DeFi Security 101

Master the basics of web3 security with hands-on workshops

November 7th, 2024

Queen Sirikit National Convention Center, BANGKOK, THAILAND

Schedule

Nov 7. DeFi 101

📍 Main Stage

09:00 - 10:00 - Teaching Smart Contract Security Through Damn Vulnerable DeFi v4 | Tincho (The Red Guild)

Speaker:

Tincho

Abstract:

This workshop uses the latest Damn Vulnerable DeFi v4 challenges to teach smart contract security. Attendees will work through new scenarios to uncover vulnerabilities and explore step-by-step solutions. Each exercise offers insights into identifying and addressing security flaws in DeFi protocols, making this a practical session for anyone looking to strengthen their skills in smart contract security.

10:00-10:10 – Break

10.10 - 12:10 - Finding Bugs: 42 Tips from 4 Security Researchers | Desmond, Joran, Nat, 0xRajeev

Speakers:

Desmond, Joran, Nat, 0xRajeev

Abstract:
Billions of dollars are at risk, and protocols spend millions on security through audits and bug bounties. Have you ever wondered how you can become a top security researcher securing these billions? In this workshop, 4 recognized security researchers share their experiences on smart contract security with practical tools & techniques to find & report vulnerabilities. Security researchers, even aspirational ones, can take away some key advice to improve their smart contract security skills.

12:10-13:10 – Lunch

13:10 - 14:10 - Kontrol Unlocked: Foundry-based Formal Verification for 10x Devs and Auditors | Juan Conejero (Runtime Verification)

Speakers:

Juan Conejero

Abstract:
Join us to formally verify real-world code in our Kontrol-by-example workshop! We share insights and techniques used by Runtime Verification to achieve top-notch smart contract security. Learn to write symbolic Foundry tests with Kontrol, all within Solidity. This hands-on session covers tips and tricks for using Kontrol on large-scale projects, math functions, and common smart contract code. Attendees will get actionable knowledge of using formal verification for the best security guarantees.

14:10 - 15:10 - Workshop on secure development of smart contract systems | Elliot Friedman (Solidity Labs)

Speaker:

Elliot Friedman

Abstract:

In this workshop, participants will explore secure development practices for building robust smart contract systems. We’ll start with a high-level overview of the security stack and move into hands-on coding by building an example application. This process begins with intentionally buggy code containing subtle vulnerabilities, giving attendees the chance to identify and resolve issues step-by-step.

The workshop will cover a range of security tools, starting with unit and integration testing for easily detectable bugs, and progressing to advanced techniques like fuzzing, symbolic execution, and formal verification for harder-to-find vulnerabilities.

15:10-15:20 – Break

15:20 - 16:20 - Leveraging knowledge to transition between blockchain stacks | Jonatas Martines (Spearbit)

Speakers:

Jonatas Martines

Abstract:

As blockchain ecosystems diversify, developers are often faced with the challenge of learning new stacks to stay adaptable. This talk will explore how a Solidity and Ethereum background can be leveraged to quickly master a new blockchain stack, specifically Rust and Solana, while laying a framework that can apply to other chains as well. Attendees will gain a foundational understanding of Rust and Solana’s principles, illustrated through direct connections to Solidity and Ethereum. By focusing on core concepts that translate across chains, this session offers a practical roadmap for developers looking to expand their skills beyond Ethereum.

16.20 - 17:20 - Intro to the Lean Theorem Prover | Jakob von Raumer (Lindy Labs)

Speaker:

Jakob Von Raumer

Abstract:

We’ll walk through examples that showcase Lean’s potential, especially in formal verification.

17:20 - 17:40 - Capture the Spec (Competition) | Tomer Ganor (Certora)

Speaker:

Tomer Ganor

Details:

Are you ready to showcase your skills in writing secure, correct Solidity smart contracts and get rewarded for it?

Join our three-day competition, starting November 7, to deepen your expertise in Solidity and formal verification, either in person or remotely.

In this challenge, you’ll receive a smart contract interface, a multi-sig wallet, and a formal specification in the Certora Verification Language (CVL), containing rules and invariants that define the contract’s behavior. Your task is to reverse-engineer a Solidity contract that efficiently satisfies the specification. Run the Certora Prover to ensure all rules and invariants are verified in your implementation.

This competition is an opportunity to sharpen your skills and dive deeper into formal methods for Solidity.

Start Date: Nov 7 

End Date: Nov 9 

Rewards:

  • The first 3 submissions that verify all rules and invariants will be rewarded $1000. 
  • If no person or team manages to verify all rules, the person or team satisfying the highest number of rules and invariants will be rewarded $1000. 
  • If multiple people solve the highest number of rules using different original solutions, they will all be rewarded.
DeFi Security 101 is a one-day intensive course specifically designed for developers who wish to deepen their understanding of web3 security. Held on the first day of the DeFi Security Summit, this course provides a strong foundation, equipping participants with the necessary knowledge and skills to engage effectively with the Summit and the broader web3 security space. Whether you’re new to security or looking to sharpen your skills, this hands-on technical event is the perfect start to your web3 security journey.
 

The following concepts will be covered in this course:

  1. Tools and techniques for identifying vulnerabilities in Ethereum smart contracts.
  2. Bug detection methods using unit tests, fuzzing, symbolic execution, and formal verification.
  3. Transitioning between blockchain ecosystems, from Solidity/Ethereum to Rust/Solana, with a focus on key concepts and similarities.

👩🏻‍💻 Who should attend

This course is open exclusively to developers who are interested in learning about web3 security. No prior experience in DeFi is required, but a basic understanding of web development is recommended.

✍️ Registration Links

DeFi 101 can be attended separately from the full DeFi Security Summit. The price for this one-day event is $25. Participants who wish to attend the full Summit should purchase the All Access tickets.

Secure your spot now! Register for DeFi 101

Interested in attending the full summit? Register for DeFi Security Summit