To share knowledge to prevent and mitigate security risks facing smart contract systems. I’m particularly interested in anything that improves the working relationship between auditors and developers, and the outcomes of working with a security audit firm.
For best results, the scope should be well defined, and strictly enforced.
- Secure development lifecycle
- especially how auditors can work with developers earlier (not doing security at the end)
- Auditing standards, techniques and best practices
- Security analysis tools
- Formal verification in practice
- Risk mitigation
- Running a good bug bounty
Out of scope
- Protocol governance
- Security of protocol client software
- Crypto-economics and game theory
- Product/service sales pitches which are not educational, or fre