Skip to content

davidpius95/publications

BranchesTags
Β 
Β 

Repository files navigation

Publications from Trail of Bits

Academic papers

Paper Title Venue Publication Date
Evaluating Static Analysis Tools via Differential Mutation QRS 2021 Dec 2021
echidna-parade: Diverse multicore smart contract fuzzing ISSTA 2021 July 2021
Differential analysis of x86-64 instruction decoders LangSec 2021 May 2021
Echidna: effective, usable, and fast fuzzing for smart contracts ISSTA 2020 July 2020
Automated Grammar Extraction via Semantic Labeling of Parsers LangSec 2020 May 2020
What are the Actual Flaws in Important Smart Contracts? FC 2020 Feb 2020
Echidna: A Practical Smart Contract Fuzzer FC 2020 Feb 2020
RSA GTFO PoC||GTFO 0x20 Jan 2020
Manticore: Symbolic Execution for Binaries and Smart Contracts ASE 2019 Jun 2019
Slither: A Static Analysis Framework For Smart Contracts WETSEB 2019 May 2019
Toward Smarter Vulnerability Discovery Using Machine Learning AISec 2018 Oct 2018
The Past, Present, and Future of Cyberdyne IEEE S&P Apr 2018
DeepState - Symbolic Unit Testing for C and C++ BAR 2018 Feb 2018
Cyber-Deception and Attribution in Capture-the-Flag Exercises FOSINT-SI 2015 Jul 2015

Conference presentations

Automated bug finding and exploitation

Presentation Title Author(s) Year
Differential analysis of x86-64 instruction decoders William Woodruff, Niki Carroll, Sebastiaan Peters 2021
How to find bugs when (ground) truth isn't real William Woodruff 2020
The Treachery of Files and Two New Tools that Tame It Evan Sultanik 2019
Symbolically Executing a Fuzzy Tyrant Stefan Edwards 2019
Kernel space fault injection with KRF William Woodruff 2019
Binary Symbolic Execution With KLEE-Native Sai Vegasena 2019
Going sicko mode on the Linux Kernel William Woodruff 2019
Vulnerability Modeling with Binary Ninja Josh Watson 2018
File Polyglottery; or, This PoC is also a picture of cats Evan Sultanik 2017
Be a binary rockstar Sophia D'Antoine 2017
Symbolic Execution for Humans Mark Mossberg 2017
The spirit of the 90s is still alive in Brooklyn Ryan Stortz, Sophia D'Antoine 2017
The dream of a static and dynamic analysis shootout Ryan Stortz 2016
Binary constraint solving for automatic exploit generation Sophia D'Antoine 2016
The Smart Fuzzer Revolution Dan Guido 2016
Making a scaleable automated hacking system Artem Dinaburg 2016
Cyberdyne - Automatic bug-finding at scale Peter Goodman 2016
McSema: Static translation of x86 to LLVM IR Andrew Ruef, Artem Dinaburg 2014

Blockchain

Presentation Title Author(s) Year
How to fuzz like a pro Josselin Feist, Nat Chin 2022
Building a Practical Static Analyzer for Smart Contracts Josselin Feist 2021
Testing and Verifying Smart Contracts: From Theory to Practice Josselin Feist 2021
Safely integrating with ERC20 tokens Josselin Feist 2021
Detecting transaction replacement attacks with Manticore Sam Moelius 2020
Fantastic Bugs and How to Squash Them; or, the Crimes of Solidity Evan Sultanik 2019
SlithIR: High-Precision Security Analysis with an IR for Solidity Josselin Feist 2019
Slither: A Static Analysis Framework for Smart Contracts Josselin Feist 2019
What blockchain got right Dan Guido 2019
Property-testing of smart contracts JP Smith 2018
Anatomy of an unsafe programming language Evan Sultanik 2018
Contract upgrade risks and recommendations Josselin Feist 2018
Blackhat Ethereum Ryan Stortz, Jay Little 2018
Blockchain Autopsies - Analyzing Smart Contract Deaths Jay Little 2018
Rattle - an Ethereum EVM binary analysis framework Ryan Stortz 2018
Securing value on the Ethereum blockchain Dan Guido 2018
Binary analysis, meet the blockchain Mark Mossberg 2018
Automatic bug finding for the blockchain Felipe Manzano, Josselin Feist 2017

