EthCC[8] — summer 2025

Exploiting and Securing DeFi Projects with Formal Methods

We present a systematic way of finding/proving the absence of vulnerabilities in DeFi projects based on automatically extracting financial models from smart contracts and reasoning about them symbolically using DeepSEA, an open-source language/verification system. Attendees will learn how to capture the exact concept of soundness in DeFi projects, how to use DeepSEA to formally find/prevent two classes of interesting hacks (flash-loan attacks & price oracle manipulation attacks) using model checking and interactive proofs, and how to extend this method to DeFi protocol design.

SPEAKER

Xinyuan Sun

EVENT

EthCC[4]

Date

7/22/2021

Journey into building security tools for Cairo

EthCC[6]

WebAuthn Optimization: optimizing ECC sec256r1

EthCC[6]

MPC vs Account Abstraction: Better Together?

EthCC[6]

More Security for Mass Adoption

EthCC[6]

Building secure distributed Webhooks

EthCC[6]

How to Make bridges Fast & Furious (and survive)?

EthCC[6]

Practical security vs theoretical security

EthCC[6]

Ensuring Security : Formal Verification in Account abstraction

EthCC[6]

Lessons from a seasoned web3 security firm

EthCC[6]

Journey into building security tools for Cairo

EthCC[6]

WebAuthn Optimization: optimizing ECC sec256r1

EthCC[6]

MPC vs Account Abstraction: Better Together?

EthCC[6]

More Security for Mass Adoption

EthCC[6]

Building secure distributed Webhooks

EthCC[6]

How to Make bridges Fast & Furious (and survive)?

EthCC[6]

Practical security vs theoretical security

EthCC[6]

Ensuring Security : Formal Verification in Account abstraction

EthCC[6]

Lessons from a seasoned web3 security firm

EthCC[6]

Building secure contracts: Fuzzing like a pro

EthCC[6]

"Faster,Better,Stronger,Safer" BLS + ZKPs = Better Web3 for all

EthCC[6]

Auditing ink! with OpenZeppelin

EthCC[6]

Top Hacks since EthCC ’22: what did we learn?

EthCC[6]

You got Hacked, now What?

EthCC[6]

How to understand a hack

EthCC[6]

Medjai: Verifying ZK Smart Contracts

EthCC[6]

Auditing zkEVM and it's attack surfaces

EthCC[6]

CVL from ERC20 to Read Only Reentrancy

EthCC[6]

zkEVM audit: Soundness & Completeness

EthCC[6]

Smart Firewalls: The new dApp defenders

EthCC[6]

Building MPC Wallets

EthCC[6]

Research on EIP Security Specifications

EthCC[6]

Incident response at OpenZeppelin Contracts and how to be in the loop

EthCC[6]

Security doesn’t stop at code complete

EthCC[6]

Threshold Signature for Mass: Benchmarking & Usability Study

EthCC[6]

Risk mitigation strategies for node validators

EthCC[6]

Secure your Dapp or join the REKT database

EthCC[6]

Securing Your Self Custody

EthCC[6]

Auctions, coins and security

EthCC[5]

Blockchain Security/Privacy: dont keep it too simple!

EthCC[5]

Security monitoring for on-chain attacks

EthCC[5]

The Security Trilemma

EthCC[5]

Secure DeFi smart contract development on Ethereum

EthCC[5]

State of the Art of Ethereum Smart Contract Fuzzing in 2022

EthCC[5]

Private smart contracts using homomorphic encryption

EthCC[5]

Automated Vulnerability Fixing in (DeFi) Smart Contracts

EthCC[5]

Personal On-line HSM for Ethereum assets

EthCC[5]

Cairo Security 101 - Let's have a look at Cairo attack vectors

EthCC[5]

Hardening Blockchain Security with Formal Methods

EthCC[5]

Never Send To Know For Whom The Bell Tolls

EthCC[5]

Move Fast and Break Nothing

EthCC[5]

Lessons learned from over 300 security audits

EthCC[4]

Why Swarm is probably our best chance for a fair and re-decentralised internet

EthCC[4]

The streets of Dark Forest are paved with gold

EthCC[4]

From a Hackathon to your first Code Audit

EthCC[4]

Becoming the most secure crypto organisation

EthCC[4]

KVaC: Key-Value Commitments for Blockchains and Beyond

EthCC[4]

