Devcon Archive logo
Devcon Forum Blog
  • Watch
  • Event
    Event: background logo
    • Devcon 7
    • Devcon 6
    • Devcon 5
    • Devcon 4
    • Devcon 3
    • Devcon 2
    • Devcon 1
    • Devcon 0
  • Categories
    Categories: background logo
    • Cryptoeconomics
    • Devcon
    • Developer Experience
    • Coordination
    • Core Protocol
    • Layer 2s
    • Real World Ethereum
    • Cypherpunk & Privacy
    • Security
    • Applied Cryptography
    • Usability
  • Playlists

Suggested

Loading results..

View all

About Devcon —

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.

An intensive introduction for new Ethereum explorers, a global family reunion for those already a part of our ecosystem, and a source of energy and creativity for all.

  • Watch
  • Devcon
  • Forum
  • Blog

Get in touch

devcon@ethereum.org

Subscribe to our newsletter

Crafted with passion ❤️ at the Ethereum Foundation

© 2025 — Ethereum Foundation. All Rights Reserved.

devcon 7 / deep dive into fork choice compliance for ethereum clients

  • YouTube
  • Details

Deep Dive into Fork Choice Compliance for Ethereum Clients

Duration: 00:00:00

Speaker: Alex Vlasov, Mikhail Kalinin

Type: Talk

Expertise: Intermediate

Event: Devcon

Date: Nov 2024

In this talk we will share the design of the methodology checking the compliance of Ethereum consensus layer clients to the fork choice specification. The core of the methodology is based on the constraint solver models which allows to generate huge number of distinct test scenarios providing comprehensive coverage. At the current stage we have ended up at around 13,000 fork choice tests, but the test suite we developed allows to generate a million of tests and even more.

Categories

Core ProtocolFuzzingTestingCore ProtocolTesting
  • Related
hevm or: How I Learned to Stop Worrying and Love the Symbolic Execution preview
Devcon
Talk
26:28

hevm or: How I Learned to Stop Worrying and Love the Symbolic Execution

hevm is a symbolic execution engine for the EVM that can prove safety properties for EVM bytecode or verify semantic equivalence between two bytecode objects. It exposes a user-friendly API in Solidity that allows you to define symbolic tests using almost exactly the same syntax as usual unit tests. In this talk, we'll present hevm, what it's useful for, and when and how to use it to help secure your digital contracts.

What don't we know? Understanding Security Vulnerabilities in SNARKs preview
Devcon
Talk
25:40

What don't we know? Understanding Security Vulnerabilities in SNARKs

Zero-knowledge proofs (ZKPs) have evolved from being a theoretical concept providing privacy and verifiability to having practical, real-world implementations, with SNARKs (Succinct Non-Interactive Argument of Knowledge) emerging as one of the most significant innovations. Prior work has mainly focused on designing more efficient SNARK systems and providing security proofs for them. Many think of SNARKs as "just math," implying that what is proven to be correct and secure is correct in practice.

A cat-and-mouse game: how to frontrun a transaction in the future? preview
Devcon
Lightning Talk
05:56

A cat-and-mouse game: how to frontrun a transaction in the future?

This talk will describe the attack-defense game in the MEV world. First it will briefly discuss MEV transactions and how it can protect projects from hackers. Then it will delve into attack-defense games between MEV bots. Finally it will discuss our latest observations and direction in this cat-and-mouse game.

Fuzzing Zero-Knowledge Infrastructure preview
Devcon
Talk
22:32

Fuzzing Zero-Knowledge Infrastructure

Zero-knowledge (ZK) infrastructure is highly complex and highly critical for the correct operation of L2 chains; that is, a single bug can result in massive financial and reputational damage. To find such potential million-dollar bugs before they are exploited, we have developed a novel fuzzing technique that can find logic flaws that impact liveness or safety of ZK infrastructure. Our fuzzer has already found 16 such issues in four ZK systems, namely Circom, Corset, Gnark, and Noir.

Can we formally verify implementations of cryptographic libraries like the c-kzg library? preview
Devcon
Lightning Talk

Can we formally verify implementations of cryptographic libraries like the c-kzg library?

In this talk, we present our work on formally verifying the implementation of a cryptographic library key to the security of the Ethereum Data Availability layer: the c-kzg library. We will explore what we have been able to prove so far and what is ahead of us.

Merkle Proofs: When Leaves Leave You Vulnerable preview
Devcon
Lightning Talk
05:34

Merkle Proofs: When Leaves Leave You Vulnerable

A Merkle proof is a cryptographically authenticated data structure widely used to minimize on-chain data storage. The Merkle algorithm is neat yet non-trivial to implement correctly and securely; its leaves may leave you vulnerable if not handled properly.

Transaction simulation, the good, the bad & the ugly preview
Devcon
Lightning Talk
07:38

Transaction simulation, the good, the bad & the ugly

Transaction simulation allows users to preview the outcomes of signing a transaction, enabling them to make informed decisions rather than fully trusting the dApp. However, several caveats and risks are associated with relying on simulated transaction outcomes. State changes, differing contract behavior between simulation and on-chain execution, and randomness can all affect the outcome. In this talk, I'll share my experiences and learnings from simulating user transactions over the past 2 years

Web3 Security is Embarrasing preview
Devcon
Talk

Web3 Security is Embarrasing

The explosive growth of Web3 has brought about innovation, decentralization, and financial opportunity. But let’s be honest—Web3 security is a disaster. In this talk, we’ll confront embarrassing truths: drainer attacks, weak wallet protections, and overlooked vulnerabilities. But we won’t stop there; I’ll share practical fixes to protect users and show how Web3 developers can raise the bar. If we want Web3 to thrive, we have to stop attackers beating us with low-effort attacks. We can do better!

Debug First, or Regret Later: an Arsenal of Tools can Build Solid Ethereum Foundations preview
Devcon
Lightning Talk
07:04

Debug First, or Regret Later: an Arsenal of Tools can Build Solid Ethereum Foundations

Building secure and reliable smart contracts requires a robust testing and debugging arsenal. This talk provides a comprehensive and up-to-date overview of essential tools in the Ethereum ecosystem. Learn how to effectively integrate these tools into your development workflow from the start. We'll explore popular options, their strengths, and how to combine them for maximum efficiency. Discover best practices for writing comprehensive tests, identifying and fixing bugs, and ensuring code quality

How to steal $1.1M from lending market in 15 minutes preview
Devcon
Lightning Talk
09:27

How to steal $1.1M from lending market in 15 minutes

In may 2024 I found multiple bugs in lending market which allowed to steal $1.1 mln. The exploit itself was very complicated and required multiple steps, including exploitation of liquidation process of unhealthy loan which worked very similar to flash loan. I'll tell the story of how I decided to check this project source code to finding an issue, contacting with owners of platform and fixing it. I'll also share the best tips how to avoid and prevent such issues in other projects.