SEA Community Hub Proposal: Web3 Security Researchers Hub

Summary of Proposal

The Web3 Security Community Hub is a collaborative platform for security researchers to share knowledge, participate in competitions, and explore job opportunities. Over four days, attendees will engage in panels, workshops, and a high-stakes hacking competition to enhance the security of Web3 protocols.
Motivation and Rationale

Enhancing Attendee Experience:

The Web3 Security Community Hub offers a unique, interactive experience for attendees to engage deeply with Web3 security. It provides hands-on opportunities to learn from experts, participate in real-world hacking competitions, and network with peers and industry leaders. This hub creates a focused environment for learning, collaboration, and professional growth.

Complementing the Main Programme at Devcon:

While Devcon covers a broad range of topics, the Web3 Security Community Hub zeroes in on the critical area of Web3 security. This specialized focus complements the main programme by providing an in-depth exploration of security challenges and solutions, which are essential for the growth and trustworthiness of Web3 technologies.

Significance of the Topic:

Web3 security is crucial as the adoption of decentralized technologies grows. Security breaches can have devastating impacts, making robust security measures imperative. The community hub format fosters a collaborative atmosphere where researchers can dive deep into security issues, share insights, and develop innovative solutions. This hands-on, community-driven approach is more effective than a traditional talk or workshop.

Implementation

The space with 32 sq m with about 20-25 chairs for people to sit.

Team

Akhil - Founder of Defenders Den

Defenders Den: Web3 security community

Alex - Founder of Opensense

Opensense: Web3 security community

PLAN (Down Below):

Day 1: Web3 Security Community Hub Kickoff

Morning to Afternoon

  1. 9:00 AM - 9:30 AM: Welcome and Introductions
  • Brief overview of the community’s purpose and goals.
  • Introduction of participants.

Discussion on below topics within security researchers:

  1. 9:30 AM - 10:30 AM: Job Opportunities and Salaries in Web3 Security
  • Discussion on career paths, roles, and compensation.
  • Q&A session.
  1. 10:45 AM - 11:45 AM: Auditing Platforms and Beyond
  • Overview of existing platforms (e.g., OpenZeppelin, CertiK).
  • Discussion on alternative approaches (formal verification, manual reviews).
  1. 12:00 PM - 1:00 PM: Seal Organization and Best Practices
  • Guest speaker from a Seal organization.
  • Case studies and success stories.
  1. 1:00 PM - 2:00 PM: Lunch Break

Afternoon to Evening

  1. 2:00 PM - 3:00 PM: Web3 Newsletters and Bug-Finding Tools
  • Recommended newsletters.
  • Popular bug-finding tools (Mythril, Slither, Echidna).
  1. 3:15 PM - 4:15 PM: Layer 2 Security Challenges
  • Deep dive into Layer 2 solutions.
  • Security considerations.
  1. 4:30 PM - 5:30 PM: Preventing Reentrancy Attacks
  • Code examples and best practices.

Day 2 & Day 3: Team Bug-Hunting Sessions

  1. 9:00 AM - 12:00 PM: Team Formation and Protocol Assignments
  • Divide participants into teams (5 members each).
  • Assign specific web3 protocols to each team.
  1. 1:00 PM - 4:00 PM: Bug Exploration and Knowledge Sharing
  • Teams explore their assigned protocols.
  • Researchers share bug-finding techniques.

Day 4: Networking and Private Auditing Opportunities

  1. 10:00 AM - 11:30 AM: Networking Session
  • Icebreakers and informal discussions.
  • Exchange contact information.
  1. 11:45 AM - 1:00 PM: Private Auditing Opportunities
  • Experienced auditors guide participants.
  • Real-world auditing scenarios.
  1. 2PM - 4:00 PM => Explore the event

I approached a auditing platform. They have problem with number of people finding bugs in that contest. [They want more people to participate (>>>> 25 people)]

Updated with the perfect plan - [with the same auditing competition in a different way (shadow audit within the teams)].

@Shyam_Sridhar

1 Like

Hey @akhilmanga! Thanks for putting this together, and your interest in hosting a community hub at Devcon SEA.

General Update on the Process

  • The RFP is open until the end of August.
  • Shortly after this (early first week of September), we will share which Community Hub proposals got accepted and will work with those accepted teams to fine-tune the proposals/hubs and how we can best meet their production requirements.

Thanks!

1 Like

Great proposal, @akhilmanga!

I agree that Web3 security is crucial as adoption grows, and I would go even further to say that Web3 itself can help improve the security of Web3 and Web2 applications. By decentralizing the auditing power, we can foster a much safer ecosystem for everyone. Also, by removing the need for trust between white-hat hackers and developers, bugs are detected and fixed earlier, affecting fewer users.

With this in mind, me and three others have bootstrapped a trustless bounty platform that connects white-hat hackers and developers in the task of finding bugs. Hackers don’t need to wait for their bug reports to be approved by a committee of humans. Their exploits are reviewed automatically by a program submitted by the developer, which is immutable and deterministic. The first hacker to submit a valid exploit is rewarded with the bounty, which is locked in the platform. If no one finds an exploit after the bounty termination date, whoever contributed to the bounty reward can issue a refund request.

The project is called Bug Buster (https://bugbuster.app/), and is live on OP Mainnet. We currently have a bounty for the Solidity compiler, with 4000 CTSI tokens locked. Anyone is free to attempt to crash the compiler with a Solidity program!

Hi!

Thank you so much for your patience as we review all the community hub proposals. A quick update: We have extended the deadline to submit a community hub application by one week, to the 7th of September 2024 (AoE time). You can now expect to hear from us about the outcome of your proposal by mid-September.

Thank you again! In the meantime, if you have any questions, please feel free to reach out to me.