Filipe Casal on The Trail of Bits Blog

Filipe Casal on The Trail of Bits Bloghttps://miscreants.github.io/blog.trailofbits.com/authors/filipe-casal/Recent content in Filipe Casal on The Trail of Bits BlogHugoen-usFri, 30 May 2025 00:00:00 -0400A deep dive into Axiom’s Halo2 circuitshttps://miscreants.github.io/blog.trailofbits.com/2025/05/30/a-deep-dive-into-axioms-halo2-circuits/Fri, 30 May 2025 07:00:00 -0400https://miscreants.github.io/blog.trailofbits.com/2025/05/30/a-deep-dive-into-axioms-halo2-circuits/Over two audits in 2023, we reviewed a blockchain system developed by Axiom that allows computing over the entire history of Ethereum, all verified by zero-knowledge proofs (ZKPs) on-chain using ZK-verified elliptic curve and SNARK recursion operations. This system is built using the Halo2 framework—a complex, emerging technology that presents many challenges when building a secure application, including potential under-constrained issues resulting from its low-level API.Read code like a pro with our weAudit VSCode extensionhttps://miscreants.github.io/blog.trailofbits.com/2024/03/19/read-code-like-a-pro-with-our-weaudit-vscode-extension/Tue, 19 Mar 2024 09:30:00 -0400https://miscreants.github.io/blog.trailofbits.com/2024/03/19/read-code-like-a-pro-with-our-weaudit-vscode-extension/Today, we’re releasing weAudit, the collaborative code-reviewing tool that we use during our security audits. With weAudit, we review code more efficiently by taking notes and tracking bugs in a codebase directly inside VSCode, reducing our reliance on external tools, ensuring we never lose track of bugs we find, and enabling us […]Amarna: Static analysis for Cairo programshttps://miscreants.github.io/blog.trailofbits.com/2022/04/20/amarna-static-analysis-for-cairo-programs/Wed, 20 Apr 2022 07:00:04 -0400https://miscreants.github.io/blog.trailofbits.com/2022/04/20/amarna-static-analysis-for-cairo-programs/We are open-sourcing Amarna, our new static analyzer and linter for the Cairo programming language. Cairo is a programming language powering several trading exchanges with millions of dollars in assets (such as dYdX, driven by StarkWare) and is the programming language for StarkNet contracts. But, not unlike other languages, it has its […]Disclosing Shamir’s Secret Sharing vulnerabilities and announcing ZKDocshttps://miscreants.github.io/blog.trailofbits.com/2021/12/21/disclosing-shamirs-secret-sharing-vulnerabilities-and-announcing-zkdocs/Tue, 21 Dec 2021 07:00:04 -0500https://miscreants.github.io/blog.trailofbits.com/2021/12/21/disclosing-shamirs-secret-sharing-vulnerabilities-and-announcing-zkdocs/Trail of Bits is publicly disclosing two bugs that affect Shamir’s Secret Sharing implementation of Binance’s threshold signature scheme library (tss-lib) and most of its active forks. Here is the full list of affected repositories: Binance’s tss-lib Clover Network’s threshold-crypto Keep Network’s keep-ecdsa Swingby’s tss-lib THORchain’s tss-lib ZenGo X’s […]