Web3 Security Tools Seminar (W3ST) 2026
What is it?
The Web3 Security Tools Seminar (W3ST) is a focused gathering of developers and researchers who are building security-focused tools in the blockchain ecosystem.
No business pitches. No marketing. Just deep technical exchange.
This is a discussion-driven seminar where we prioritize interactive exchange over polished presentations. We especially welcome work-in-progress and early-stage ideas that can spark meaningful technical conversations.
Goals
- Share challenges and insights from building tools (static analysis, fuzzers, formal verification, AI, etc.)
- Discuss works-in-progress, experimental approaches, and half-baked ideas that need community feedback
- Bridge the security tooling community by exchanging ideas between teams, ecosystems, and open-source efforts
- Participate by asking questions, sharing insights, and contributing to discussions. This is a collaborative event, not just a series of lectures.
Program
| Time | Duration | Speaker | Affiliation | Talk |
|---|---|---|---|---|
| 2:00 - 2:20 | 20 min | - | - | Kickoff and introductions |
| 2:20 - 2:45 | 25 min | Martin Monperrus | KTH Royal Institute of Technology | Software Supply Chain Security of Web3 |
| 2:45 - 3:10 | 25 min | Patrick Collins | Cyfrin | BattleChain: The pre-mainnet, post-testnet solution |
| 3:10 - 3:25 | 15 min | - | - | Open Session / Break #1 |
| 3:25 - 3:50 | 25 min | Troy Sargent | Asymmetric Research | Fuzzing Solana Runtimes |
| 3:50 - 4:15 | 25 min | Kevin Valerio | Trail of Bits | Merge Them All: How We Brought State-of-the-Art Tooling into a Single Go Toolchain |
| 4:15 - 4:35 | 20 min | - | - | Open Session / Break #2 (snacks) |
| 4:35 - 5:00 | 25 min | Andrei Vacaru | Runtime Verification | Simbolik: From just Debugging to a Full Security Toolkit |
| 5:00 - 5:15 | 15 min | Jan Kalivoda | Ackee | Is It All Just Pattern Matching? (open discussion) |
| 5:15 - 5:30 | 15 min | - | - | Open Session / Break #3 |
| 5:30 - 5:55 | 25 min | IVa | lumis | RDF Graphs for DeFi Systemic Risks: Lessons for Contract-Level Security |
| 5:55 - 6:10 | 15 min | Brandon Chong | - | Representing state coverage with invariants |
| 6:10 - 6:15 | 5 min | - | - | Closing |
Call for Presentations
The CFP is closed.
We are looking for presentations that detail the technical aspects of tooling development. The target audience is fellow security tool experts, so we are seeking deeply technical submissions.
What We’re Looking For
We especially encourage work-in-progress presentations. This seminar thrives on live discussion, so incomplete ideas, experimental approaches, and ongoing research are not just welcome, they’re preferred. Share your challenges, partial solutions, and open questions with fellow tool builders.
Perfect submissions include:
- Experimental techniques you’re still validating
- Architectural decisions you’re debating
- Performance bottlenecks you’re trying to solve
- Novel approaches that need peer feedback
- Failed experiments with interesting lessons
- Early prototypes seeking community input
The following are examples of questions we would love to see discussed (not exhaustive):
- What EVM opcodes were the most challenging for your tool to support, and how did you overcome those challenges?
- What particular difficulties did you encounter when applying your Ethereum-based analysis to another chain?
- How do you balance speed with smart heuristics in your fuzzer?
- What strategies does your fuzzer use for its feedback loop?
- What lessons did you learn from using LLVM for EVM?
- What over- or under-approximation techniques did you use, and how did you decide between them?
- What heuristics do you follow to balance false positives and false negatives?
- How did you optimize your loop fixpoint to speed up your analysis?
- What prompt-engineering techniques were the most impactful in your LLM-based tool?
- How have LLMs improved your tools?
- How vibe coding change your approach to program analysis?
- What unexpected challenges emerged when scaling your tool to production?
- What design decisions would you revisit given what you know now?
Submissions on proprietary or closed-source tools are welcome, provided they share meaningful technical details.
Register Your Interest
REGISTRATION CLOSED
Logistics
- When: March 31th, during EthCC week (2-7pm)
- Where: Cannes, France (limited seats). The event will take place outside of EthCC main’s venue, so no EthCC’s ticket are needed
- Registration: Closed.
For questions: josselin@seceureka.com
Previous Edition
Interested in W3ST 2025? View the previous edition
Web3 Security Tools Seminar (W3ST) maintained by montyly
Published with GitHub Pages