Devcon Archive logo
Devcon Forum Blog
  • Watch
  • Event
    Event: background logo
    • Devcon 7
    • Devcon 6
    • Devcon 5
    • Devcon 4
    • Devcon 3
    • Devcon 2
    • Devcon 1
    • Devcon 0
  • Categories
    Categories: background logo
    • Cryptoeconomics
    • Devcon
    • Developer Experience
    • Coordination
    • Core Protocol
    • Layer 2s
    • Real World Ethereum
    • Cypherpunk & Privacy
    • Security
    • Applied Cryptography
    • Usability
  • Playlists

Suggested

Loading results..

View all

About Devcon —

Devcon is the Ethereum conference for developers, researchers, thinkers, and makers.

An intensive introduction for new Ethereum explorers, a global family reunion for those already a part of our ecosystem, and a source of energy and creativity for all.

  • Watch
  • Devcon
  • Forum
  • Blog

Get in touch

devcon@ethereum.org

Subscribe to our newsletter

Crafted with passion ❤️ at the Ethereum Foundation

© 2025 — Ethereum Foundation. All Rights Reserved.

devcon 7 / demystifying smart contract security facts and fallacies

  • YouTube
  • Details

Demystifying Smart Contract Security: Facts & Fallacies

Duration: 00:56:25

Speaker: 0xRajeev, Harikrishnan Mulackal, Josselin Feist, Matthias Egli, Mehdi Zerouali, Mooly Sagiv

Type: Panel

Expertise: Intermediate

Event: Devcon

Date: Nov 2024

Smart contract security is of critical importance as the Ethereum ecosystem rapidly expands across different infrastructures & applications. However, there exist serious gaps and misconceptions about security as it relates to smart contract design, development, validation, tooling, offchain components, audits, bug bounties, monitoring & incident response. This panel brings together six recognized researchers within the Ethereum security ecosystem to help demystify facts from fallacies.

Categories

SecurityBest PracticesHacksFormal VerificationAuditingBountiessmartcontractsAuditingBest PracticesBountiesFormal VerificationHacksSecurity
  • Related
Top Hacks since Devcon VI: what did we learn? preview
Devcon
Workshop
1:21:18

Top Hacks since Devcon VI: what did we learn?

Discover the most daring blockchain hacks of '22-'24 and how to defend against them. Join Mudit Gupta, CISO of Polygon, and Matthias Egli from ChainSecurity for an analysis of tactics and vulnerabilities, and gain valuable insights to stay ahead of the game. And stay tuned for a prominent anon surprise guest!

Building Secure Contracts: Use Echidna Like a Pro preview
Devcon
Workshop
2:16:49

Building Secure Contracts: Use Echidna Like a Pro

In this workshop, attendees will gain hands-on experience with Echidna - an open-source smart contract fuzzer - to build secure smart contracts. Echidna has been used in many professional audits, and fuzzing is a key component to increasing the contracts’ security. Attendees will learn how to define and write invariants and how to use Echidna efficiently. By the end of the session, they will know how to integrate property testing into their development process and write more secure code.

Finding Bugs: 42 Tips from 4 Security Researchers preview
Devcon
Workshop
1:34:14

Finding Bugs: 42 Tips from 4 Security Researchers

Billions of dollars are at risk, and protocols spend millions on security through audits and bug bounties. Have you ever wondered how you can become a top security researcher securing these billions? In this workshop, 4 recognized security researchers share their experiences on smart contract security with practical tools & techniques to find & report vulnerabilities. Security researchers, even aspirational ones, can take away some key advice to improve their smart contract security skills.

Debug First, or Regret Later: an Arsenal of Tools can Build Solid Ethereum Foundations preview
Devcon
Lightning Talk
07:04

Debug First, or Regret Later: an Arsenal of Tools can Build Solid Ethereum Foundations

Building secure and reliable smart contracts requires a robust testing and debugging arsenal. This talk provides a comprehensive and up-to-date overview of essential tools in the Ethereum ecosystem. Learn how to effectively integrate these tools into your development workflow from the start. We'll explore popular options, their strengths, and how to combine them for maximum efficiency. Discover best practices for writing comprehensive tests, identifying and fixing bugs, and ensuring code quality

Lazarus! How to stay safe from the biggest threat actor in crypto preview
Devcon
Talk

Lazarus! How to stay safe from the biggest threat actor in crypto

Lazarus has stolen by far the most funds in the blockchain space. They use the same or very similar attack vectors every time yet we see the biggest crypto companies falling victim to them one after another. In this talk, i'll go over some of the attack vectors used by Lazarus and how people can keep themselves safe from Lazarus.

Double entry point issues - From breaking Compound to Uniswap v4 preview
Devcon
Lightning Talk
09:09

Double entry point issues - From breaking Compound to Uniswap v4

A short explanation of a critical-severity vulnerability we found in the Uniswap V4 core contracts that would have caused a ~$15M loss in Uniswap's pools. The goal is to explain the risks of double entry points, from the $30M+ TUSD issue in Compound to the Uniswap V4-specific case where protocols use native tokens and operate on chains where the native token has a corresponding ERC-20 token, and how to prevent them.

Blockchain Autopsies - Analyzing selfdestructs preview
Devcon
Talk
06:21

Blockchain Autopsies - Analyzing selfdestructs

On the blockchain, contracts may be lost but are never forgotten. Of the over 1,800,000 Ethereum smart contracts ever created, more than 54,000 are empty. When a contract’s purpose is fulfilled, the owner typically triggers a self-destruct switch that removes code and state. These steps are similar to what an attacker would do after hijacking a contract. Is it likely the selfdestruct was intentional or performed by a trusted third party? Or was it a hack or fraud? Old contracts have been purged from the world computer’s working memory but they can be reconstructed and analyzed. By investigating the transactions leading up to the selfdestruct, the circumstances of contract deaths can be determined.

DeFi Can’t Move Forward Without Clear Signing: Let Me Change Your Mind preview
Devcon
Lightning Talk

DeFi Can’t Move Forward Without Clear Signing: Let Me Change Your Mind

Blind signing has been the default way of signing transactions in DeFi, but let’s be honest: as an industry we are shooting ourselves and our users in the foot by continuing to throw caution to the wind. We want to make it easy to implement clear signing for every dAapp, minimizing the work required for developers to make the ecosystem more approachable and secure. Blind signing is an existential threat to what we do, it’s time to change it, and we need your help.

Evolution of Scams preview
Devcon
Lightning Talk
09:18

Evolution of Scams

The goal of this talk will be to give a quick history of the evolution of scams and the new techniques employed to combat them. I was previously the co-founder of Wallet Guard, which has since been acquired by Consensys. I now am responsible for the research and development of the security engine employed by MetaMask to protect its users.

Passkeys : the good, the bad, the ugly preview
Devcon
Talk
25:28

Passkeys : the good, the bad, the ugly

Passkeys are the new hype for easy onboarding, but it's a quite old protocol that has been hijacked for crypto purposes. We'll dig through the standard history, the potentially misleading security expectations, and see how to reverse engineer an implementation to validate its soundness