https://miscreants.github.io/blog.trailofbits.com/authors/sam-alws/Recent content in Sam Alws on The Trail of Bits BlogHugoen-usWed, 17 Jan 2024 08:30:32 -0500https://miscreants.github.io/blog.trailofbits.com/2024/01/17/30-new-semgrep-rules-ansible-java-kotlin-shell-scripts-and-more/Wed, 17 Jan 2024 08:30:32 -0500https://miscreants.github.io/blog.trailofbits.com/2024/01/17/30-new-semgrep-rules-ansible-java-kotlin-shell-scripts-and-more/We are publishing a set of 30 custom Semgrep rules for Ansible playbooks, Java/Kotlin code, shell scripts, and Docker Compose configuration files. These rules were created and used to audit for common security vulnerabilities in the listed technologies. This new release of our Semgrep rules joins our public CodeQL […]https://miscreants.github.io/blog.trailofbits.com/2023/10/23/numbers-turned-weapons-dos-in-osmosis-math-library/Mon, 23 Oct 2023 14:27:31 -0400https://miscreants.github.io/blog.trailofbits.com/2023/10/23/numbers-turned-weapons-dos-in-osmosis-math-library/Trail of Bits is publicly disclosing a vulnerability in the Osmosis chain that allows an attacker to craft a transaction that takes up a disproportionate amount of compute time on Osmosis nodes compared to the amount of gas it consumes. Using the vulnerability, an attacker can halt the Osmosis chain by spamming […]https://miscreants.github.io/blog.trailofbits.com/2022/03/02/optimizing-a-smart-contract-fuzzer/Wed, 02 Mar 2022 07:00:33 -0500https://miscreants.github.io/blog.trailofbits.com/2022/03/02/optimizing-a-smart-contract-fuzzer/During my winternship, I applied code analysis tools, such as GHC’s Haskell profiler, to improve the efficiency of the Echidna smart contract fuzzer. As a result, Echidna is now over six times faster! Echidna overview To use Echidna, users provide smart contracts and a list of conditions that should be satisfied no […]