Ethereum Foundation / DevCon 6 - Security Track

Add meeting Rate page Subscribe

Ethereum Foundation / DevCon 6 - Security Track

These are all the meetings we have in "DevCon 6 - Security…" (part of the organization "Ethereum Foundation"). Click into individual meeting pages to watch the recording and search or read the transcript.

14 Nov 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/future-of-smart-contract-security-audits-rekt-or-wagmi/

Smart contract security audits have become a de facto requirement for Ethereum applications. However, there continue to be multi-million dollar hacks every week highlighting significant challenges with audits such as questionable quality, arguable effectiveness, unreasonable expectations, high cost, low availability and dearth of talent. This panel proposes to debate on these contentious aspects with some leaders in this space and peek into their crystal ball to see if we are REKT or WAGMI.

Speaker(s): Jonathan Alexander, Gonçalo Sá, Nick Selby, Mehdi Zerouali, Chandrakana Nandi, Maurelian
Track: Security
Keywords: Smart Contracts,Security,Audit

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 16 participants
  • 57 minutes
consultancy
firms
concerns
consensus
validators
auditors
trust
transactions
diligence
sartora
youtube image

14 Nov 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/the-attacker-is-inside-javascript-supplychain-security-and-lavamoat/

We all use open source, it is the wealth of the commons that forms the foundations we all build on. While this is incredibly empowering, we may be inviting the devil to dine with us. This talk examines software supplychain attacks in the javascript and crypto ecosystems and how to keep your app, wallet, and users safe. We'll look at the free and opensource tool LavaMoat that protects MetaMask.

Speaker(s): Kumavis, Naugtur
Skill level: Intermediate
Track: Security
Keywords: security,javascript,development

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 9 participants
  • 22 minutes
attacker
blockchain
security
dangerous
dependencies
vulnerabilities
npm
proxy
metamask
apps
youtube image

3 Nov 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/building-secure-contracts-use-echidna-like-a-pro/

In this workshop, attendees will gain hands-on experience with Echidna - an open-source smart contract fuzzer - to build secure smart contracts. Echidna has been used in many professional audits, and fuzzing is a key component to increasing the contracts’ security. Attendees will learn how to define and write invariants and how to use Echidna efficiently. By the end of the session, they will know how to integrate property testing into their development process and write more secure code.

Speaker(s): Josselin Feist, Gustavo Grieco
Track: Security
Keywords: fuzzing,vulnerability,testing

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 10 participants
  • 2:17 hours
secure
validating
cryptography
vulnerability
procedure
hackathons
benchmarking
verifier
audits
software
youtube image

3 Nov 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/formal-methods-for-the-working-defi-dev/

Lecture notes: https://bit.ly/3RFwvBx

Runtime Verification is known for formal methods, but you don't need a PhD to make your code better by thinking like a prover. Here we want to show you how you as a developer or auditor can apply fairly simple mathematical thinking to make your code more robust and your security work simpler. By thinking “invariants first” you can get stronger tests, better docs, and reduce the risk of introducing bugs in your future coding.

Speaker(s): Rikard Hjort
Track: Security
Keywords: formal methods,invariants,mathematical thinking

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 14 participants
  • 1:04 hours
auditing
auditors
audit
auditor
debugging
verification
challenges
intimidated
carefully
invarian
youtube image

3 Nov 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/thinking-like-an-auditor-to-develop-safer-smart-contracts/

Since 2017, ChainSecurity has audited countless smart contracts. Based on this experience, our experts will present a methodology for secure smart contract development.

During the workshop, we will coach attendees to think about their project like an auditor would, to help them develop safer smart contracts using foundry and forked mainnet tests.

Speaker(s): Dominic Bruetsch
Track: Security
Keywords: security,solidity,defi

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 3 participants
  • 47 minutes
implementation
implementing
implemented
documentation
documenting
specification
programming
protocols
developing
security
youtube image

18 Oct 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/hunting-and-monitoring-for-on-chain-attacks/

Web3 security requires a comprehensive security approach from reuse of secure, audited libraries, audits, threat modeling and security assessments to bug bounties, monitoring, and incident response.
In this workshop, we will dissect a real world on-chain attack, categorize each step the attacker took into four distinct stages (funding, preparation, exploitation, and money laundering) and walk through the development of a heuristic/ ML approach to identify these attacks using the Forta Network.

Speaker(s): Christian Seifert, Dmitry Gusakov
Track: Security
Keywords: security,monitoring,incidentresponse

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 23 participants
  • 1:41 hours
hacked
monitoring
security
threat
malware
protocols
attacker
suspicious
exploiter
internet
youtube image

16 Oct 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/post-merge-wallet/

Crypto wallet is an entry point to onboard users to Web3, but the complexity of key management prevents the real decentralization to be realized and widely adopted. After the Merge, Ethereum is pivoting to a rollup-centric roadmap. What does the future wallet look like? In this talk, I would like to talk about what is the missing part for current wallet design centered around L2, DeFi applications, abstract account and social recovery from our past experience.

