DeFi is an emerging suite of applications for decentralized asset management over blockchain technology. DeFi is becoming a major economic vehicle in modern society. The Ethereum blockchain alone already manages more than 235 billion USD worth of assets. One of the basic principles behind DeFis is that the code is law and computer programs called smart contracts that run on the blockchain dictate the conditions and the effects for asset transactions. This groundbreaking idea has many desirable benefits that originate from trust-minimizing and immutable aspects of decentralized public blockchains. However, vulnerabilities in smart contracts and in their applications may be exploited to steal or deny access to assets managed by them. Mitigation and prevention of such damages are challenging and require new software development and security design methodologies. Hundreds of millions in USD value have already been lost due to vulnerabilities in smart contracts. Therefore, smart contract security is a significant concern for DeFi applications.
Saturday, Jan 22
8:30-09:00 Opening
09:00-10:30 Session 1: Protocols Chair: Aparna Krishnan, Opyn
09:00-09:25 Kurt Barry, MakerDao – Maker’s safety and security practices
09:26-09:50 Jared Fatelow, VP of Engineering at Compound Labs – Secure by Design
09:51-10:15 Emlio Frangella, Head of Smart Contracts at Aave – The butterfly effect – How simple oversights turn into smart contract nightmares
10:15-10:30 Discussion
10:30-10:45 Coffee Break
10:45-12:00 Session 2: Auditors Part 1 Chair: Emilio Frangella, Aave
10:45-11:10 Dmitry Khovratovich, ABDK – audits of circuits for zero-knowledge proofs
11:11-11:35 Richard Ma ,CEO – Quantstamp – Flash Loans in the Wild: An Analysis of Attacks & Possible Mitigations
11:36-12:00 Goncalo Sa, CoFounder and Security Researcher, Consensys Diligence – Clear as mud – How compilers look like VMs
12:00-13:00 Lunch Break
13:00-14:45 Sesion 3: Auditors Part 2 and discussion Chair: Kurt Berry, MakerDao
14:45-15:05 Dan Guido, Co-Founder & CEO of Trail of Bits – A profile of causes for early bug death,
15:06-15:30 Michael Lewellen, Security Project Manager, OpenZeppelin Lessons –Learned from 5 Years of Ethereum Security Incidents
15:31-15:25 Mehdi Zerouali, Co-founder and Director of Sigma Prime` – Sigma Prime’s Favorite DeFi Vulnerabilities
15:26-15:50 Discussion on Auditing with all auditors
14:45-15:00 Coffee Break
15:00 -16:05 Session 4: Bridges Chair
15:00-15:25 John Mardlin, Security Engineer at Optimism – A review of Bridge contract vulnerabilities
15:26-15:50 Christopher Whinfrey, Co-Founder at Authereum – Cross-chain Security
15:50-16:05 Discussion on bridges
16:05-16:30 Coffee Break
15:30-16:30
16:30-18:00 Session 5: Tool workshops open
18:00-19:00 Dinner
19:00-21:00 Bird of a feather ideas (with wine and cheese) Chair: John Mitchell
Sunday, Jan 23
09:00-10:30 Session 6: White Hat Hacking Chair: Curtis Spencer, Electric Capital
09:00-09:25 Emiliano Bonassi, DeFi Italy
09:26-09:50 Duncan Townsend, CTO and Security Researcher at Immunefi – Bug Bounty Success Stories: War Rooms and New Vulnerability Classes
09:50-10:15 Sam Sun – How do you even write secure code anyways
10:15-10:30 Discussion
10:30-10:45 Break
10:45-12:15 Session 7: Security 1 Chair: Dan Robinson, Paradigm
10:45-11:10 Julien Bouteloup, Founder of Rekt, Blackpool & Stake DAO. Curve Team Member – DeFi Freemason Reptilian
11:11-11:35 Christoph Michel, Security Researcher – Price manipulation exploits
11:35-12:00 Mudit, Security Researcher, Delta Blockchain Fund – TWAP Oracle Manipulation Risks
12:00-13:30 Lunch Break
13:30-15:00 Session 8: Security 2 Chair: Mitchell Amador, Immunefi
13:30-13:55 BoringCrypto – Price manipulation exploits
13:56-14:20 Tarun Chitra, CEO and Co-Founder at Gauntlet – Probabilistic Liquidity Attacks in DeFi
14:21-14:45 Nurit Dor, VP Product at Certora – From high-level DeFi properties to concrete security bugs
14:45-15:00 Discussion
15:00-15:30 Break
15:30-16:35 Insurance Chair: Richard Chen, 1confirmation
15:30-15:55 Hugh Karp, Founder of Nexus Mutual Security Concerns from a User Perspective
15:56-16:20 Jack Sanford, Co-Founder at Sherlock Protocol
16:20-16:35 Discussion
16:35-18:00 Panel on tools Moderator: Kartik Agarwal; Dan Guido, Paradigm; Goncalo Sa, Consensys Diligence; Grigore Rossu, Runtime Verification; Mooly Sagiv, Co-Founder, Tel Aviv University and Certora
18:00- Reception and DSS’23
Medium+