CryptoTerminal for Trusted Ethereum Transactions

EthCC[4]

Fully Automated Formal Verification

EthCC[4]

Combating Frontrunning and Malicious MEV Using Threshold Cryptography

EthCC[4]

Threshold ECDSA on a tiny secure element

EthCC[4]

Securing DeFi - A sneak peek in the world of Ledger Nano Ethereum plugins

EthCC[4]

Oracles from the Ground Truth to Market Manipulation

EthCC[4]

ERC20 Misbehaviors

EthCC[3]

Ethereum Flavored Packages

EthCC[3]

Sharded Security Model of Polkadot

EthCC[3]

Ether Wars Exploits Counter Exploits and Honeypots

EthCC[3]

The case against using TEEs in your crypto project

EthCC[3]

How we think about storing crypto is broken

EthCC[3]

Securely Connecting Smart Contracts to Off-chain Data and Events

EthCC[3]

Fuzzing the Solidity compiler

EthCC[3]

Transparent Dishonesty: frontrunning attacks on Blockchain

EthCC[3]

Perpetual Powers of Tau on SGX: a community zk- SNARKs Trusted Setup in TEE

EthCC[3]

Preventing Disaster

EthCC[3]

The Nuts, Bolts and Impossibility of Trustless Cross-Chain Communication

EthCC[3]

Perpetual Powers of Tau on SGX: a community zk- SNARKs Trusted Setup in TEE

EthCC[3]

Is it still immutable in the context on CREATE2

EthCC[3]

Mutation Testing for Smart Contracts

EthCC[3]

Securing Decentralized Exchanges with Hardware Wallets

EthCC[1]

Decentralised Key Management

EthCC[1]

Mining Pools and miner attacks

EthCC[1]

Building Decentralized Cloud Computing with iExec

EthCC[2]

Upgrade Driven Development with ZeppelinOS

EthCC[2]

Decentralized Oracles for the Next Generation of Smart Contracts

EthCC[2]

The Future of Stablecoins and Their Impact on the Crypto Ecosystem

EthCC[2]

Enabling Scalable Blockchain Solutions with Plasma and Rollups

EthCC[2]

Decentralized Lending: Challenges and Opportunities

EthCC[2]

Blockchain for Social Impact: Real-World Applications and Case Studies

EthCC[2]

Privacy-Preserving Mechanisms in Blockchain Technology

EthCC[2]

The Role of Governance in Blockchain Networks

EthCC[2]

Smart Contract Security: Techniques and Tools

EthCC[2]

Automated Verification of Smart Contracts: Current State and Future Directions

EthCC[2]

Interoperability Solutions for Blockchain Networks

EthCC[2]

Zero-Knowledge Proofs: Applications in Blockchain Technology

EthCC[2]

Blockchain for Supply Chain Management: Opportunities and Challenges

EthCC[2]

Decentralized Marketplaces: Building Trust and Reducing Friction

EthCC[2]

Building Secure Smart Contract Wallets with Gnosis Safe

EthCC[2]

Consensus Endgame: Ecosystem For Security & Decentralisation

EthCC[7]

Predicting Risk - Leveraging AI to Analyze Smart Contracts

EthCC[7]

Improving Node Operation Excellence with D.U.C.K.

EthCC[7]

Clear Sign All The Things

EthCC[7]

A security-in-depth approach to verifiable off-chain computations

EthCC[7]

OAuth 2.0 is Dead (Exploring Next-Gen Access Management)

EthCC[7]

Temporary storage low gas reentrancy

EthCC[7]

dApp Security: Creating a Trusted Web3 Space

EthCC[7]

Enough Hacks: A Framework for Building Secure Protocols

EthCC[7]

Formal Verification of Smart Contracts in Cairo

EthCC[7]

Ensuring the Sanity of Deployed Smart Contracts

EthCC[7]

On the importance of the Security Alliance

EthCC[7]

Embracing a Culture of Continuous Security

EthCC[7]

Developing Secure Multi-Provers with SGX

EthCC[7]

Preventing Unknown Attacks in DeFi

EthCC[7]

A Gentle Introduction To End To End Encrypted Messaging

EthCC[7]

Curvance: The Fuzzer's Edge

EthCC[7]

Secrets of Uniswap V4: A Deep Dive into Hooks Security

EthCC[7]

Demystifying Decentralized Confidential Computing #DeCC

EthCC[7]

Getting started with Kontrol: a formal verification tool

EthCC[7]

Is Privacy Gone? What Blockchain Data Reveals

EthCC[7]

North Korea Wages De Facto War on Everyone Here

EthCC[7]

How to securely configure and use Telegram & Twitter

EthCC[7]

How Did I Get Scammed And What Can I Do About It?

