Opens profile photo
Follow
Trail of Bits
@trailofbits
We help secure the world’s most targeted organizations and products. We combine security research with an attacker mentality to reduce risk and fortify code.
Science & TechnologyNew York, NYtrailofbits.comJoined March 2010

Trail of Bits’s posts

We’re thrilled to announce our new Testing Handbook, which gathers insights we gained over years of experience using static and dynamic analysis tools. It goes beyond standard documentation, focusing on giving the right answers rather than all the answers.
1
371
Over the years, we have accumulated advanced knowledge and guidance for writing better smart contracts. We are sharing this knowledge in the first release of building-secure-contracts: github.com/crytic/buildin Check out the repo to learn about best practices and tooling!
15
264
As smart contract security evolves, property-based fuzzing has become a go-to technique for developers and security engineers. To help the community define properties, we are releasing a set of 168 pre-built properties that can be used to guide Echidna.
5
198
Is your centralized exchange, bridge, or L2 client using block delays to determine transaction finality? If so, it may be vulnerable to re-orgs, double-spend attacks, and stolen funds. Our new guide to blockchain finality helps you avoid these attacks.
4
144
Upgrading smart contracts can introduce new bugs, risking millions of dollars. We've developed Diffusc, a differential fuzzer that compares two smart contracts to uncover unexpected differences in behavior before an upgrade is deployed.
4
129
We’ve built many high-impact tools that we use for security reviews. But mastering them can take time. So we're bringing the mastery to you: we're going to be livestreaming tool workshops on our Twitch and YouTube channels!
12
119
Clang isn't a toolsmith's compiler. PASTA tries to fix this by providing safe-to-use C++ and Python wrappers to the Clang AST. PASTA also answers questions that Clang can't, like how parsed tokens relate back to macro expansions and files. Learn more:
1
109
Trail of Bits is announcing a new practice focused on machine learning and artificial intelligence! We’re bringing together safety and security to create a new risk assessment and assurance program
3
98
What does your code use, and is it vulnerable? It-depends! Our new tool, It-Depends, can automatically build a dependency graph and software bill of materials (SBOM) for arbitrary code, even C and C++, and alert you to any upstream vulnerabilities.
1
97
Replying to
Our report is dense and technical, so we summarized its key findings in a 20-minute podcast in plain language. We believe it's crucial that a wider audience understand the risks of blockchain technology. Listen now:
3
76
Replying to
Studying these risks required the development of new tools. Two of these are now open-source: - It-Depends maps supply chain risks of C++ codebases: github.com/trailofbits/it - Fluxture maps geographic and topological information of blockchains:
2
67