The Trail of Bits Blog

You think you’ve found a critical bug in a Solidity smart contract that, if exploited, could drain a widely used cryptocurrency exchange’s funds. To confirm that it’s really a bug, you need to figure out the value at an obscure storage slot that has no getter method. Adrenaline courses […]

A couple of years ago we released PolyFile: a utility to identify and map the semantic structure of files, including polyglots, chimeras, and schizophrenic files. It’s a bit like file, binwalk, and Kaitai Struct all rolled into one. PolyFile initially used the TRiD definition database for file identification. However, […]

Wherever you are in the world, a typical day as a Trail of Bits Engineer-Consultant means easing into your work. Here’s a short video showing some of our European colleagues describing a typical day as a Trail of Bits Engineer-Consultant: You generally set your own hours, to provide at least a couple of hours of […]

When engineers apply to Trail of Bits, they’re often surprised by how straightforward and streamlined our hiring process is. After years of experience, we’ve cut the process to its bedrock, so that it’s candidate focused, quick, and effective. Here’s a short video showing some of our European colleagues discussing some cool things they’re working on […]

Do you need a blockchain? And if so, what kind? Trail of Bits has released an operational risk assessment report on blockchain technology. As more businesses consider the innovative advantages of blockchains and, more generally, distributed ledger technologies (DLT), executives must decide whether and how to adopt them. Organizations adopting these systems must understand and […]

A new Trail of Bits research report examines unintended centralities in distributed ledgers Blockchains can help push the boundaries of current technology in useful ways. However, to make good risk decisions involving exciting and innovative technologies, people need demonstrable facts that are arrived at through reproducible methods and open data. We believe the risks inherent […]

Trail of Bits has launched a podcast. The first five-episode season is now available for download. The podcast and its RSS feed are available at trailofbits.audio, and you may subscribe on all major podcast outlets, including Apple iTunes, Spotify, Gaana, Google Podcasts, Amazon Music, and many others. Listening to our podcast is like having a […]

After two long years of lockdowns, virtual meetups, quarantines, and general chaos, the Python community gathered en masse to Salt Lake City for PyCon 2022. Two of our engineers attended the conference, and we are happy to report that the Python community is not only alive and well but also thriving, with […]

Rellic is a framework for analyzing and decompiling LLVM modules into C code, implementing the concepts described in the original paper presenting the Dream decompiler and its successor, Dream++. It recently made an appearance on this blog when I presented rellic-headergen, a tool for extracting debug metadata from LLVM modules and turning […]

Last week, over 500 cryptographers from around the world gathered in Amsterdam for Real World Crypto 2022, meeting in person for the first time in over two years. As in previous years, we dispatched a handful of our researchers and engineers to attend the conference, listen to talks, and schmooze observe the […]

During my winternship, I used the findings from recent Go audits to make several improvements to go-fuzz, a coverage-based fuzzer for projects written in Go. I focused on three enhancements to improve the effectiveness of Go fuzzing campaigns and provide a better experience for users. I contributed to fixing type alias […]

We are open-sourcing Amarna, our new static analyzer and linter for the Cairo programming language. Cairo is a programming language powering several trading exchanges with millions of dollars in assets (such as dYdX, driven by StarkWare) and is the programming language for StarkNet contracts. But, not unlike other languages, it has its […]

In part 1 of this blog post, we disclosed critical vulnerabilities that break the soundness of multiple implementations of zero-knowledge proof systems. This class of vulnerability, which we dubbed Frozen Heart, is caused by insecure implementations of the Fiat-Shamir transformation that allow malicious users to forge proofs for random statements. In part […]

In part 1 of this series, we disclosed critical vulnerabilities that break the soundness of multiple implementations of zero-knowledge proof systems. This class of vulnerability, which we dubbed Frozen Heart, is caused by insecure implementations of the Fiat-Shamir transformation that allow malicious users to forge proofs for random statements. In part 2, […]

In part 1 of this series, we disclosed critical vulnerabilities that break the soundness of multiple implementations of zero-knowledge proof systems. This class of vulnerability, which we dubbed Frozen Heart, is caused by insecure implementations of the Fiat-Shamir transformation that allow malicious users to forge proofs for random statements. The vulnerability is […]