EthCC[7]

Journey into building security tools for Cairo

EthCC[6]

WebAuthn Optimization: optimizing ECC sec256r1

EthCC[6]

MPC vs Account Abstraction: Better Together?

EthCC[6]

More Security for Mass Adoption

EthCC[6]

Building secure distributed Webhooks

EthCC[6]

How to Make bridges Fast & Furious (and survive)?

EthCC[6]

Practical security vs theoretical security

EthCC[6]

Ensuring Security : Formal Verification in Account abstraction

EthCC[6]

Lessons from a seasoned web3 security firm

EthCC[6]

Journey into building security tools for Cairo

EthCC[6]

WebAuthn Optimization: optimizing ECC sec256r1

EthCC[6]

MPC vs Account Abstraction: Better Together?

EthCC[6]

More Security for Mass Adoption

EthCC[6]

Building secure distributed Webhooks

EthCC[6]

How to Make bridges Fast & Furious (and survive)?

EthCC[6]

Practical security vs theoretical security

EthCC[6]

Ensuring Security : Formal Verification in Account abstraction

EthCC[6]

Lessons from a seasoned web3 security firm

EthCC[6]

Building secure contracts: Fuzzing like a pro

EthCC[6]

"Faster,Better,Stronger,Safer" BLS + ZKPs = Better Web3 for all

EthCC[6]

Auditing ink! with OpenZeppelin

EthCC[6]

Top Hacks since EthCC ’22: what did we learn?

EthCC[6]

You got Hacked, now What?

EthCC[6]

How to understand a hack

EthCC[6]

Medjai: Verifying ZK Smart Contracts

EthCC[6]

Auditing zkEVM and it's attack surfaces

EthCC[6]

CVL from ERC20 to Read Only Reentrancy

EthCC[6]

zkEVM audit: Soundness & Completeness

EthCC[6]

Smart Firewalls: The new dApp defenders

EthCC[6]

Building MPC Wallets

EthCC[6]

Research on EIP Security Specifications

EthCC[6]

Incident response at OpenZeppelin Contracts and how to be in the loop

EthCC[6]

Security doesn’t stop at code complete

EthCC[6]

Threshold Signature for Mass: Benchmarking & Usability Study

EthCC[6]

Risk mitigation strategies for node validators

EthCC[6]

Secure your Dapp or join the REKT database

EthCC[6]

Securing Your Self Custody

EthCC[6]

Auctions, coins and security

EthCC[5]

Blockchain Security/Privacy: dont keep it too simple!

EthCC[5]

Security monitoring for on-chain attacks

EthCC[5]

The Security Trilemma

EthCC[5]

Secure DeFi smart contract development on Ethereum

EthCC[5]

State of the Art of Ethereum Smart Contract Fuzzing in 2022

EthCC[5]

Private smart contracts using homomorphic encryption

EthCC[5]

Automated Vulnerability Fixing in (DeFi) Smart Contracts

EthCC[5]

Personal On-line HSM for Ethereum assets

EthCC[5]

Cairo Security 101 - Let's have a look at Cairo attack vectors

EthCC[5]

Hardening Blockchain Security with Formal Methods

EthCC[5]

Never Send To Know For Whom The Bell Tolls

EthCC[5]

Move Fast and Break Nothing

EthCC[5]

Lessons learned from over 300 security audits

EthCC[4]

Why Swarm is probably our best chance for a fair and re-decentralised internet

EthCC[4]

The streets of Dark Forest are paved with gold

EthCC[4]

From a Hackathon to your first Code Audit

EthCC[4]

Becoming the most secure crypto organisation

EthCC[4]

KVaC: Key-Value Commitments for Blockchains and Beyond

EthCC[4]

CryptoTerminal for Trusted Ethereum Transactions

EthCC[4]

Fully Automated Formal Verification

EthCC[4]

Combating Frontrunning and Malicious MEV Using Threshold Cryptography

EthCC[4]

Threshold ECDSA on a tiny secure element

EthCC[4]

Securing DeFi - A sneak peek in the world of Ledger Nano Ethereum plugins

EthCC[4]

