Symbolic Execution

Contract verification made easier

| | blockchain, Manticore, Symbolic Execution
Smart contract authors can now express security properties in the same language they use to write their code (Solidity) and our new tool, manticore-verifier, will automatically verify those invariants. Even better, Echidna ...
Trail of Bits Blog
Figure 1: Sam Sun (samczsun) discovered a critical vulnerability in ENS

Manticore discovers the ENS bug

| | blockchain, Exploits, Manticore, Symbolic Execution
The Ethereum Name Service (ENS) contract recently suffered from a critical bug that prompted a security advisory and a migration to a new contract (CVE-2020-5232). ENS allows users to associate online resources ...
Trail of Bits Blog
image7

Symbolically Executing WebAssembly in Manticore

| | Manticore, Symbolic Execution, SymEx, WASM, WebAssembly
With the release of Manticore 0.3.3, we’re proud to announce support for symbolically executing WebAssembly (WASM) binaries. WASM is a newly standardized programming language that allows web developers to run code with ...
Trail of Bits Blog
Anatomy of an Unsafe Smart Contract Programming Language

Watch Your Language: Our First Vyper Audit

| | blockchain, fuzzing, Manticore, Static Analysis, Symbolic Execution
A lot of companies are working on Ethereum smart contracts, yet writing secure contracts remains a difficult task. You still have to avoid common pitfalls, compiler issues, and constantly check your code ...
Trail of Bits Blog
Screenshot from 2019-08-09 15-11-26

Binary symbolic execution with KLEE-Native

| | Internship Projects, klee, Symbolic Execution
KLEE-Native, a fork of KLEE that operates on binary program snapshots by lifting machine code to LLVM bitcode ...
Trail of Bits Blog

Fuzzing Unit Tests with DeepState and Eclipser

| | Dynamic Analysis, fuzzing, Symbolic Execution
If unit tests are important to you, there’s now another reason to use DeepState, our Google-Test-like property-based testing tool for C and C++. It’s called Eclipser, a powerful new fuzzer very recently ...
Trail of Bits Blog
DSM and SSM vs KLEE coverage

Symbolic Path Merging in Manticore

| | Internship Projects, Manticore, Symbolic Execution
Each year, Trail of Bits runs a month-long winter internship “winternship” program. This year we were happy to host 4 winterns who contributed to 3 projects. This is the first in a ...
Trail of Bits Blog

Fuzzing an API with DeepState (Part 2)

| | Dynamic Analysis, fuzzing, Manticore, Symbolic Execution
Alex Groce, Associate Professor, School of Informatics, Computing and Cyber Systems, Northern Arizona University Mutation Testing Introducing one bug by hand is fine, and we could try it again, but “the plural ...
Trail of Bits Blog
Fuzzing an API with DeepState (Part 1)

Fuzzing an API with DeepState (Part 1)

| | Dynamic Analysis, fuzzing, Manticore, Symbolic Execution
Alex Groce, Associate Professor, School of Informatics, Computing and Cyber Systems, Northern Arizona University Using DeepState, we took a handwritten red-black tree fuzzer and, with minimal effort, turned it into a much ...
Trail of Bits Blog
Ethersplay Demo

Use our suite of Ethereum security tools

| | Binary Ninja, blockchain, Dynamic Analysis, fuzzing, Program Analysis, reversing, security bloggers network, Static Analysis, Symbolic Execution
Two years ago, when we began taking on blockchain security engagements, there were no tools engineered for the work. No static analyzers, fuzzers, or reverse engineering tools for Ethereum. So, we invested ...
Trail of Bits Blog