Speaker(s): Chang-Wu Chen
Skill level: Intermediate
Track: Security
Keywords: Wallet;,Security;,UX

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 1 participant
  • 23 minutes
cryptocurrency
crypto
ethereum
bitcoin
decentralized
transactions
wallet
transition
users
thinking
youtube image

15 Oct 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/bad-proofs-in-formal-verification/

Formal verification can be a huge boon to smart contract security as it checks all possible execution paths. Unfortunately, even verified code can be faulty if the formal specification contains mistakes. "Bad" proofs can lead to false confidence in the code and premature deployment. This talk will discuss different types of "bad" proofs and how to avoid them.

Speaker(s): Uri Kirstein
Skill level: Intermediate
Track: Security
Keywords: Formal,Verification,Bugs

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 2 participants
  • 29 minutes
proofs
verification
ensuring
prover
formal
implementation
notional
security
complicated
lecture
youtube image

15 Oct 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/battle-of-the-bridges-untangling-the-tradeoffs-of-various-bridge-designs/

This panel invites 3 of the leading bridge protocols to debate the various tradeoffs that have emerged between different cross chain bridge designs, including pros and cons, and security considerations. Panelists include the founders of Across (Hart Lambur), Hop (Chris Whinfrey), Succinct (Uma Roy), and will be moderated by Tarun Chitra (Gauntlet).

Speaker(s): Tarun Chitra, Hart Lambur, Chris Whinfrey, Uma Roy
Track: Security
Keywords: bridges,cross-chain

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 9 participants
  • 1:01 hours
introduce
protocol
hi
moderator
panelists
hop
hacked
guillermo
crazy
bridged
youtube image

15 Oct 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/being-a-responsible-multisig-signer-verify-dont-trust/

So you have been trusted with safeguarding a project along with other members of your community, congratulations! But, alas, the first transaction from a developer on the team comes in. How do you proceed? Can you blindly trust the developer? Should you? It's tempting to just see what other multisig members do and roll along, right?

In this talk we'll go over what you can do to verify what a transaction will actually do, and what tools you have at your disposal for this. No coding required!

Speaker(s): Santiago Palladino
Track: Security
Keywords: multisig,verification

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 1 participant
  • 8 minutes
signers
transaction
proposer
representing
contract
governance
manage
multi
important
ethereum
youtube image

15 Oct 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/decentralized-threat-detection-bots/

Decentralized threat detection bots are a recent area of research and development for protecting the ecosystem. This talk will cover concepts and recent research on detection bots and implementation patterns including heuristic-based, time-series based, multi-block, and TX simulation. Examples involving prior exploits will be included, as well as tools, limitations, the potential for automated threat prevention, and areas for further research.

Speaker(s): Jonathan Alexander
Skill level: Beginner
Track: Security
Keywords: security,risk,monitoring

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 3 participants
  • 30 minutes
security
monitored
monitoring
threats
suspicious
protocols
bots
decentralized
trusted
audits
youtube image

15 Oct 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/ethereum-foundations-bug-bounty-program/

The Ethereum Foundation's Bug Bounty program is one of the longest running bounty programs for blockchains. This talk focus on its history, reported vulnerabilities, where it's heading and why having a bug bounty program is important.

Speaker(s): Fredrik Svantes
Track: Security
Keywords: security,bug bounty,vulnerabilities

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 1 participant
  • 8 minutes
bug
ethereum
bugabonnet
infrastructure
bounty
provider
program
bit
encryption
bhagavani
youtube image

15 Oct 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/how-to-not-be-worth-kidnapping/

Personal physical security, specifically violent kidnapping and compulsion to disclose keys, is often brought up as a concern by cryptocurrency participants. We will quickly present a way of thinking about these threats and a model for not merely protecting from loss of cryptocurrency, but prevention of victimization through violence entirely.

Speaker(s): Ryan Lackey
Track: Security
Keywords: security,violence,kidnapping

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 1 participant
  • 9 minutes
kidnappings
kidnapping
kidnap
kidnapper
ransoms
kidnapped
risk
threats
dangerous
security
youtube image

15 Oct 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/rug-life-using-blockchain-analytics-to-detect-illicit-activity-track-stolen-funds-and-stay-safe/

Learn how to use blockchain analytics to identify and protect yourself from the latest rugs, hacks, and scams.