Oracles from the Ground Truth to Market Manipulation

EthCC[4]

ERC20 Misbehaviors

EthCC[3]

Ethereum Flavored Packages

EthCC[3]

Sharded Security Model of Polkadot

EthCC[3]

Ether Wars Exploits Counter Exploits and Honeypots

EthCC[3]

The case against using TEEs in your crypto project

EthCC[3]

How we think about storing crypto is broken

EthCC[3]

Securely Connecting Smart Contracts to Off-chain Data and Events

EthCC[3]

Fuzzing the Solidity compiler

EthCC[3]

Transparent Dishonesty: frontrunning attacks on Blockchain

EthCC[3]

Perpetual Powers of Tau on SGX: a community zk- SNARKs Trusted Setup in TEE

EthCC[3]

Preventing Disaster

EthCC[3]

The Nuts, Bolts and Impossibility of Trustless Cross-Chain Communication

EthCC[3]

Perpetual Powers of Tau on SGX: a community zk- SNARKs Trusted Setup in TEE

EthCC[3]

Is it still immutable in the context on CREATE2

EthCC[3]

Mutation Testing for Smart Contracts

EthCC[3]

Securing Decentralized Exchanges with Hardware Wallets

EthCC[1]

Decentralised Key Management

EthCC[1]

Mining Pools and miner attacks

EthCC[1]

Building Decentralized Cloud Computing with iExec

EthCC[2]

Upgrade Driven Development with ZeppelinOS

EthCC[2]

Decentralized Oracles for the Next Generation of Smart Contracts

EthCC[2]

The Future of Stablecoins and Their Impact on the Crypto Ecosystem

EthCC[2]

Enabling Scalable Blockchain Solutions with Plasma and Rollups

EthCC[2]

Decentralized Lending: Challenges and Opportunities

EthCC[2]

Blockchain for Social Impact: Real-World Applications and Case Studies

EthCC[2]

Privacy-Preserving Mechanisms in Blockchain Technology

EthCC[2]

The Role of Governance in Blockchain Networks

EthCC[2]

Smart Contract Security: Techniques and Tools

EthCC[2]

Automated Verification of Smart Contracts: Current State and Future Directions

EthCC[2]

Interoperability Solutions for Blockchain Networks

EthCC[2]

Zero-Knowledge Proofs: Applications in Blockchain Technology

EthCC[2]

Blockchain for Supply Chain Management: Opportunities and Challenges

EthCC[2]

Decentralized Marketplaces: Building Trust and Reducing Friction

EthCC[2]

Building Secure Smart Contract Wallets with Gnosis Safe

EthCC[2]

Consensus Endgame: Ecosystem For Security & Decentralisation

EthCC[7]

Predicting Risk - Leveraging AI to Analyze Smart Contracts

EthCC[7]

Improving Node Operation Excellence with D.U.C.K.

EthCC[7]

Clear Sign All The Things

EthCC[7]

A security-in-depth approach to verifiable off-chain computations

EthCC[7]

OAuth 2.0 is Dead (Exploring Next-Gen Access Management)

EthCC[7]

Temporary storage low gas reentrancy

EthCC[7]

dApp Security: Creating a Trusted Web3 Space

EthCC[7]

Enough Hacks: A Framework for Building Secure Protocols

EthCC[7]

Formal Verification of Smart Contracts in Cairo

EthCC[7]

Ensuring the Sanity of Deployed Smart Contracts

EthCC[7]

On the importance of the Security Alliance

EthCC[7]

Embracing a Culture of Continuous Security

EthCC[7]

Developing Secure Multi-Provers with SGX

EthCC[7]

Preventing Unknown Attacks in DeFi

EthCC[7]

A Gentle Introduction To End To End Encrypted Messaging

EthCC[7]

Curvance: The Fuzzer's Edge

EthCC[7]

Secrets of Uniswap V4: A Deep Dive into Hooks Security

EthCC[7]

Demystifying Decentralized Confidential Computing #DeCC

EthCC[7]

Getting started with Kontrol: a formal verification tool

EthCC[7]

Is Privacy Gone? What Blockchain Data Reveals

EthCC[7]

North Korea Wages De Facto War on Everyone Here

EthCC[7]

How to securely configure and use Telegram & Twitter

EthCC[7]

How Did I Get Scammed And What Can I Do About It?

EthCC[7]