Cryptography

Presentation Title Author(s) Year
die, PGP, die William Woodruff 2022
Seriously, stop using RSA Ben Perez 2019
Best Practices for Cryptography in Python Paul Kehrer 2019
Analyzing the MD5 collision in Flame Alex Sotirov 2012

Engineering

Presentation Title Author(s) Year
Improving PyPI's security with Two Factor Authentication William Woodruff 2019
Linux Security Event Monitoring with osquery Alessandro Gario 2019
osql: The community oriented osquery fork Stefano Bonicatti, Mark Mossberg 2019
Getting started with osquery Lauren Pearl, Andy Ying 2018
osquery Super Features Lauren Pearl 2018
osquery Extension Skunkworks Mike Myers 2018
Build it Break it Fix it Andrew Ruef 2014

Education

Presentation Title Author(s) Year
A mostly gentle introduction to LLVM William Woodruff 2022
JWTs, and why they suck Rory M 2021
The Joy of Pwning Sophia D'Antoine 2017
How to CTF - Getting and using Other People's Computers (OPC) Jay Little 2014
Low-level Security Andrew Ruef 2014
Security and Your Business Andrew Ruef 2014
Bringing nothing to the party Vincenzo Iozzo 2013
From One Ivory Tower to Another Vincenzo Iozzo 2012

Infrastructure

Presentation Title Author(s) Year
Return to the 100 Acre Woods Stefan Edwards 2019
Swimming with the kubectl fish Stefan Edwards 2019

Machine Learning

Presentation Title Author(s) Year
Exploiting Machine Learning Pickle Files Carson Harmon, Evan Sultanik, Jim Miller, Suha Hussain 2021
PrivacyRaven: Comprehensive Privacy Testing for Deep Learning Suha Hussain 2020

Mobile security

Presentation Title Author(s) Year
Swift Reversing Ryan Stortz 2016
Modern iOS Application Security Sophia D'Antoine, Dan Guido 2016
The Mobile Exploit Intelligence Project Dan Guido 2012
A Tale of Mobile Threats Vincenzo Iozzo 2012

Programming

Presentation Title Author(s) Year
Python internals - let's talk about dicts Dominik Czarnota 2019
Low-level debugging with Pwndbg Dominik Czarnota 2018
Insecure Things to Avoid in Python Dominik Czarnota 2018

Side channels

Presentation Title Author(s) Year
Hardware side channels in virtualized environments Sophia D'Antoine 2015
Exploiting Out-of-Order Execution Sophia D'Antoine 2015

Threat analysis & malware

Presentation Title Author(s) Year
Peeling back the 'Shlayers' of macOS Malware Josh Watson, Erika Noerenberg 2019
The Exploit Intelligence Project Revisited Dan Guido 2013

