https://miscreants.github.io/blog.trailofbits.com/authors/gustavo-grieco/Recent content in Gustavo Grieco on The Trail of Bits BlogHugoen-usFri, 22 Mar 2024 09:00:28 -0400https://miscreants.github.io/blog.trailofbits.com/2024/03/22/why-fuzzing-over-formal-verification/Fri, 22 Mar 2024 09:00:28 -0400https://miscreants.github.io/blog.trailofbits.com/2024/03/22/why-fuzzing-over-formal-verification/We recently introduced our new offering, invariant development as a service. A recurring question that we are asked is, “Why fuzzing instead of formal verification?” And the answer is, “It’s complicated.” We use fuzzing for most of our audits but have used formal verification methods in the […]https://miscreants.github.io/blog.trailofbits.com/2024/02/05/improving-the-state-of-cosmos-fuzzing/Mon, 05 Feb 2024 09:00:53 -0500https://miscreants.github.io/blog.trailofbits.com/2024/02/05/improving-the-state-of-cosmos-fuzzing/Cosmos is a platform enabling the creation of blockchains in Go (or other languages). Its reference implementation, Cosmos SDK, leverages strong fuzz testing extensively, following two approaches: smart fuzzing for low-level code, and dumb fuzzing for high-level simulation. In this blog post, we explain the differences between these approaches and show how […]https://miscreants.github.io/blog.trailofbits.com/2020/04/23/announcing-the-1st-international-workshop-on-smart-contract-analysis/Thu, 23 Apr 2020 07:50:29 -0400https://miscreants.github.io/blog.trailofbits.com/2020/04/23/announcing-the-1st-international-workshop-on-smart-contract-analysis/At Trail of Bits we do more than just security audits: We also push the boundaries of research in vulnerability detection tools, regularly present our work in academic conferences, and review interesting papers from other researchers (see our recent Real World Crypto and Financial Crypto recaps). In this spirit, we and Northern Arizona University are […]https://miscreants.github.io/blog.trailofbits.com/2020/03/30/an-echidna-for-all-seasons/Mon, 30 Mar 2020 07:00:46 -0400https://miscreants.github.io/blog.trailofbits.com/2020/03/30/an-echidna-for-all-seasons/TL;DR: We have improved Echidna with tons of new features and enhancements since it was released—and there’s more to come. Two years ago, we open-sourced Echidna, our property-based smart contract fuzzer. Echidna is one of the tools we use most in smart contract assessments. According to our records, Echidna was used in about 35% of […]https://miscreants.github.io/blog.trailofbits.com/2019/05/27/slither-the-leading-static-analyzer-for-smart-contracts/Mon, 27 May 2019 06:30:58 -0400https://miscreants.github.io/blog.trailofbits.com/2019/05/27/slither-the-leading-static-analyzer-for-smart-contracts/We have published an academic paper on Slither, our static analysis framework for smart contracts, in the International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), colocated with ICSE. Our paper shows that Slither’s bug detection outperforms other static analysis tools for finding issues in smart contracts in terms of speed, robustness, and […]