EthCC[8] — summer 2025

Automated Vulnerability Fixing in (DeFi) Smart Contracts

According to some reports, as much as $1.3 billion were lost in DeFi hacks in 2021. Many of these attacks were enabled by well-known smart contract vulnerabilities or were caused by trivial mistakes made by smart contract developers. Automated program repair techniques aim to alleviate developers' burden of manually fixing such bugs by automatically generating patches for a given issue. The three challenges of smart contract repair are: identify the bug, fix the bug without breaking anything, and determine what constitutes "breaking something" in the absence of the formal specification. In this talk, we discuss how formal analysis techniques may assist in solving those issues. First, we use symbolic execution to detect the bug via detecting a violation of specific properties. We also demonstrate how symbolic execution can also be used to automatically infer specification of a smart contract. This allows us to assess the patches that we generate by mutating the source code of a smart contract. Our multi-component technique efficiently navigates the search space, generates higher-quality patches, and assesses them against the inferred specification.

SPEAKER

Palina Tolmach

EVENT

EthCC[5]

Date

7/21/2022

Journey into building security tools for Cairo

EthCC[6]

WebAuthn Optimization: optimizing ECC sec256r1

EthCC[6]

MPC vs Account Abstraction: Better Together?

EthCC[6]

More Security for Mass Adoption

EthCC[6]

Building secure distributed Webhooks

EthCC[6]

How to Make bridges Fast & Furious (and survive)?

EthCC[6]

Practical security vs theoretical security

EthCC[6]

Ensuring Security : Formal Verification in Account abstraction

EthCC[6]

Lessons from a seasoned web3 security firm

EthCC[6]

Journey into building security tools for Cairo

EthCC[6]

WebAuthn Optimization: optimizing ECC sec256r1

EthCC[6]

MPC vs Account Abstraction: Better Together?

EthCC[6]

More Security for Mass Adoption

EthCC[6]

Building secure distributed Webhooks

EthCC[6]

How to Make bridges Fast & Furious (and survive)?

EthCC[6]

Practical security vs theoretical security

EthCC[6]

Ensuring Security : Formal Verification in Account abstraction

EthCC[6]

Lessons from a seasoned web3 security firm

EthCC[6]

Building secure contracts: Fuzzing like a pro

EthCC[6]

"Faster,Better,Stronger,Safer" BLS + ZKPs = Better Web3 for all

EthCC[6]

Auditing ink! with OpenZeppelin

EthCC[6]

Top Hacks since EthCC ’22: what did we learn?

EthCC[6]

You got Hacked, now What?

EthCC[6]

How to understand a hack

EthCC[6]

Medjai: Verifying ZK Smart Contracts

EthCC[6]

Auditing zkEVM and it's attack surfaces

EthCC[6]

CVL from ERC20 to Read Only Reentrancy

EthCC[6]

zkEVM audit: Soundness & Completeness

EthCC[6]

Smart Firewalls: The new dApp defenders

EthCC[6]

Building MPC Wallets

EthCC[6]

Research on EIP Security Specifications

EthCC[6]

Incident response at OpenZeppelin Contracts and how to be in the loop

EthCC[6]

Security doesn’t stop at code complete

EthCC[6]

Threshold Signature for Mass: Benchmarking & Usability Study

EthCC[6]

Risk mitigation strategies for node validators

EthCC[6]

Secure your Dapp or join the REKT database

EthCC[6]

Securing Your Self Custody

EthCC[6]

Auctions, coins and security

EthCC[5]

Blockchain Security/Privacy: dont keep it too simple!

EthCC[5]

Security monitoring for on-chain attacks

EthCC[5]

The Security Trilemma

EthCC[5]

Secure DeFi smart contract development on Ethereum

EthCC[5]

State of the Art of Ethereum Smart Contract Fuzzing in 2022

EthCC[5]

Private smart contracts using homomorphic encryption

EthCC[5]

Personal On-line HSM for Ethereum assets

EthCC[5]

Cairo Security 101 - Let's have a look at Cairo attack vectors

EthCC[5]

Hardening Blockchain Security with Formal Methods

EthCC[5]

Never Send To Know For Whom The Bell Tolls

EthCC[5]

Move Fast and Break Nothing

EthCC[5]

Lessons learned from over 300 security audits

EthCC[4]

Why Swarm is probably our best chance for a fair and re-decentralised internet

EthCC[4]

The streets of Dark Forest are paved with gold

EthCC[4]

