DeFi Security 101
Master the basics of web3 security with hands-on workshops
November 7th, 2024
Queen Sirikit National Convention Center, BANGKOK, THAILAND
Schedule
Nov 7. DeFi 101
📍 Main Stage
09:00 - 10:00 - Teaching Smart Contract Security Through Damn Vulnerable DeFi v4 | Tincho (The Red Guild)
Abstract:
This workshop uses the latest Damn Vulnerable DeFi v4 challenges to teach smart contract security. Attendees will work through new scenarios to uncover vulnerabilities and explore step-by-step solutions. Each exercise offers insights into identifying and addressing security flaws in DeFi protocols, making this a practical session for anyone looking to strengthen their skills in smart contract security.
10.10 - 12:10 - Finding Bugs: 42 Tips from 4 Security Researchers | Desmond, Joran, Nat, 0xRajeev
Abstract:
Billions of dollars are at risk, and protocols spend millions on security through audits and bug bounties. Have you ever wondered how you can become a top security researcher securing these billions? In this workshop, 4 recognized security researchers share their experiences on smart contract security with practical tools & techniques to find & report vulnerabilities. Security researchers, even aspirational ones, can take away some key advice to improve their smart contract security skills.
13:10 - 14:10 - Kontrol Unlocked: Foundry-based Formal Verification for 10x Devs and Auditors | Juan Conejero (Runtime Verification)
Abstract:
Join us to formally verify real-world code in our Kontrol-by-example workshop! We share insights and techniques used by Runtime Verification to achieve top-notch smart contract security. Learn to write symbolic Foundry tests with Kontrol, all within Solidity. This hands-on session covers tips and tricks for using Kontrol on large-scale projects, math functions, and common smart contract code. Attendees will get actionable knowledge of using formal verification for the best security guarantees.
14:10 - 15:10 - Workshop on secure development of smart contract systems | Elliot Friedman (Solidity Labs)
Abstract:
In this workshop, participants will explore secure development practices for building robust smart contract systems. We’ll start with a high-level overview of the security stack and move into hands-on coding by building an example application. This process begins with intentionally buggy code containing subtle vulnerabilities, giving attendees the chance to identify and resolve issues step-by-step.
The workshop will cover a range of security tools, starting with unit and integration testing for easily detectable bugs, and progressing to advanced techniques like fuzzing, symbolic execution, and formal verification for harder-to-find vulnerabilities.
15:20 - 16:20 - Leveraging knowledge to transition between blockchain stacks | Jonatas Martines (Spearbit)
Abstract:
As blockchain ecosystems diversify, developers are often faced with the challenge of learning new stacks to stay adaptable. This talk will explore how a Solidity and Ethereum background can be leveraged to quickly master a new blockchain stack, specifically Rust and Solana, while laying a framework that can apply to other chains as well. Attendees will gain a foundational understanding of Rust and Solana’s principles, illustrated through direct connections to Solidity and Ethereum. By focusing on core concepts that translate across chains, this session offers a practical roadmap for developers looking to expand their skills beyond Ethereum.
16.20 - 17:20 - Intro to the Lean Theorem Prover | Jakob von Raumer (Lindy Labs)
Abstract:
We’ll walk through examples that showcase Lean’s potential, especially in formal verification.
17:20 - 17:40 - Capture the Spec (Competition) | Tomer Ganor (Certora)
Details:
Are you ready to showcase your skills in writing secure, correct Solidity smart contracts and get rewarded for it?
Join our three-day competition, starting November 7, to deepen your expertise in Solidity and formal verification, either in person or remotely.
In this challenge, you’ll receive a smart contract interface, a multi-sig wallet, and a formal specification in the Certora Verification Language (CVL), containing rules and invariants that define the contract’s behavior. Your task is to reverse-engineer a Solidity contract that efficiently satisfies the specification. Run the Certora Prover to ensure all rules and invariants are verified in your implementation.
This competition is an opportunity to sharpen your skills and dive deeper into formal methods for Solidity.
Start Date: Nov 7
End Date: Nov 9
Rewards:
- The first 3 submissions that verify all rules and invariants will be rewarded $1000.
- If no person or team manages to verify all rules, the person or team satisfying the highest number of rules and invariants will be rewarded $1000.
- If multiple people solve the highest number of rules using different original solutions, they will all be rewarded.
The following concepts will be covered in this course:
- Tools and techniques for identifying vulnerabilities in Ethereum smart contracts.
- Bug detection methods using unit tests, fuzzing, symbolic execution, and formal verification.
- Transitioning between blockchain ecosystems, from Solidity/Ethereum to Rust/Solana, with a focus on key concepts and similarities.
👩🏻💻 Who should attend
📚 Suggested Reading Material
✍️ Registration Links
Secure your spot now! Register for DeFi 101
Interested in attending the full summit? Register for DeFi Security Summit