Datasets

Dataset Date
Smart Contract Audit Findings Aug 2019

Podcasts

Podcast Guest Date Topic(s)
Risky Business 672 Dan Guido Jul 2022 Blockchain security
Cloud Security Reinvented Nick Selby Jun 2022 Cloud security
Skiff Office Hours Dan Guido Mar 2022 Privacy technology
Risky Business 652 Dan Guido Jan 2022 Zero-knowledge proofs
Secureum Safecast #3 Josselin Feist Nov 2021 Blockchain security
Secureum Safecast #2 Dan Guido Oct 2021 Blockchain security
Press Freedom Foundation Dan Guido Jul 2021 Mobile security and iVerify
Employee Cycle Hannah Hanks Mar 2021 First PeopleOps hire
Risky Business 614 Dan Guido Feb 2021 iVerify
Building Better Systems #6 Dan Guido Jan 2021 What blockchain got right
WCBS 880 Dan Guido Sep 2020 Gap years and intern hiring
Risky Business 594 Dan Guido Aug 2020 Apple security
Epicenter 346 Dan Guido Jun 2020 Smart contract security
Absolute AppSec 97 Stefan Edwards May 2020 Threat modeling
Unchained 170 Dan Guido May 2020 DeFi security
Risky Business 580 Dan Guido Apr 2020 Mobile voting
Absolute AppSec 91 Stefan Edwards Apr 2020 Mobile voting
Zero Knowledge 122 Ben Perez Mar 2020 Cryptography reviews, ZKPs
Changelog Dan Guido Jan 2020 AlgoVPN
Risky Business 559 Stefan Edwards Oct 2019 Kubernetes
FOSS Weekly 545 William Woodruff Sep 2019 PyPI security improvements
Podcast.__init__ 225 William Woodruff Aug 2019 PyPI security, UX, and sustainability
Absolute AppSec 68 Stefan Edwards, Bobby Tonic Aug 2019 Kubernetes
Hashing it Out 53 Dan Guido Jul 2019 Smart contract testing
Absolute AppSec 60 Stefan Edwards May 2019 Android, programming languages
Absolute AppSec 55 Stefan Edwards Apr 2019 Security testing
Hashing it Out 35 Dan Guido, Josselin Feist Jan 2019 Ethereum's failed EIP-1283
Risky Business JP Smith Jan 2019 Post-quantum crypto in CTFs
Absolute AppSec 37 Stefan Edwards Nov 2018 Programming languages, symbex
Risky Business 510 Lauren Pearl Aug 2018 Open source security engineering
Absolute AppSec 34 Stefan Edwards Oct 2018 Security testing, blockchain
Zero Knowledge 16 JP Smith Mar 2018 Smart contract security
Risky Business 488 JP Smith Feb 2018 Smart contract testing w/ Manticore
Risky Business 474 Dan Guido Oct 2017 How to engineer secure software
Georgian Partners 47 Dan Guido May 2017 AlgoVPN and Tor
VUC 643 Dan Guido Apr 2017 AlgoVPN
Risky Business 449 Dan Guido Mar 2017 Control Flow Integrity
Risky Business 425 Dan Guido Sep 2016 Recap the week's news
Risky Business 421 Dan Guido Aug 2016 Car hacking and the week's news
Risky Business 416 Dan Guido Jul 2016 DARPA Cyber Grand Challenge
Risky Business 399 Dan Guido Feb 2016 Apple vs the FBI
Risky Business 370 Dan Guido Feb 2015 DARPA Cyber Grand Challenge
Risky Business 348 Dan Guido Jun 2015 DARPA Cyber Grand Challenge

Security reviews

Companies that have allowed us to speak about our work can be found here. Many more remain confidential.

Technology product reviews

Product Date Level of Effort Announcement Report
Hashicorp Terraform Cloud June 2022 6
Binance CGGMP21 and FROST May 2022 8
Datadog May 2022 6
Phantom Wallet Apr 2022 4
Datadog May 2022 6
MATTR May 2022 4
ArmorLock Apr 2022 6
DigitalOcean Function Apr 2022 4
Auvik Collector Apr 2022 8
snarkVM and snarkOS Apr 2022 12
Fuchsia Platform Mar 2022 8
Optimus ROM Jan 2022 4
BitcoinBeach Mar 2022 4 πŸ“„
osquery Jan 2022 6
Redjack Dec 2021 2
DigitalOcean Cloud Nov 2021 12
SpruceID Oct 2021 12 πŸ“„
Doppler Sept 2021 4
Datadog Agent Aug 2021 8
Appian Jun 2021 4
Cashero-2.0 Jun 2021 4
Orbit Apr 2021 1
Linux Kernel Apr 2021 2 Linux Kernel Release Signing and Key Management πŸ“„
VGS Proxy Apr 2021 4
Skiff Feb 2021 4
CircleCI Server 3.0 Jan 2021 6 Penetration testing at CircleCI
BitMEX Jan 2021 4
SecureDrop Dec 2020 8 2nd audit of SecureDrop Workstation πŸ“„
Citizen Browser Dec 2020 0.43 How We Built a Facebook Inspector
Ren Aug 2020 4 August Development Update πŸ“„
Hey.com Jun 2020 1 Serious Security πŸ“„
Azure Sphere Jun 2020 12 Azure Sphere 20.07 Security Enhancements
Zoom May 2020 9 90 Days Done, What’s Next for Zoom
Secure Transport Apr 2020 4
ZeroTier 2.0 Mar 2020 2 ZeroTier πŸ“„
Standard Notes Mar 2020 1 Standard Notes Completes Crypto Audit πŸ“„
Voatz Feb 2020 12 Voatz, Tusk πŸ“„ πŸ“›
Vault Feb 2020 12
Voice Jan 2020 4
Sweet B Jan 2020 4 Western Digital πŸ“„
SanDisk X600 May 2019 6 Multiple vulnerabilities in SanDisk X600 πŸ“„
Azure Sphere Jun 2019 12
Project Callisto Aug 2018 5
zlib Sep 2016 1 πŸ“„