From a Hackathon to your first Code Audit

EthCC[4]

Becoming the most secure crypto organisation

EthCC[4]

KVaC: Key-Value Commitments for Blockchains and Beyond

EthCC[4]

CryptoTerminal for Trusted Ethereum Transactions

EthCC[4]

Fully Automated Formal Verification

EthCC[4]

Combating Frontrunning and Malicious MEV Using Threshold Cryptography

EthCC[4]

Threshold ECDSA on a tiny secure element

EthCC[4]

Exploiting and Securing DeFi Projects with Formal Methods

EthCC[4]

Securing DeFi - A sneak peek in the world of Ledger Nano Ethereum plugins

EthCC[4]

Oracles from the Ground Truth to Market Manipulation

EthCC[4]

ERC20 Misbehaviors

EthCC[3]

Ethereum Flavored Packages

EthCC[3]

Sharded Security Model of Polkadot

EthCC[3]

Ether Wars Exploits Counter Exploits and Honeypots

EthCC[3]

The case against using TEEs in your crypto project

EthCC[3]

How we think about storing crypto is broken

EthCC[3]

Securely Connecting Smart Contracts to Off-chain Data and Events

EthCC[3]

Fuzzing the Solidity compiler

EthCC[3]

Transparent Dishonesty: frontrunning attacks on Blockchain

EthCC[3]

Perpetual Powers of Tau on SGX: a community zk- SNARKs Trusted Setup in TEE

EthCC[3]

Preventing Disaster

EthCC[3]

The Nuts, Bolts and Impossibility of Trustless Cross-Chain Communication

EthCC[3]

Perpetual Powers of Tau on SGX: a community zk- SNARKs Trusted Setup in TEE

EthCC[3]

Is it still immutable in the context on CREATE2

EthCC[3]

Mutation Testing for Smart Contracts

EthCC[3]

Securing Decentralized Exchanges with Hardware Wallets

EthCC[1]

Decentralised Key Management

EthCC[1]

Mining Pools and miner attacks

EthCC[1]

Building Decentralized Cloud Computing with iExec

EthCC[2]

Upgrade Driven Development with ZeppelinOS

EthCC[2]

Decentralized Oracles for the Next Generation of Smart Contracts

EthCC[2]

The Future of Stablecoins and Their Impact on the Crypto Ecosystem

EthCC[2]

Enabling Scalable Blockchain Solutions with Plasma and Rollups

EthCC[2]

Decentralized Lending: Challenges and Opportunities

EthCC[2]

Blockchain for Social Impact: Real-World Applications and Case Studies

EthCC[2]

Privacy-Preserving Mechanisms in Blockchain Technology

EthCC[2]

The Role of Governance in Blockchain Networks

EthCC[2]

Smart Contract Security: Techniques and Tools

EthCC[2]

Automated Verification of Smart Contracts: Current State and Future Directions

EthCC[2]

Interoperability Solutions for Blockchain Networks

EthCC[2]

Zero-Knowledge Proofs: Applications in Blockchain Technology

EthCC[2]

Blockchain for Supply Chain Management: Opportunities and Challenges

EthCC[2]

Decentralized Marketplaces: Building Trust and Reducing Friction

EthCC[2]

Building Secure Smart Contract Wallets with Gnosis Safe

EthCC[2]

Consensus Endgame: Ecosystem For Security & Decentralisation

EthCC[7]

Predicting Risk - Leveraging AI to Analyze Smart Contracts

EthCC[7]

Improving Node Operation Excellence with D.U.C.K.

EthCC[7]

Clear Sign All The Things

EthCC[7]

A security-in-depth approach to verifiable off-chain computations

EthCC[7]

OAuth 2.0 is Dead (Exploring Next-Gen Access Management)

EthCC[7]

Temporary storage low gas reentrancy

EthCC[7]

dApp Security: Creating a Trusted Web3 Space

EthCC[7]

Enough Hacks: A Framework for Building Secure Protocols

EthCC[7]

Formal Verification of Smart Contracts in Cairo

EthCC[7]

Ensuring the Sanity of Deployed Smart Contracts

EthCC[7]

On the importance of the Security Alliance

EthCC[7]

Embracing a Culture of Continuous Security

EthCC[7]

Developing Secure Multi-Provers with SGX

EthCC[7]

Preventing Unknown Attacks in DeFi

EthCC[7]

A Gentle Introduction To End To End Encrypted Messaging

EthCC[7]

Curvance: The Fuzzer's Edge

EthCC[7]

Secrets of Uniswap V4: A Deep Dive into Hooks Security

EthCC[7]

Demystifying Decentralized Confidential Computing #DeCC

EthCC[7]

Getting started with Kontrol: a formal verification tool

EthCC[7]

Is Privacy Gone? What Blockchain Data Reveals

EthCC[7]

North Korea Wages De Facto War on Everyone Here

EthCC[7]

How to securely configure and use Telegram & Twitter

EthCC[7]

How Did I Get Scammed And What Can I Do About It?

