Manticore
Contract verification made easier
Smart contract authors can now express security properties in the same language they use to write their code (Solidity) and our new tool, manticore-verifier, will automatically verify those invariants. Even better, Echidna ...
Manticore discovers the ENS bug
The Ethereum Name Service (ENS) contract recently suffered from a critical bug that prompted a security advisory and a migration to a new contract (CVE-2020-5232). ENS allows users to associate online resources ...
Symbolically Executing WebAssembly in Manticore
With the release of Manticore 0.3.3, we’re proud to announce support for symbolically executing WebAssembly (WASM) binaries. WASM is a newly standardized programming language that allows web developers to run code with ...
Watch Your Language: Our First Vyper Audit
A lot of companies are working on Ethereum smart contracts, yet writing secure contracts remains a difficult task. You still have to avoid common pitfalls, compiler issues, and constantly check your code ...
Announcing Manticore 0.3.0
Earlier this week, Manticore leapt forward to version 0.3.0. Advances for our symbolic execution engine now include: “fast forwarding” through concrete execution that you don’t care about, support for Linux binaries statically ...
Performing Concolic Execution on Cryptographic Primitives
Alan Cao For my winternship and springternship at Trail of Bits, I researched novel techniques for symbolic execution on cryptographic protocols. I analyzed various implementation-level bugs in cryptographic libraries, and built a ...
Symbolic Path Merging in Manticore
Each year, Trail of Bits runs a month-long winter internship “winternship” program. This year we were happy to host 4 winterns who contributed to 3 projects. This is the first in a ...
Fuzzing an API with DeepState (Part 2)
Alex Groce, Associate Professor, School of Informatics, Computing and Cyber Systems, Northern Arizona University Mutation Testing Introducing one bug by hand is fine, and we could try it again, but “the plural ...
Fuzzing an API with DeepState (Part 1)
Alex Groce, Associate Professor, School of Informatics, Computing and Cyber Systems, Northern Arizona University Using DeepState, we took a handwritten red-black tree fuzzer and, with minimal effort, turned it into a much ...