Cloud-Native reviews

Product Date Level of Effort Announcement Report
Tekton Mar 2022 4
Linkerd Feb 2022 4
CoreDNS Jan 2022 4 πŸ“„
Terrform Enterprise Nov 2021 6
Nomad Enterpprise Nov 2021 6
Consul Enterprise Oct 2021 6
Vault Enterprise Oct 2021 6
HashiCorp Cloud Jun 2021 8
Argo Mar 2021 4 πŸ“› πŸ“„
Terrform Cloud Jan 2021 6
Consul Oct 2020 10
Nomad Aug 2020 6
Helm Aug 2020 4 Helm 2nd Security Audit πŸ“„
Terraform Mar 2020 6
OPA Mar 2020 2 Open Policy Agent (OPA) Graduation Proposal πŸ“„
etcd Jan 2020 4 CNCF πŸ“„
Rook Dec 2019 2 CNCF πŸ“„
Kubernetes May 2019 12 Google, CNCF πŸ“› πŸ“„ πŸ“°

Blockchain reviews

Algorand

Product Date Level of Effort Announcement Report
wXTZ Nov 2020 4 πŸ“„
wALGO Nov 2020 4 πŸ“„
Meld Gold Jul 2020 2
Algorand Mar 2019 14 Success and momentum of Algorand
Pixel Dec 2019 4

Avalanche

Product Date Level of Effort Announcement Report
Alkimiya Silica V2 June 2022 6
Ava Labs Apr 2022 8
Flare Network Mar 2021 8

Bitcoin & derivatives

Product Date Level of Effort Announcement Report
STAS SDK Oct 2021 4
STAS-JS SDK Sept 2021 4
Bitcoin SV Jan 2021 6
Zcoin Jul 2020 2 Lelantus Cryptographic Library Audit Results πŸ“„
Zcash Apr 2020 3 Heartwood security assessment results πŸ“„
Zcash Nov 2019 6 NU3, Blossom, and Sapling security reviews πŸ“„
Zcash Nov 2019 6 πŸ“„
Paymail Protocol Nov 2019 7
Bitcoin SV Nov 2018 12
Simple Ledger Oct 2019 3
ZecWallet Apr 2019 2 πŸ“„
RSKj Nov 2017 6 RSK security audit results πŸ“„