EthCC[7]

Journey into building security tools for Cairo

EthCC[6]

WebAuthn Optimization: optimizing ECC sec256r1

EthCC[6]

MPC vs Account Abstraction: Better Together?

EthCC[6]

More Security for Mass Adoption

EthCC[6]

Building secure distributed Webhooks

EthCC[6]

How to Make bridges Fast & Furious (and survive)?

EthCC[6]

Practical security vs theoretical security

EthCC[6]

Ensuring Security : Formal Verification in Account abstraction

EthCC[6]

Lessons from a seasoned web3 security firm

EthCC[6]

Journey into building security tools for Cairo

EthCC[6]

WebAuthn Optimization: optimizing ECC sec256r1

EthCC[6]

MPC vs Account Abstraction: Better Together?

EthCC[6]

More Security for Mass Adoption

EthCC[6]

Building secure distributed Webhooks

EthCC[6]

How to Make bridges Fast & Furious (and survive)?

EthCC[6]

Practical security vs theoretical security

EthCC[6]

Ensuring Security : Formal Verification in Account abstraction

EthCC[6]

Lessons from a seasoned web3 security firm

EthCC[6]

Building secure contracts: Fuzzing like a pro

EthCC[6]

"Faster,Better,Stronger,Safer" BLS + ZKPs = Better Web3 for all

EthCC[6]

Auditing ink! with OpenZeppelin

EthCC[6]

Top Hacks since EthCC ’22: what did we learn?

EthCC[6]

You got Hacked, now What?

EthCC[6]

How to understand a hack

EthCC[6]

Medjai: Verifying ZK Smart Contracts

EthCC[6]

Auditing zkEVM and it's attack surfaces

EthCC[6]

CVL from ERC20 to Read Only Reentrancy

EthCC[6]

zkEVM audit: Soundness & Completeness

EthCC[6]

Smart Firewalls: The new dApp defenders

EthCC[6]

Building MPC Wallets

EthCC[6]

Research on EIP Security Specifications

EthCC[6]

Incident response at OpenZeppelin Contracts and how to be in the loop

EthCC[6]

Security doesn’t stop at code complete

EthCC[6]

Threshold Signature for Mass: Benchmarking & Usability Study

EthCC[6]

Risk mitigation strategies for node validators

EthCC[6]

Secure your Dapp or join the REKT database

EthCC[6]

Securing Your Self Custody

EthCC[6]

Auctions, coins and security

EthCC[5]

Blockchain Security/Privacy: dont keep it too simple!

EthCC[5]

Security monitoring for on-chain attacks

EthCC[5]

The Security Trilemma

EthCC[5]

Secure DeFi smart contract development on Ethereum

EthCC[5]

State of the Art of Ethereum Smart Contract Fuzzing in 2022

EthCC[5]

Private smart contracts using homomorphic encryption

EthCC[5]

Personal On-line HSM for Ethereum assets

EthCC[5]

Cairo Security 101 - Let's have a look at Cairo attack vectors

EthCC[5]

Hardening Blockchain Security with Formal Methods

EthCC[5]

Never Send To Know For Whom The Bell Tolls

EthCC[5]

Move Fast and Break Nothing

EthCC[5]

Lessons learned from over 300 security audits

EthCC[4]

Why Swarm is probably our best chance for a fair and re-decentralised internet

EthCC[4]

The streets of Dark Forest are paved with gold

EthCC[4]

From a Hackathon to your first Code Audit

EthCC[4]

Becoming the most secure crypto organisation

EthCC[4]

KVaC: Key-Value Commitments for Blockchains and Beyond

EthCC[4]

CryptoTerminal for Trusted Ethereum Transactions

EthCC[4]

Fully Automated Formal Verification

EthCC[4]

Combating Frontrunning and Malicious MEV Using Threshold Cryptography

EthCC[4]

Threshold ECDSA on a tiny secure element

EthCC[4]

Exploiting and Securing DeFi Projects with Formal Methods

EthCC[4]

