What is it?
The Web3 Security Tools Seminar (W3ST) is a focused gathering of developers and researchers who are building security-focused tools in the blockchain ecosystem.
No business pitches. No marketing. Just deep technical exchange.
Goals
- Share challenges and insights from building tools (static analysis, fuzzers, formal verification, AI, etc.)
- Bridge the security tooling community by exchanging ideas between teams, ecosystems, and open-source efforts
- Participate by asking questions, sharing insights, and contributing to discussions. This is a collaborative event, not just a series of lectures.
Program
The following is a tentative program, and might evolve
| Time | Duration | Speaker | Affiliation | Category | Talk |
|---|---|---|---|---|---|
| 1:30 – 1:35 | 5 min | – | – | Opening | Welcome & Introduction |
| 1:35 – 1:50 | 15 min | Kaan Uzdogan | Sourcify | Community | Sourcify and Verifier Alliance: Open-source and open-data in source-code verification |
| 1:50 – 2:15 | 25 min | Gianluca Brigandi | Traverse | Static analysis | From Code to Graph: Building a Universal Representation for Solidity Analysis |
| 2:15 – 2:20 | 5 min | – | – | – | Short break |
| 2:20 – 2:45 | 25 min | Tomer Bar | AuditWare | Static analysis | Radar – a Static Analyzer for Solana and Rust Smart Contracts |
| 2:45 – 3:10 | 25 min | Louis Tsai | Amber Group | Decompiler | Mothra: A Ghidra EVM Decompiler Extension |
| 3:10 – 3:25 | 15 min | – | – | – | Break #1 |
| 3:25 – 3:50 | 25 min | Niklas Gögge | brink.dev | Fuzzing | Fuzzamoto: Holistic Fuzzing for Bitcoin Protocol Implementations |
| 3:50 – 4:15 | 25 min | Mate Soos | Argot Collective | Symbolic Execution | hevm, new frontiers in symbolic execution of EVM bytecode |
| 4:15 – 4:40 | 25 min | Alex The Entreprenerd | Recon | Fuzzing | Why fuzzing still sucks |
| 4:40 – 4:55 | 15 min | – | – | – | Break #2 |
| 4:55 – 5:20 | 25 min | Sofia Bobadilla | KTH, Royal Institute of Technology | Program Repair | Fixing Smart Contracts, For Real |
| 5:20 – 5:35 | 15 min | Benjamin Samuels | Trail of Bits | AI | Introducing Slither MCP |
| 5:35 – 5:40 | 5 min | – | – | – | Short break |
| 5:40 – 6:05 | 25 min | Gabriela Moreira | Informal Systems | AI | Executable Specs as Reality Checks for Overconfident AI |
| 6:05 – 6:30 | 25 min | Jan Kalivoda | Ackee Blockchain | AI | Why is every audit company launching an AI audit platform? |
| 6:30 – 6:35 | 5 min | – | – | Closing | Wrap-up & Thanks |
Logistics
- When: November 19th, during Devconnect 2025 (half-day session)
- Where: TBD (small venue, ~20 seats)
- Attendees: Limited, confirmation-based (waiting list is closed).
This seminar happens during Devconnect. For questions: josselin@seceureka.com.
Call for Submissions (Closed)
We are looking for presentations that detail the technical aspects of tooling development. The target audience is fellow security tool experts, so we are seeking deeply technical submissions.
The following are examples of questions we would love to see discussed (not exhaustive):
- What EVM opcodes were the most challenging for your tool to support, and how did you overcome those challenges?
- What particular difficulties did you encounter when applying your Ethereum-based analysis to another chain?
- How do you balance speed with smart heuristics in your fuzzer?
- What strategies does your fuzzer use for its feedback loop?
- What lessons did you learn from using LLVM for EVM?
- What over- or under-approximation techniques did you use, and how did you decide between them?
- What heuristics do you follow to balance false positives and false negatives?
- How did you optimize your loop fixpoint to speed up your analysis?
- What prompt-engineering techniques were the most impactful in your LLM-based tool?
- How have LLMs improved your tools?
Submissions on proprietary or closed-source tools are welcome, provided they share meaningful technical details.