Trail of Bits is publicly disclosing critical vulnerabilities that break the soundness of multiple implementations of zero-knowledge proof systems, including PlonK and Bulletproofs. These vulnerabilities are caused by insecure implementations of the Fiat-Shamir transformation that allow malicious users to forge proofs for random statements. We’ve dubbed this class of vulnerabilities Frozen Heart. […]

To be thus is nothing, but to be safely thus. (Macbeth: 3.1) It’s not enough that compilers generate efficient code, they must also generate safe code. Despite the extensive testing and correctness certification that goes into developing compilers and their optimization passes, they may inadvertently introduce information leaks […]

During my winternship, I applied code analysis tools, such as GHC’s Haskell profiler, to improve the efficiency of the Echidna smart contract fuzzer. As a result, Echidna is now over six times faster! Echidna overview To use Echidna, users provide smart contracts and a list of conditions that should be satisfied no […]

We have released Maat, a cross-architecture, multi-purpose, and user-friendly symbolic execution framework. It provides common symbolic execution capabilities such as dynamic symbolic execution (DSE), taint analysis, binary instrumentation, environment simulation, and constraint solving. Maat is easy-to-use, is based on the popular Ghidra intermediate representation (IR) language p-code, prioritizes runtime performance, and has […]

Let’s implement crypto! Welcome to the second part of our posts on the challenges of implementing constant-time Rust code. Part 1 discussed challenges with constant-time implementations in Rust and WebAssembly and how optimization barriers can mitigate risk. The Rust crypto community has responded with several approaches, and in this post, we will […]

Many engineers choose Rust as their language of choice for implementing cryptographic protocols because of its robust security guarantees. Although Rust makes safe cryptographic engineering easier, there are still some challenges to be aware of. Among them is the need to preserve constant-time properties, which ensure that, regardless of the input, code […]

Have you ever wondered how a compiler sees your data structures? Compiler Explorer may help you understand the relation between the source code and machine code, but it doesn’t provide as much support when it comes to the layout of your data. You might have heard about padding, alignment, and “plain old […]

One of your developers finds a bug in your codebase—an unhandled error code—and wonders whether there could be more. He combs through the code and finds unhandled error after unhandled error. One lone developer playing whack-a-mole. It’s not enough. And your undisciplined team of first-year Stanford grads never learned software engineering. You’re […]

This past winter, I was fortunate to have the opportunity to work for Trail of Bits as a graduate student intern under the supervision of Peter Goodman and Artem Dinaburg. During my internship, I developed Dr. Disassembler, a Datalog-driven framework for transparent and mutable binary disassembly. Though this project is ongoing, this […]

At Trail of Bits, we pride ourselves on making our best tools open source, such as algo, manticore, and graphtage. But while this post is about open source, it’s not about our tools… In 2021, Trail of Bits employees submitted over 190 pull requests (PRs) that were merged into non-Trail of Bits repositories. This demonstrates […]

Shedding smart contract storage with Slither

libmagic: The Blathering

A Typical Day as a Trail of Bits Engineer-Consultant

The Trail of Bits Hiring Process

Managing risk in blockchain deployments

Are blockchains decentralized?

Announcing the new Trail of Bits podcast

Themes from PyCon US 2022

Interactive decompilation with rellic-xref

Themes from Real World Crypto 2022

Improving the state of go-fuzz

Amarna: Static analysis for Cairo programs

The Frozen Heart vulnerability in PlonK

The Frozen Heart vulnerability in Bulletproofs

The Frozen Heart vulnerability in Girault’s proof of knowledge

Coordinated disclosure of vulnerabilities affecting Girault, Bulletproofs, and PlonK

Towards Practical Security Optimizations for Binaries

Optimizing a smart contract fuzzer

Maat: Symbolic execution made easy

Part 2: Improving crypto code in Rust using LLVM’s optnone

Part 1: The life of an optimization barrier

C your data structures with rellic-headergen

Finding unhandled errors using CodeQL

Toward a Best-of-Both-Worlds Binary Disassembler

Celebrating our 2021 Open Source Contributions