Devcon Archive logo
Devcon Forum Blog
  • Watch
  • Event
    Event: background logo
    • Devcon 7
    • Devcon 6
    • Devcon 5
    • Devcon 4
    • Devcon 3
    • Devcon 2
    • Devcon 1
    • Devcon 0
  • Categories
    Categories: background logo
    • Cryptoeconomics
    • Devcon
    • Developer Experience
    • Coordination
    • Core Protocol
    • Layer 2s
    • Real World Ethereum
    • Cypherpunk & Privacy
    • Security
    • Applied Cryptography
    • Usability
  • Playlists

Suggested

Loading results..

View all

About Devcon —

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.

An intensive introduction for new Ethereum explorers, a global family reunion for those already a part of our ecosystem, and a source of energy and creativity for all.

  • Watch
  • Devcon
  • Forum
  • Blog

Get in touch

devcon@ethereum.org

Subscribe to our newsletter

Crafted with passion ❤️ at the Ethereum Foundation

© 2025 — Ethereum Foundation. All Rights Reserved.

devcon 6 / thinking like an auditor to develop safer smart contracts

  • YouTube
  • IPFS
  • Details

Thinking Like an Auditor to Develop Safer Smart Contracts

Duration: 00:47:22

Speaker: Dominic Bruetsch

Type: Workshop

Expertise:

Event: Devcon

Date: Oct 2022

Since 2017, ChainSecurity has audited countless smart contracts. Based on this experience, our experts will present a methodology for secure smart contract development. During the workshop, we will coach attendees to think about their project like an auditor would, to help them develop safer smart contracts using foundry and forked mainnet tests.

Categories

Securitysecuritysoliditydefi
  • Related
Reversing Ethereum Smart Contracts to find out what's behind EVM bytecode preview
Devcon
Talk
18:59

Reversing Ethereum Smart Contracts to find out what's behind EVM bytecode

Reverse engineering is a common technique used by security researcher to understand and analyze the behavior of closed-source binaries. If you apply this to Ethereum smart contract (and more specifically on the EVM bytecode), thats allow you to analyze and verify the result of your Solidity source code compilation. From a developer point of view, it can save you a lot of time and money if you succeed to detect flaws and missing bytecode optimization. Also, providing the Solidity source code it's not mandatory during the smart contract creation, that’s why being able to directly reverse the EVM bytecode make even more sense if you want to understand the behavior of external smart contracts.

DigixGlobal’s security robustness and the Stablecoin, DGX preview
Devcon
Talk
18:46

DigixGlobal’s security robustness and the Stablecoin, DGX

Talk on Contract Patterns and Security.

Ethereum Foundation's Bug Bounty Program preview
Devcon
Lightning Talk
07:44

Ethereum Foundation's Bug Bounty Program

The Ethereum Foundation's Bug Bounty program is one of the longest running bounty programs for blockchains. This talk focus on its history, reported vulnerabilities, where it's heading and why having a bug bounty program is important.

Future-block MEV in Proof of Stake preview
Devcon
Lightning Talk
05:59

Future-block MEV in Proof of Stake

In PoS Ethereum, block proposers are known ahead of time. This allows for new types of MEV, which leverage the ownership of future block space. Using this, some attacks that were expensive due to arbitrage competition, such as oracle manipulations, become very cheap. There could also be opportunities for incentivizing high-MEV transactions in a future block that you know you will control.

How to Not Be Worth Kidnapping preview
Devcon
Lightning Talk
08:34

How to Not Be Worth Kidnapping

Personal physical security, specifically violent kidnapping and compulsion to disclose keys, is often brought up as a concern by cryptocurrency participants. We will quickly present a way of thinking about these threats and a model for not merely protecting from loss of cryptocurrency, but prevention of victimization through violence entirely.

Read-only Reentrancy - a Novel Vulnerability class responsible for 100m+ funds at risk preview
Devcon
Lightning Talk
07:10

Read-only Reentrancy - a Novel Vulnerability class responsible for 100m+ funds at risk

Reentrancy is one of the first lessons learned when getting started with smart contract development and security. In this lightning talk we will present a novel form of reentrency, the "read-only reentrency" which is mostly unknown, although devastating in today's DeFi world and which has been single-handedly responsible for $100m+ in funds at risk.

Shamir Secret Sharing with No ID Numbers! preview
Devcon
Lightning Talk
10:47

Shamir Secret Sharing with No ID Numbers!

Recall that, when splitting a seedphrase via Shamir Secret Sharing into n shares, each share is numbered (from 1 to n). These ID numbers are necessary for reconstruction—if they are lost, reconstruction may be impossible or require brute force. We will quickly review Shamir Secret Sharing and show a trick that can be used to encode the ID numbers into each share for BIP-39 compliant seeds, so that users only need to store the share mnemonic.

Smart Contract Security preview
Devcon
Talk
12:04

Smart Contract Security

After a quick overview of smart contract failures in the past, a list of important takeaways will be covered. Some coding techniques to prevent unexpected behaviour in smart contracts will be covered as well as some remarks about governance in decentralized systems.

CBC Casper Design Philosophy preview
Devcon
Talk
30:18

CBC Casper Design Philosophy

Consensus protocols are used by nodes to make consistent decisions in a distributed network. However, consensus protocols for public blockchains should satisfy other requirements, by virtue of the protocol being open. For example, they need to be incentivized, in that people will be incentivized to run consensus forming nodes in the first place, and in that following the protocol should be an equilibrium for consensus forming nodes.The CBC Casper family of consensus protocols has been designed to fit design criteria necessary for secure public blockchains. In this talk, we will explore the design goals and methodology used in CBC Casper research: economically motivated properties of the consensus protocol, the correct-by-construction approach to protocol specification, and the resulting rapid iteration.

Solutions towards trusted and private computations - built by Golem for the wider ecosystem preview
Devcon
Talk
23:35

Solutions towards trusted and private computations - built by Golem for the wider ecosystem

Intel SGX is a technology first developed by Intel for the protection of code and data. This an extremely promising technology that will contribute to the development of the blockchain space and is focusing efforts on solutions and further development.Our hard work has allowed us to be positioned as the most advanced team in this field. We are building this solution and open-sourcing it because we believe that our user-friendly product will enable many projects facing challenges like the ones we have faced apply this solution and push other development aspects of their projects. This talk will cover what we have accomplished so far and what are the next steps related to Intel SGX technology development. We will explain how we have achieved total security and privacy for requestors (people requesting computing power via the Golem p2p marketplace). They can be certain that the data they share is not accessible for the providers and they can be certain that the results are not manipulated. We'll also show how that integrates with our Concent service.Most importantly we will talk about other new possibilities that this technology enables for decentralized computations, explaining how to run arbitrary binaries inside SGX.