05-27, 11:00–11:25 (CET), Seed
Ad-hoc practices no longer scale. This talk discusses three areas of Smart Contract Development where the Ethereum Community Standards help harden security: code, operations, and communications. By looking at what worked with large DAOs, technical specifications, and high-impact events, the attendees will leave with a concise, prioritised playbook for improving their security posture.
As Ethereum scales, immature practices leave protocols exposed. This session reveals how community-driven security standards can help transform three crucial areas of running any protocol - Code, Operations, Communications - from ad-hoc guesswork into repeatable safeguards.
- Code. Harness ERC interface discipline, audited and battle-tested libraries, common patterns, and emerging technical specifications to eliminate entire exploit classes while the contracts are still in development.
- Operations. Layer enterprise grade privilege configurations and InfoSec policies into your key management and software building processes: embedded fuzzing, formal-verification, on-chain monitors, security reviews across the development lifecycle, incident-response workflow, and much more.
- Communications. Move beyond "GM" and “DM us on Twitter” with public disclosure policies, emergency hotlines, DAO security-council charters, and post-mortem transparency that preserve user trust.
Drawing on first-hand work with large DAOs and dissecting high-impact incidents we show precisely what works and can become a standard for others to learn from. Attendees leave with a concise, prioritised Standards Playbook ready to harden security from day one.
A security auditor at Consensys Diligence, George has always been fascinated by Math & Technology. This led him to a degree in Applied Mathematics and a career in software, where he focused on the people aspect of tech -- privacy, personal data, digital identity, human-made data and so on. Eventually he found Ethereum and smart contracts, a promising world that seemed to perfectly fit his interests. At Consensys Diligence he decided to specialize in smart contract auditing to help the technology get adopted safely as usage skyrockets. In his spare time you can find him traveling the world and enjoying the little things in life.