The purpose of this talk is to discuss:
- How to (automatically) identify illicit activity on the blockchain
- Typologies of the latest rugs, hacks, and scams
- Tracing where funds from a latest rug/hack/scam have gone
- How to protect yourself as a dev

Speaker(s): Heidi Wilder
Skill level: Intermediate
Track: Security
Keywords: hack,scam,rug

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 1 participant
  • 28 minutes
illicit
transacting
theft
crypto
scammers
protect
exploit
protocols
etherscan
worry
youtube image

15 Oct 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/time-locked-recovery-factors-for-secret-sharing/

Verifiable delay encryption allows us to construct time-locked secret shares which reveal themselves after some time. Paired with share refreshing, this allows users to automatically recover their account after a set amount of time even if they have lost secret shares, without compromising key security. Setup requires no user input which allows for a streamlined UX, and we show a demo of this functionality by generating and recovering a private key using this technique.

Speaker(s): Leonard Tan
Skill level: Intermediate
Track: Security
Keywords: Secret sharing,VDF,key management

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 2 participants
  • 21 minutes
authentication
security
compromised
npc
protocols
compromises
issue
factor
considering
foreign
youtube image

15 Oct 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/usable-security-in-web3/

Self-custodial wallets are the most powerful expression of autonomy we can aspire to in web3, but can people actually keep their EOA accounts safe? Balancing security and usability is critical for onboarding the next billion to web3. During this talk, we will explore how both can converge to give users a usable, secure experience.

Speaker(s): Antonela
Skill level: Intermediate
Track: Security
Keywords: usable,security,human-centered design

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 8 participants
  • 24 minutes
wallets
consent
transaction
permissions
privacy
decentralized
tokens
users
questioning
vocability
youtube image

14 Oct 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/nosy-neighbor-automated-fuzz-harness-generation-for-golang-projects/

Nosy Neighbor was developed as a breadth-first fuzzing tool for the critical golang clients in the ethereum network - Prysm, Go-Ethereum, and Mev-Boost. Nosy is a very annoying (to the devs) tool that aims to find bugs the moment they are introduced. Leveraging the go/types and go/parser libraries used by the Go compiler, Nosy analyzes the AST of a repo and generates fuzz harnesses for continuous fuzzing

Come learn about Nosy's novel approach to go-fuzzing and the issues it has uncovered!

Speaker(s): David Theodore
Skill level: Intermediate
Track: Security
Keywords: testing,fuzzing,layer-1

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 2 participants
  • 28 minutes
ethereum
gosecker
blockchain
gopher
repo
geth
nodes
execution
consensus
nosy
youtube image

13 Oct 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/notable-security-incidents-since-devcon-v/

October 2019 seems like an eternity ago, and there have been a variety of interesting, sometimes novel, and sometimes repetitive security incidents across the ecosystem since then. We will discuss those incidents, what went wrong, how they've been resolved, and what lessons have been learned, or new mechanisms put in place, in the service of preventing a repeat.

Speaker(s): Lane Rettig, Ryan Lackey, Tom Howard, Arun Devabhaktuni
Track: Security
Keywords: security,lessons learned,countermeasures

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 7 participants
  • 1:00 hours
cyberpunk
crypto
hackers
devcon
compromised
protocol
security
discord
onboard
cso
youtube image

12 Oct 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/crosschain-security-considerations-for-the-degen-in-all-of-us/

Crosschain applications (xApps) are often considered too risky, but this viewpoint is divorced from reality. People **will** use these applications and it is our responsibility to understand the security implications. xApp developers must be able to reason about concurrency and asynchrony across two different networks, as well as understand the trust assumptions introduced by the data transport layer. By understanding this, we can allow users to engage in risky behavior in the safest way.

Speaker(s): Layne Haber
Skill level: Intermediate
Track: Security
Keywords: security,crosschain,multichain

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 4 participants
  • 24 minutes
security
bridges
risk
bridge
securing
compromised
considerations
connects
damage
hacks
youtube image

12 Oct 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/future-block-mev-in-proof-of-stake/

In PoS Ethereum, block proposers are known ahead of time. This allows for new types of MEV, which leverage the ownership of future block space.
Using this, some attacks that were expensive due to arbitrage competition, such as oracle manipulations, become very cheap. There could also be opportunities for incentivizing high-MEV transactions in a future block that you know you will control.

Speaker(s): Torgin Mackinga
Track: Security
Keywords: MEV,PoS,security

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 1 participant
  • 6 minutes
ethereum
block
transaction
stake
manipulation
bit
future
attacker
arbitrage
producer
youtube image

12 Oct 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on IPFS and more.
https://archive.devcon.org/archive/watch/6/read-only-reentrancy-a-novel-vulnerability-class-responsible-for-100m-funds-at-risk/index

Reentrancy is one of the first lessons learned when getting started with smart contract development and security. In this lightning talk we will present a novel form of reentrency, the "read-only reentrency" which is mostly unknown, although devastating in today's DeFi world and which has been single-handedly responsible for $100m+ in funds at risk.

