devconnect arg / when trust gets tricky the state of tee security today
- YouTube
- Details
When Trust Gets Tricky: The State of TEE Security Today
Duration: 00:17:55
Speaker:
Type: Talk
Expertise:
Event: Devcon
Date: Feb 2026
Trusted Execution Environments like Intel TDX and AMD SEV promise hardware-enforced isolation, but their real-world guarantees are far from absolute. This talk introduces how TEEs work, what they actually protect against, and where their trust boundaries fail under modern cloud and supply-chain threats.
Speaker: Anup, Staff Security Engineer, Eigen Labs
About DSS
Every year, DSS brings together top minds in blockchain, auditing, and security — from white-hat hackers and protocol developers to academic researchers and industry leaders. The goal? To tackle the most pressing issues in DeFi security head-on — from smart contract exploits and cross-chain vulnerabilities to governance threats and beyond.
https://defisecuritysummit.org/
- Related
Devconnect
Talk
20:57
Adversarial ERC-4626: How Vault-Share Manipulation Still Bypasses Listing Screens in 2025
0xmonsoon, Security Researcher, OpenZeppelin LST/LRT wrappers, points-tokens, and restaked derivatives are exploding. ERC-4626 is the default envelope. Attack surface is bigger now than before. Oracle teams and risk committees rely on previewDeposit/previewMint as if they were binding promises. They aren’t. Many “checks” are unit-tests that don’t model donations, flash liquidity, or time-dependent exchange rates. https://defisecuritysummit.org/schedule
Devconnect
Talk
05:44
ARGUZZ: Testing zkVMs for Soundness and Completeness Bugs
Valentin Wüstholz, Principal Researcher and Co-founder, Diligence Security Arguzz is the first fuzzer for testing zero-knowledge virtual machines (zkVMs). It uses metamorphic testing and adversarial execution to find soundness and completeness bugs. The fuzzer found 11 critical bugs across three major zkVMs. https://defisecuritysummit.org/schedule
Devconnect
Talk
19:06
Bounding Rounding Errors in Integer Maths
Yanis De Busschere, Security Engineer, ChainSecurity In this session we will explore lesser-known facts around rounding error bounds in DeFi math and how to reason about them rigorously. An infamous example for rounding errors are ERC-4626 vaults. Hence, we dissect the ERC-4626 conversion formula that OpenZeppelin came up with in defense. We will show how this virtual liquidity works and the absolute and relative error bounds that can be observed compared to the real-valued formula. https://defisecuritysummit.org/schedule
Devconnect
Talk
19:15
Building Crosschain Bridge across VMs
Joseph Olutimehin, Blockchain Security Engineer, Coinbase Bridges between L1 to “EVM-compatible” / “EVM-equivalent” L2 chains have their security consideration due to subtle but impactful differences such as opcodes, precompiles, gas accounting, and execution semantics, which can introduce bugs invisible to unit tests. This talk unpacks those differences with an eye toward practical engineering risks and security design. https://defisecuritysummit.org/schedule
Devconnect
Talk
22:32
Bulletproof Protocol for Set/Not-Set Membership Proofs: Security and Implementation Considerations
Doris Benda, Senior Blockchain Engineer, Concordium This talk presents how the Bulletproof protocol can be extended to support set/non-set membership proofs and takes a deep dive into common implementation-level security pitfalls, including missing inputs in the Fiat–Shamir heuristic (such as the `Frozen Heart` vulnerability and the `Last Challenge` attack). https://defisecuritysummit.org/schedule
Devconnect
Talk
21:29
Differential Fuzzing of the Vyper Compiler
Charles Cooper, Lead Developer, Vyper This talk introduces problems in compiler security. Further, it showcases a differential fuzzer of the Vyper language utilizing an AST interpreter as the correctness oracle. Ivy, a new Vyper interpreter, executes Vyper AST in a custom EVM and enables Csmith-style semantic equivalence testing against the compiler's bytecode. AST-aware, type-safe contract generator enables wide language coverage: generate contract → execute traces → compare semantics.
Devconnect
Talk
05:13
EIP-7702: Empowering EOA's, Expanding Attack Surfaces
Viraz Malhotra, Sr. Smart Contract Engineer, Camp Network In the brief history of account abstract, EIP 7702 has been a revolution, it has introduced a lot of cool ux friendly usecases around it so the talk is gonna cover all that. Also In this talk, we’ll explore the new attack surfaces introduced by EIP-7702, and it's implications for users, wallet providers etc We'll also dive into ERC 4337 as part of the history of account abstraction. https://defisecuritysummit.org/schedule
Devconnect
Talk
20:16
Going Beyond 100% Coverage
Alex The Entreprenerd, Founder, Recon This talk is about Logical Coverage, meaningful combinations of function calls which seems to lack words to describe them. We'll define Coverage Classes, and from there give a structured definition and an algorithm to enumerate an over approximation of feasible Logical Combinations, with the goal of making auditors and developers know when they have actually reviewed 100% of the code. https://defisecuritysummit.org/schedule
Devconnect
Talk
17:58
Governance as an Attack Vector
Zeugh Ion, Head of Research, Blockful.io Most relevant DeFi protocols today have governance in one way or another, and the lack of attention towards its security has led to more and more governance attacks over the last few years. We’re going to explore recent governance attacks and their characteristics https://defisecuritysummit.org/schedule
Devconnect
Talk
20:13
How dApps Can Stop Money Laundering
Julia Hardy, Co-Founder, Head of Investigations, zeroShadow Orest Gavryliak, CLO, 1inch North Korea pushed $1B of Bybit hacked funds through DeFi rails. Protocols turning a blind eye invite growing law enforcement attention. This talk presents concrete technical tools and case studies showing how disruption can actually work. https://defisecuritysummit.org/schedule