Ethereum/EVM

Product Date Level of Effort Announcement Report
Morpho June 2022 4 @trailofbits performed a security audit of Morpho πŸ“„
Balancer Relayer Contracts June 2022 2
AuctionRaffle May 2022 2
Seaport Protocol May 2022 4 Introducing Seaport Protocol πŸ“„
Shell Protocol V2 May 2022 4
Optimism Apr 2022 6
NFTX Apr 2022 4 Trail of Bits Audit πŸ“„
Frax May 2022 4
ReserveLending+ Apr 2022 4 Security Audit for ReserveLending+
Firefly Apr 2022 4
Gamestop Wallet Mar 2022 0.6 GameStop Launches Wallet for Cryptocurrencies and NFTs
Gyroscope Mar 2022 6
LooksRare Mar 2022 4 πŸ“„
Symbiosis Mar 2022 2
RAILGUN Feb 2022 4
RAILWAY Feb 2022 4
Persistence ETH2.0 Feb 2022 4
Advanced Blockchain Feb 2022 6 πŸ“„
Perpetual Protocol V2 Feb 2022 4 πŸ“„
Futureswap V4.1 Feb 2022 4
Firefly Feb 2022 8
API3 Feb 2022 8 πŸ“„
Beethoven X Feb 2022 1 πŸ“„
Minterest Finance Jan 2022 6
pSTAKE Jan 2022 6
Primitive Jan 2022 8 Publishing the Primitive RMM smart contracts audit by @trailofbits πŸ“„
Strips Finance Jan 2022 8
Cardstack Dec 2021 4
Frax Dec 2021 4 πŸ“„
Sherlock Protocol V2 Dec 2021 4 πŸ“„
Maple Nov 2021 4 Maple Loans Audit Reports πŸ“„
Advanced Blockchain Nov 2021 6 πŸ“„
Opyn Nov 2021 6 πŸ“„
Aave V3 Nov 2021 4
Tokemak Oct 2021 3
Fuji Fianance Oct 2021 6 πŸ“„
V2 Vault Oct 2021 4
Yield V2 Sept 2021 6 πŸ“„
Gro protocol Sept 2021 2
Futureswap V4 Sept 2021 6
RocketPool Aug 2021 5 πŸ“„
AlphaX Aug 2021 6
Bug Bounty Platform Aug 2021 8
88mph V3 Aug 2021 6 πŸ“„
Timeswap Jul 2021 2
CompliFi Jul 2021 6 πŸ“„
Optics Jul 2021 2
FlareFinance Jun 2021 4
Uniswap V3 Staker Jun 2021 2
Abyss Lockup Jun 2021 2
Futureswap V3 Jun 2021 6
CompliFi Jun 2021 6
Syndicate May 2021 4
Opyn Gamma May 2021 6 πŸ“„
Frax May 2021 4 πŸ“„
Yearn v2 Vaults Apr 2021 6 πŸ“„
DFX Finance Apr 2021 6
Tokemak Apr 2021 1
Warp Contracts Apr 2021 6 Completion of Trail of Bits’ Audit πŸ“„
FlareFinance Apr 2021 3
MC Dai Mar 2021 6
Uniswap V3 Mar 2021 10 Introducing Uniswap V3 πŸ“„
dForce Lending Mar 2021 6
Liquity Proxy Contract Feb 2021 0.57 πŸ“„
Liquity Protocol Feb 2021 8 πŸ“„
RAY-DAO Feb 2021 4
Futureswap Jan 2021 2
Balancer V2 Jan 2021 6
C.R.E.A.M. Jan 2021 1 πŸ“„
LUSD Dec 2020 8 πŸ“„
Origin Dollar Nov 2020 4 Origin Dollar Relaunches πŸ“„
Zerion SDK Nov 2020 4
Teller Protocol Nov 2020 4
Hermez Nov 2020 4 Hermez Second Audit, by Trail of Bits πŸ“„
Graph Protocol Oct 2020 3
OVM Oct 2020 6
