I’m concerned that the need for security and correctness in smart contract engineering is being outweighed by the pressure to deliver highly complex systems to anxious ICO investors.

Following conversations at EdCon in Toronto, there’s a clear need for a gathering specifically focused on smart contract security. Here is my best attempt at outlining what I think this event would look like, as well as my open questions.

Goals

To share knowledge to prevent and mitigate security risks facing smart contract systems. I’m particularly interested in anything that improves the working relationship between auditors and developers, and the outcomes of working with a security audit firm.

Topics

For best results, the scope should be well defined, and strictly enforced.

in Scope Secure development lifecycle especially how auditors can work with developers earlier (not doing security at the end) Auditing standards, techniques and best practices

Security analysis tools

Formal verification in practice

Risk mitigation

Upgradeability

Running a good bug bounty

Out of scope Protocol governance

Security of protocol client software

Crypto-economics and game theory

Product/service sales pitches which are not educational, or fre

Event details

Timing/Location: August or September, at a time coinciding with another major event which would attract the right audience. ETHBerlin is a good candidate. It should be before, or after the primary event. Not concurrent, or as a sub-conference.

Attendance: Attendance should be skewed towards the security community, with healthy representation from high quality developer teams. I think this should be small-ish, in the range of 40 to 100 attendees.

Format: I really don’t know. An unconference format might work, but I’m least opinionated about this, and think it will figure itself out during the organization process.

Open Questions