Securing DeFi - A sneak peek in the world of Ledger Nano Ethereum plugins

EthCC[4]

Oracles from the Ground Truth to Market Manipulation

EthCC[4]

ERC20 Misbehaviors

EthCC[3]

Ethereum Flavored Packages

EthCC[3]

Sharded Security Model of Polkadot

EthCC[3]

Ether Wars Exploits Counter Exploits and Honeypots

EthCC[3]

The case against using TEEs in your crypto project

EthCC[3]

How we think about storing crypto is broken

EthCC[3]

Securely Connecting Smart Contracts to Off-chain Data and Events

EthCC[3]

Fuzzing the Solidity compiler

EthCC[3]

Transparent Dishonesty: frontrunning attacks on Blockchain

EthCC[3]

Perpetual Powers of Tau on SGX: a community zk- SNARKs Trusted Setup in TEE

EthCC[3]

Preventing Disaster

EthCC[3]

The Nuts, Bolts and Impossibility of Trustless Cross-Chain Communication

EthCC[3]

Perpetual Powers of Tau on SGX: a community zk- SNARKs Trusted Setup in TEE

EthCC[3]

Is it still immutable in the context on CREATE2

EthCC[3]

Mutation Testing for Smart Contracts

EthCC[3]

Securing Decentralized Exchanges with Hardware Wallets

EthCC[1]

Decentralised Key Management

EthCC[1]

Mining Pools and miner attacks

EthCC[1]

Building Decentralized Cloud Computing with iExec

EthCC[2]

Upgrade Driven Development with ZeppelinOS

EthCC[2]

Decentralized Oracles for the Next Generation of Smart Contracts

EthCC[2]

The Future of Stablecoins and Their Impact on the Crypto Ecosystem

EthCC[2]

Enabling Scalable Blockchain Solutions with Plasma and Rollups

EthCC[2]

Decentralized Lending: Challenges and Opportunities

EthCC[2]

Blockchain for Social Impact: Real-World Applications and Case Studies

EthCC[2]

Privacy-Preserving Mechanisms in Blockchain Technology

EthCC[2]

The Role of Governance in Blockchain Networks

EthCC[2]

Smart Contract Security: Techniques and Tools

EthCC[2]

Automated Verification of Smart Contracts: Current State and Future Directions

EthCC[2]

Interoperability Solutions for Blockchain Networks

EthCC[2]

Zero-Knowledge Proofs: Applications in Blockchain Technology

EthCC[2]

Blockchain for Supply Chain Management: Opportunities and Challenges

EthCC[2]

Decentralized Marketplaces: Building Trust and Reducing Friction

EthCC[2]

Building Secure Smart Contract Wallets with Gnosis Safe

EthCC[2]

Consensus Endgame: Ecosystem For Security & Decentralisation

EthCC[7]

Predicting Risk - Leveraging AI to Analyze Smart Contracts

EthCC[7]

Improving Node Operation Excellence with D.U.C.K.

EthCC[7]

Clear Sign All The Things

EthCC[7]

A security-in-depth approach to verifiable off-chain computations

EthCC[7]

OAuth 2.0 is Dead (Exploring Next-Gen Access Management)

EthCC[7]

Temporary storage low gas reentrancy

EthCC[7]

dApp Security: Creating a Trusted Web3 Space

EthCC[7]

Enough Hacks: A Framework for Building Secure Protocols

EthCC[7]

Formal Verification of Smart Contracts in Cairo

EthCC[7]

Ensuring the Sanity of Deployed Smart Contracts

EthCC[7]

On the importance of the Security Alliance

EthCC[7]

Embracing a Culture of Continuous Security

EthCC[7]

Developing Secure Multi-Provers with SGX

EthCC[7]

Preventing Unknown Attacks in DeFi

EthCC[7]

A Gentle Introduction To End To End Encrypted Messaging

EthCC[7]

Curvance: The Fuzzer's Edge

EthCC[7]

Secrets of Uniswap V4: A Deep Dive into Hooks Security

EthCC[7]

Demystifying Decentralized Confidential Computing #DeCC

EthCC[7]

Getting started with Kontrol: a formal verification tool

EthCC[7]

Is Privacy Gone? What Blockchain Data Reveals

EthCC[7]

North Korea Wages De Facto War on Everyone Here

EthCC[7]

How to securely configure and use Telegram & Twitter

EthCC[7]

How Did I Get Scammed And What Can I Do About It?

EthCC[7]