Prysm Sep 2020 6
DODO Sep 2020 3 πŸ“„
Yield Protocol Aug 2020 6 πŸ“„
Smart Pool Aug 2020 1
DeFiner Aug 2020 1
ETH2.0 Deposit CLI Aug 2020 4 πŸ“„
Argent Aug 2020 4
CurveDAO Jul 2020 6 πŸ“„
Amp Jul 2020 3 πŸ“„
Federated Bridge Jul 2020 1
dForce dToken Jul 2020 2 πŸ“„
Matic Jun 2020 4
Lighthouse Jun 2020 4
tBTC May 2020 6 πŸ“„
QTUM Apr 2020 0.43 πŸ“„
Hegic Apr 2020 0.43 πŸ“„
Golem Network Mar 2020 2
Reddit Mar 2020 1 A New Frontier
Chai Feb 2020 0.28 πŸ“„
Compound Feb 2020 2 πŸ“„
WorkLock Jan 2020 2 WorkLock Security Audit πŸ“„
Balancer Jan 2020 4 πŸ“„
Curve.fi Jan 2020 1 πŸ“„
Livepeer Oct 2019 3
Topo Finance Oct 2019 4
0x Protocol Oct 2019 10 πŸ“„
Dharma Wallet Oct 2019 4 πŸ“„
Flexa Sep 2019 2 Announcing Flexa Capacity πŸ“„
AZTEC Protocol Sep 2019 10 πŸ“„
Oasis Labs Sep 2019 13
Aave Protocol Sep 2019 4 πŸ“„
MC Dai Aug 2019 13 MCD Security Roadmap Update: Oct 2019 πŸ“„
Staked Aug 2019 4
Compound Aug 2019 2 πŸ“„
Computable Jul 2019 8 Computable Contract Audit πŸ“„
Numerai May 2019 3 NMR 2.0 is now live! πŸ“„
MerkleX May 2019 4
TokenCard May 2019 5 πŸ“„
Unity Coin Apr 2019 1
Compound Apr 2019 8 Compound v2 is Live πŸ“„
Ocean Protocol Mar 2019 4 One Protocol. One Network. One Community
UMA Project Mar 2019 3
Centrifuge Mar 2019 5
Nomisma Mar 2019 1
Reserve Protocol Mar 2019 1 πŸ“„
Set Protocol Mar 2019 5 The Road to MainNet πŸ“„
NuCypher Feb 2019 4 Security Audits (Round 2) πŸ“„
AMP StableWire Jan 2019 1
EIP-1283 Jan 2019 1 Constantinople Security Update πŸ“„
Ampleforth Nov 2018 4 Source Code and Security Audits with Trail of Bits πŸ“„
Origin Protocol Nov 2018 4 How We Approach Security at Origin πŸ“„
Paxos Standard Oct 2018 4 πŸ“„
Basecoin Oct 2018 12 πŸ“„
Pantheon Oct 2018 8 What we learned from auditing our Ethereum client πŸ“„
Compound Sep 2018 12 Compound launches money markets for Ethereum
NuCypher Aug 2018 12 Security audits: round 1 πŸ“„
CENTRE Jul 2018 4 Designing an upgradeable Ethereum contract
Bloom Jul 2018 1 Bloom development update
Gemini Dollar Jun 2018 8 Stablecoins: Understanding Counterparty Risk πŸ“„
Dharma May 2018 1 Dharma protocol v1 is live on mainnet
Golem Apr 2018 4 Smart contracts: audit report πŸ“„
LivePeer Mar 2018 4 Livepeer smart contract security audit #1 results πŸ“„
DappHub Dec 2017 8 πŸ“„
MakerDAO Sai Oct 2017 8 Single-collateral Dai security reviews πŸ“„
Omega One Aug 2017 6

