:20- 17:50 Ernesto Boado, BGD labs & Tomer Ganor, Certora – CVL 101 (feat. Aave) [View Slides]


17:50-18:20 Mudit Gupta, Polygon – How to hack a DeFi protocol


18:20-18:50 Kurt Barry, Spearbit & Fixed Point Solutions – Can code be trusted? [View Slides]

Suggested Reading Material

Who can attend

This course is open to individuals with an engineering background who are interested in learning about DeFi security. To maximize your learning experience, we recommend reviewing the suggested materials mentioned above and attempting to solve some well-known CTFs such as Capture the Ether, Ethernaut, and Damn Vulnerable DeFi BEFORE registering for the course.