devcon 6 / web3 vs web2 security same or different
- YouTube
- IPFS
- Details
Web3 vs Web2 Security: Same or Different?
Duration: 00:53:04
Speaker: Cory Hardman, Mudit Gupta, Nassim Eddequiouaq, samczsun, Spencer Macdonald, Taylor Monahan
Type: Panel
Expertise:
Event: Devcon
Date: Oct 2022
Web3 security is typically associated with smart contract security. The biggest Web3 hacks have however involved traditional Web2 vulnerabilities and attack vectors. This panel proposes to debate on the similarities and differences between Web3 vs Web2 security with some leaders in this space towards the goal of highlighting the current status, historical lessons from Web2 security and future challenges for a safer Ethereum ecosystem.
- Related
Devcon
Talk
Lazarus! How to stay safe from the biggest threat actor in crypto
Lazarus has stolen by far the most funds in the blockchain space. They use the same or very similar attack vectors every time yet we see the biggest crypto companies falling victim to them one after another. In this talk, i'll go over some of the attack vectors used by Lazarus and how people can keep themselves safe from Lazarus.
Devcon
Workshop
1:21:18
Top Hacks since Devcon VI: what did we learn?
Discover the most daring blockchain hacks of '22-'24 and how to defend against them. Join Mudit Gupta, CISO of Polygon, and Matthias Egli from ChainSecurity for an analysis of tactics and vulnerabilities, and gain valuable insights to stay ahead of the game. And stay tuned for a prominent anon surprise guest!
Devcon
Talk
30:18
CBC Casper Design Philosophy
Consensus protocols are used by nodes to make consistent decisions in a distributed network. However, consensus protocols for public blockchains should satisfy other requirements, by virtue of the protocol being open. For example, they need to be incentivized, in that people will be incentivized to run consensus forming nodes in the first place, and in that following the protocol should be an equilibrium for consensus forming nodes.The CBC Casper family of consensus protocols has been designed to fit design criteria necessary for secure public blockchains. In this talk, we will explore the design goals and methodology used in CBC Casper research: economically motivated properties of the consensus protocol, the correct-by-construction approach to protocol specification, and the resulting rapid iteration.
Devcon
Talk
23:35
Solutions towards trusted and private computations - built by Golem for the wider ecosystem
Intel SGX is a technology first developed by Intel for the protection of code and data. This an extremely promising technology that will contribute to the development of the blockchain space and is focusing efforts on solutions and further development.Our hard work has allowed us to be positioned as the most advanced team in this field. We are building this solution and open-sourcing it because we believe that our user-friendly product will enable many projects facing challenges like the ones we have faced apply this solution and push other development aspects of their projects. This talk will cover what we have accomplished so far and what are the next steps related to Intel SGX technology development. We will explain how we have achieved total security and privacy for requestors (people requesting computing power via the Golem p2p marketplace). They can be certain that the data they share is not accessible for the providers and they can be certain that the results are not manipulated. We'll also show how that integrates with our Concent service.Most importantly we will talk about other new possibilities that this technology enables for decentralized computations, explaining how to run arbitrary binaries inside SGX.
Devcon
Lightning Talk
08:03
Being a Responsible Multisig Signer (Verify, Don't Trust!)
So you have been trusted with safeguarding a project along with other members of your community, congratulations! But, alas, the first transaction from a developer on the team comes in. How do you proceed? Can you blindly trust the developer? Should you? It's tempting to just see what other multisig members do and roll along, right? In this talk we'll go over what you can do to verify what a transaction will actually do, and what tools you have at your disposal for this. No coding required!
Devcon
Lightning Talk
05:41
Underhanded Solidity
A brief description of the exploit behind the winning submission to the Underhanded Solidity Contest 2022.
Devcon
Lightning Talk
07:44
Ethereum Foundation's Bug Bounty Program
The Ethereum Foundation's Bug Bounty program is one of the longest running bounty programs for blockchains. This talk focus on its history, reported vulnerabilities, where it's heading and why having a bug bounty program is important.
Devcon
Workshop
1:03:31
Formal Methods for the Working DeFi Dev
Lecture notes: https://bit.ly/3RFwvBx Runtime Verification is known for formal methods, but you don't need a PhD to make your code better by thinking like a prover. Here we want to show you how you as a developer or auditor can apply fairly simple mathematical thinking to make your code more robust and your security work simpler. By thinking “invariants first” you can get stronger tests, better docs, and reduce the risk of introducing bugs in your future coding.
Devcon
Lightning Talk
05:59
Future-block MEV in Proof of Stake
In PoS Ethereum, block proposers are known ahead of time. This allows for new types of MEV, which leverage the ownership of future block space. Using this, some attacks that were expensive due to arbitrage competition, such as oracle manipulations, become very cheap. There could also be opportunities for incentivizing high-MEV transactions in a future block that you know you will control.
Devcon
Lightning Talk
08:34
How to Not Be Worth Kidnapping
Personal physical security, specifically violent kidnapping and compulsion to disclose keys, is often brought up as a concern by cryptocurrency participants. We will quickly present a way of thinking about these threats and a model for not merely protecting from loss of cryptocurrency, but prevention of victimization through violence entirely.