https://miscreants.github.io/blog.trailofbits.com/authors/benjamin-samuels/Recent content in Benjamin Samuels on The Trail of Bits BlogHugoen-usSat, 15 Nov 2025 00:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2025/11/15/level-up-your-solidity-llm-tooling-with-slither-mcp/Sat, 15 Nov 2025 07:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2025/11/15/level-up-your-solidity-llm-tooling-with-slither-mcp/We’re releasing Slither-MCP, a new tool that augments LLMs with Slither’s unmatched static analysis engine.https://miscreants.github.io/blog.trailofbits.com/2025/11/07/balancer-hack-analysis-and-guidance-for-the-defi-ecosystem/Fri, 07 Nov 2025 18:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2025/11/07/balancer-hack-analysis-and-guidance-for-the-defi-ecosystem/A retrospective on the $100M Balancer hack that occurred in November 2025, including long-term, strategic guidance on how to avoid similar bugs.https://miscreants.github.io/blog.trailofbits.com/2025/06/25/maturing-your-smart-contracts-beyond-private-key-risk/Tue, 24 Jun 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/06/25/maturing-your-smart-contracts-beyond-private-key-risk/Private key compromise accounted for 43.8% of crypto hacks in 2024, yet traditional smart contract audits rarely address architectural access control weaknesses. This post introduces a four-level maturity framework for designing protocols that can tolerate key compromise, progressing from single EOA control to radical immutability, with practical examples demonstrating multisigs, timelocks, and the principle of least privilege.https://miscreants.github.io/blog.trailofbits.com/2025/05/29/the-custodial-stablecoin-rekt-test/Thu, 29 May 2025 00:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/05/29/the-custodial-stablecoin-rekt-test/Introducing the Custodial Stablecoin Rekt Test; a new spin on the classic Rekt Test for evaluating the security maturity of stablecoin issuers.https://miscreants.github.io/blog.trailofbits.com/2025/02/25/how-threat-modeling-could-have-prevented-the-1.5b-bybit-hack/Tue, 25 Feb 2025 00:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2025/02/25/how-threat-modeling-could-have-prevented-the-1.5b-bybit-hack/Learn how comprehensive threat modeling could have identified the operational security gaps that led to Bybit’s $1.5B hack and prevented similar breaches.https://miscreants.github.io/blog.trailofbits.com/2025/02/21/the-1.5b-bybit-hack-the-era-of-operational-security-failures-has-arrived/Fri, 21 Feb 2025 00:00:00 -0500https://miscreants.github.io/blog.trailofbits.com/2025/02/21/the-1.5b-bybit-hack-the-era-of-operational-security-failures-has-arrived/The $1.5B Bybit Hack demonstrates how the Era of Operational Security Failures has arrived, and most cryptocurrency companies are not prepared for its implications.https://miscreants.github.io/blog.trailofbits.com/2024/03/18/releasing-the-attacknet-a-new-tool-for-finding-bugs-in-blockchain-nodes-using-chaos-testing/Mon, 18 Mar 2024 09:00:59 -0400https://miscreants.github.io/blog.trailofbits.com/2024/03/18/releasing-the-attacknet-a-new-tool-for-finding-bugs-in-blockchain-nodes-using-chaos-testing/Today, Trail of Bits is publishing Attacknet, a new tool that addresses the limitations of traditional runtime verification tools, built in collaboration with the Ethereum Foundation. Attacknet is intended to augment the EF’s current test methods by subjecting their execution and consensus clients to some of the most challenging network conditions […]https://miscreants.github.io/blog.trailofbits.com/2023/08/23/the-engineers-guide-to-blockchain-finality/Wed, 23 Aug 2023 07:00:53 -0400https://miscreants.github.io/blog.trailofbits.com/2023/08/23/the-engineers-guide-to-blockchain-finality/Many security-critical off-chain applications use a simple block delay to determine finality: the point at which a transaction becomes immutable in a blockchain’s ledger (and is impossible to “undo” without extreme economic cost). But this is inadequate for most networks, and can become a single point of failure for the centralized exchanges, […]