First Annual DeFi Security Summit

Stanford , United States

About First Annual DeFi Security Summit

DeFi is an emerging suite of applications for decentralized asset management over blockchain technology. DeFi is becoming a major economic vehicle in modern society. The Ethereum blockchain alone already manages more than 235 billion USD worth of assets. One of the basic principles behind DeFis is that the code is law and computer programs called smart contracts that run on the blockchain dictate the conditions and the effects for asset transactions. This groundbreaking idea has many desirable benefits that originate from trust-minimizing and immutable aspects of decentralized public blockchains. However, vulnerabilities in smart contracts and in their applications may be exploited to steal or deny access to assets managed by them. Mitigation and prevention of such damages are challenging and require new software development and security design methodologies. Hundreds of millions in USD value have already been lost due to vulnerabilities in smart contracts. Therefore, smart contract security is a significant concern for DeFi applications.


Grigore Rosu
Educator. Entrepreneur. Runtime verification. K framework
Duncan Townsend
CTO and Security Researcher at Immunefi
Christopher Whinfrey
Co-Founder at Authereum
Mehdi Zerouali
Co-founder and Director of Sigma Prime
Kurt Barry
Smart Contract Specialist at Fixed Point Solutions LLC
Emiliano Bonassi
DeFi Italy
View More (15)
Julien Bouteloup
Founder of Rekt, Blackpool & Stake DAO. Curve Team Member
Tarun Chitra
CEO and Co-Founder at Gauntlet
Nurit Dor
VP Product at Certora
Jared Flatow
VP of Engineering at Compound Labs
Emilio Frangella
Head of Smart Contracts at Aave
Dan Guido
Co-Founder & CEO of Trail of Bits
Mudit Gupta
Security Researcher, Delta Blockchain Fund
Founder of Nexus Mutual
Researcher at Ethereum Foundation Principal Cryptographer at Dusk Network Founder of ABDK Consulting
Michael Lewellen
Security Project Manager, OpenZeppelin
Richard Ma
John Mardlin
Security Engineer at Optimism
Christoph Michel
Security Researcher
Gonçalo Sá
CoFounder and Security Researcher Consensys Diligence
Jack Sanford
Co-Founder at Sherlock Protocol


Saturday, Jan 22
8:30-09:00 Opening

09:00-10:30 Session 1: Protocols Chair: Aparna Krishnan, Opyn

09:00-09:25 Kurt Barry, MakerDao – Maker’s safety and security practices

09:26-09:50 Jared Fatelow, VP of Engineering at Compound Labs – Secure by Design

09:51-10:15 Emlio Frangella, Head of Smart Contracts at Aave – The butterfly effect – How simple oversights turn into smart contract nightmares

10:15-10:30 Discussion

10:30-10:45 Coffee Break

10:45-12:00 Session 2: Auditors Part 1 Chair: Emilio Frangella, Aave

10:45-11:10 Dmitry Khovratovich, ABDK – audits of circuits for zero-knowledge proofs

11:11-11:35 Richard Ma ,CEO – Quantstamp – Flash Loans in the Wild: An Analysis of Attacks & Possible Mitigations

11:36-12:00 Goncalo Sa, CoFounder and Security Researcher, Consensys Diligence – Clear as mud – How compilers look like VMs

12:00-13:00 Lunch Break

13:00-14:45 Sesion 3: Auditors Part 2 and discussion Chair: Kurt Berry, MakerDao

14:45-15:05 Dan Guido, Co-Founder & CEO of Trail of Bits – A profile of causes for early bug death,

15:06-15:30 Michael Lewellen, Security Project Manager, OpenZeppelin Lessons –Learned from 5 Years of Ethereum Security Incidents

15:31-15:25 Mehdi Zerouali, Co-founder and Director of Sigma Prime` – Sigma Prime’s Favorite DeFi Vulnerabilities

15:26-15:50 Discussion on Auditing with all auditors

14:45-15:00 Coffee Break

15:00 -16:05 Session 4: Bridges Chair

15:00-15:25 John Mardlin, Security Engineer at Optimism – A review of Bridge contract vulnerabilities

15:26-15:50 Christopher Whinfrey, Co-Founder at Authereum – Cross-chain Security

15:50-16:05 Discussion on bridges

16:05-16:30 Coffee Break


16:30-18:00 Session 5: Tool workshops open

18:00-19:00 Dinner

19:00-21:00 Bird of a feather ideas (with wine and cheese) Chair: John Mitchell

Sunday, Jan 23
09:00-10:30 Session 6: White Hat Hacking Chair: Curtis Spencer, Electric Capital

09:00-09:25 Emiliano Bonassi, DeFi Italy

09:26-09:50 Duncan Townsend, CTO and Security Researcher at Immunefi – Bug Bounty Success Stories: War Rooms and New Vulnerability Classes

09:50-10:15 Sam Sun – How do you even write secure code anyways

10:15-10:30 Discussion

10:30-10:45 Break

10:45-12:15 Session 7: Security 1 Chair: Dan Robinson, Paradigm

10:45-11:10 Julien Bouteloup, Founder of Rekt, Blackpool & Stake DAO. Curve Team Member – DeFi Freemason Reptilian

11:11-11:35 Christoph Michel, Security Researcher – Price manipulation exploits

11:35-12:00 Mudit, Security Researcher, Delta Blockchain Fund – TWAP Oracle Manipulation Risks

12:00-13:30 Lunch Break

13:30-15:00 Session 8: Security 2 Chair: Mitchell Amador, Immunefi

13:30-13:55 BoringCrypto – Price manipulation exploits

13:56-14:20 Tarun Chitra, CEO and Co-Founder at Gauntlet – Probabilistic Liquidity Attacks in DeFi

14:21-14:45 Nurit Dor, VP Product at Certora – From high-level DeFi properties to concrete security bugs

14:45-15:00 Discussion

15:00-15:30 Break

15:30-16:35 Insurance Chair: Richard Chen, 1confirmation

15:30-15:55 Hugh Karp, Founder of Nexus Mutual Security Concerns from a User Perspective

15:56-16:20 Jack Sanford, Co-Founder at Sherlock Protocol

16:20-16:35 Discussion

16:35-18:00 Panel on tools Moderator: Kartik Agarwal; Dan Guido, Paradigm; Goncalo Sa, Consensys Diligence; Grigore Rossu, Runtime Verification; Mooly Sagiv, Co-Founder, Tel Aviv University and Certora

18:00- Reception and DSS’23


Jan 22, 2022, 8:00 AM , PST (UTC -8)
Feb 23, 2022, 6:30 PM , PST (UTC -8)