NervOS

Product Date Level of Effort Announcement Report
xUDT Jun 2021 2
Nervos -RSA Mar 2021 4
Nervos SUDT Oct 2020 6 πŸ“„
Cheque Cell & ORU Feb 2021 8
Force Bridge - Solidity Feb 2021 4
Force Bridge - Rust Feb 2021 3

StarkWare

Product Date Level of Effort Announcement Report
StarkPerpetual Jan 2022 8
StarkEx Nov 2021 8

Solana

Product Date Level of Effort Announcement Report
Solana Apr 2022 12

Substrate

Product Date Level of Effort Announcement Report
Parallel Finance Mar 2022 6 πŸ“„
Polkadex Feb 2022 10
Polkadex Dec 2021 4
PINT Sept 2021 4
Polkaswap Jul 2021 6
AlephBFT Jun 2021 4
Acala Network Jun 2021 4
Compound Chain May 2021 6
Acala Network Jan 2021 6 πŸ“„
Parity Fether Aug 2019 4
Parity Jul 2018 12 Parity completes Trail of Bits security review πŸ“„

Tendermint/Cosmos

Product Date Level of Effort Announcement Report
Umee Feb 2022 8 πŸ“„
Columbus-5 Jan 2022 2
IBC Protocol Dec 2021 4
THORChain Aug 2021 12
Tendermint Mar 2019 12
ndau Nov 2018 8 ndau Holders Elect Inaugural Policy Council

Tezos

Product Date Level of Effort Announcement Report
Kolibri Apr 2022 4
Tezori (T2) Dec 2020 4 πŸ“„
Tezori Jul 2018 2 Thanks to @trailofbits for their security review
Magma Jun 2020 1 πŸ“„
Dexter Jun 2020 4 πŸ“„

Other/Multi-Chain

Product Date Level of Effort Announcement Report
DFINITY Threshold ECDSA May 2022 8
Arbitrum Nitro Mar 2022 16
DeGate Feb 2022 4 πŸ“„
ShardX Dec 2021 2
DeGate Dec 2021 4
Threshold-DSA Nov 2021 6
DFINITY Consensus Nov 2021 2 Internet Computer Consensus: Security Assessment πŸ“„
PolySign HSM Oct 2021 6
Hop Protocol V2 Sept 2021 4
Golden Gate Library Sept 2021 1
PolySign Sept 2021 6
Qredo Blockchain Sept 2021 6
Arbitrum Sept 2021 16
go-schnorrkel Aug 2021 4
ShardX Aug 2021 4
Casper Web Wallet Jul 2021 4 πŸ“„
AElf Jul 2021 4
CrossChain-Bridge Jul 2021 8
Open Oracle Apr 2021 2
DFINITY May 2021 24 πŸ“„
Arbitrum V2 Feb 2021 8
Fog Protocol Jan 2021 4 πŸ“„
eFIL Jan 2021 2
MobileCoin BFT Oct 2020 4 πŸ“„
Highway Consensus Nov 2020 4 ToB Audit of the Casper Highway Protocol πŸ“„
Stacks V2 Sep 2020 6
MobileCoin Aug 2020 4 πŸ“„
VRFs Aug 2020 2
Arbitrum Jul 2020 6
MYKEY Jul 2020 4
Symbol Jul 2020 4 Symbol from NEM completes Trail of Bits Security Audit πŸ“„
Ledger Filecoin Jul 2020 2 πŸ“„
Chainlink Jun 2020 8
Chainlink Flux May 2020 4
Elrond Mar 2020 6
EOSIO SDK Jan 2020 4
NEAR Protocol Nov 2019 8
EOSIO 2.0 Oct 2019 8
Status-go Oct 2019 9
Celo Sep 2019 8
Blockchain.com Aug 2019 4
RandomX Jun 2019 2 Monero and Arweave to Validate RandomX πŸ“„
Interest Token May 2019 0.28
Loom May 2019 10 Loom SDK Q1 2019 Security Audit
Building Blocks Aug 2018 7 UN WFP uses Ethereum to aid 100,000 refugees
Web3 Mar 2018 2 W3F and TOB hardware wallet security guidance πŸ’¬

Workshops

Workshop Title Venue Date
Smart Contract Security Automation Workshop TruffleCon 2019 Oct 2019
Manticore EVM Workshop Devcon4 2018 Nov 2018
Introduction to Smart Contract Exploitation GreHack 2018 Nov 2018
DeepState: Bringing Vulnerability Detection Tools into the Dev Cycle SecDev 2018 Oct 2018
Smart Contract Security Automation Workshop TruffleCon 2018 Oct 2018
Smart Contract Security Automation Workshop ETH Berlin 2018 Sep 2018
Manticore EVM Workshop EthCC 2018 Mar 2018
Manticore Workshop GreHack 2017 Oct 2017

Legend

Icon Definition
πŸ’¬ Blog post or other social media
πŸ“„ Security Assessment report
πŸ“› Threat Model report
πŸ“° Whitepaper
Header Definition
Level of Effort Defined in person-weeks for the project

About

Publications from Trail of Bits

www.trailofbits.com

Resources

Readme

License

CC-BY-SA-4.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 33.5%
  • Solidity 29.3%
  • HTML 27.9%
  • JavaScript 9.3%