Anatomy of an Unsafe Smart Contract Programming Language

Watch Your Language: Our First Vyper Audit

A lot of companies are working on Ethereum smart contracts, yet writing secure contracts remains a difficult task. You still have to avoid common pitfalls, compiler issues, and constantly check your code ...
Screenshot from 2019-08-09 15-11-26

Binary symbolic execution with KLEE-Native

KLEE-Native, a fork of KLEE that operates on binary program snapshots by lifting machine code to LLVM bitcode ...

Fuzzing Unit Tests with DeepState and Eclipser

If unit tests are important to you, there’s now another reason to use DeepState, our Google-Test-like property-based testing tool for C and C++. It’s called Eclipser, a powerful new fuzzer very recently ...
DSM and SSM vs KLEE coverage

Symbolic Path Merging in Manticore

Each year, Trail of Bits runs a month-long winter internship “winternship” program. This year we were happy to host 4 winterns who contributed to 3 projects. This is the first in a ...

Fuzzing an API with DeepState (Part 2)

Alex Groce, Associate Professor, School of Informatics, Computing and Cyber Systems, Northern Arizona University Mutation Testing Introducing one bug by hand is fine, and we could try it again, but “the plural ...
Fuzzing an API with DeepState (Part 1)

Fuzzing an API with DeepState (Part 1)

Alex Groce, Associate Professor, School of Informatics, Computing and Cyber Systems, Northern Arizona University Using DeepState, we took a handwritten red-black tree fuzzer and, with minimal effort, turned it into a much ...
Ethersplay Demo

Use our suite of Ethereum security tools

Two years ago, when we began taking on blockchain security engagements, there were no tools engineered for the work. No static analyzers, fuzzers, or reverse engineering tools for Ethereum. So, we invested ...