Speaker(s): Ioannis Sachinoglou
Track: Security
Keywords: read-only,reentrency,security

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 1 participant
  • 7 minutes
security
transaction
protocols
malicious
entrancy
risk
smart
ether
reenterence
decentralized
youtube image

12 Oct 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/securing-cross-chain-communication/

The last year witnessed several cross-chain bridges being hacked and millions of dollars stolen by hackers. Despite the bridges having gone through several audits, we still see them getting exploited because hackers were able to get access to authorized private keys, signature replay attacks, etc. Let us see what a secure cross-chain bridge architecture should look like and what are the possible attack vectors and mitigation techniques.

Speaker(s): Nithin Eappen
Skill level: Intermediate
Track: Security
Keywords: cross-chain,bridge,security

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 4 participants
  • 24 minutes
blockchain
blockchains
bridge
infrastructure
transactions
exchange
communication
chain
issue
security
youtube image

12 Oct 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/shamir-secret-sharing-with-no-id-numbers/

Recall that, when splitting a seedphrase via Shamir Secret Sharing into n shares, each share is numbered (from 1 to n). These ID numbers are necessary for reconstruction—if they are lost, reconstruction may be impossible or require brute force.

We will quickly review Shamir Secret Sharing and show a trick that can be used to encode the ID numbers into each share for BIP-39 compliant seeds, so that users only need to store the share mnemonic.

Speaker(s): Jorge Arce-Garro
Track: Security
Keywords: Seedphrase,security,cryptography.

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 2 participants
  • 11 minutes
cryptography
sharing
secret
ethereum
bit
hash
exploit
metamask
scheme
shamir
youtube image

12 Oct 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/tackling-rounding-errors-with-precision-analysis/

Rounding errors in smart contracts can lead to severe security vulnerabilities. In this talk, we'll motivate the importance of rigorous numerical analysis through real-world exploits, and review existing precision analysis techniques. We'll then argue for the development of automated error propagation analysis tools to overcome the tediousness of manual efforts.

Speaker(s): Raoul Schaffranek
Skill level: Intermediate
Track: Security
Keywords: Security techniques,code quality,rounding errors

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 3 participants
  • 27 minutes
rounding
approximate
calculation
assumptions
decimal
errors
transaction
blockchain
currencies
exploits
youtube image

12 Oct 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/the-dollar10b-problem-web3-security-against-coordinated-adversaries/

Bored Ape Yacht Club Discord hacked, Ronin Bridge compromised, the news articles are fraught with Ethereum exploits. Chainalysis has identified that these attacks are often executed by a small circle of well-funded, well-coordinated adversaries. In this session, Chainalysis examines how these actors operate, how we investigate the flow of funds to try to disrupt attacks, and how the web3 community can work together to raise costs for attackers using the transparency of public blockchains.

Speaker(s): Julia Hardy, Adam Hart
Skill level: Intermediate
Track: Security
Keywords: Hack,Investigation

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 4 participants
  • 21 minutes
blockchain
adversaries
analysts
entities
chain
transactions
exploits
network
issue
security
youtube image

12 Oct 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/underhanded-solidity/

A brief description of the exploit behind the winning submission to the Underhanded Solidity Contest 2022.

Speaker(s): Tynan Richards
Track: Security
Keywords: Security,Exploit,Underhanded

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 1 participant
  • 6 minutes
evaluated
evaluates
evaluation
evaluate
specification
analyzing
function
unspecified
solidity
underhanded
youtube image

12 Oct 2022

Visit the https://archive.devcon.org/ to gain access to the entire library of Devcon talks with the ease of filtering, playlists, personalized suggestions, decentralized access on Swarm, IPFS and more.
https://archive.devcon.org/archive/watch/6/web3-vs-web2-security-same-or-different/

Web3 security is typically associated with smart contract security. The biggest Web3 hacks have however involved traditional Web2 vulnerabilities and attack vectors. This panel proposes to debate on the similarities and differences between Web3 vs Web2 security with some leaders in this space towards the goal of highlighting the current status, historical lessons from Web2 security and future challenges for a safer Ethereum ecosystem.

Speaker(s): Mudit Gupta, Spencer Macdonald, samczsun, Cory Hardman, Nassim Eddequiouaq, Taylor Monahan
Track: Security
Keywords: Security,Web3,Web2

Follow us: https://twitter.com/efdevcon, https://twitter.com/ethereum
Learn more about devcon: https://www.devcon.org/
Learn more about ethereum: https://ethereum.org/

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.
Devcon 6 was held in Bogotá, Colombia on Oct 11 - 14, 2022.
Devcon is organized and presented by the Ethereum Foundation, with the support of our sponsors. To find out more, please visit https://ethereum.foundation/
  • 6 participants
  • 53 minutes
security
threats
safety
cyber
important
protocols
compromised
discussion
geopolitical
bridge
youtube image