Publications from Trail of Bits

Academic Papers
Conference Presentations
- Automated bug finding and exploitation
- Blockchain
- Cryptography
- Engineering
- Education
- Mobile security
- Programming
- Side channels
- Threat analysis & malware
Datasets
Podcasts
Security Reviews
- Technology Product Reviews
- Cloud-native Reviews
- Cryptography Reviews
- Blockchain Reviews
Workshops
Legend

Academic papers

Paper Title	Venue	Publication Date
Evaluating Static Analysis Tools via Differential Mutation	QRS 2021	Dec 2021
echidna-parade: Diverse multicore smart contract fuzzing	ISSTA 2021	July 2021
Differential analysis of x86-64 instruction decoders	LangSec 2021	May 2021
Echidna: effective, usable, and fast fuzzing for smart contracts	ISSTA 2020	July 2020
Automated Grammar Extraction via Semantic Labeling of Parsers	LangSec 2020	May 2020
What are the Actual Flaws in Important Smart Contracts?	FC 2020	Feb 2020
Echidna: A Practical Smart Contract Fuzzer	FC 2020	Feb 2020
RSA GTFO	PoC\|\|GTFO 0x20	Jan 2020
Manticore: Symbolic Execution for Binaries and Smart Contracts	ASE 2019	Jun 2019
Slither: A Static Analysis Framework For Smart Contracts	WETSEB 2019	May 2019
Toward Smarter Vulnerability Discovery Using Machine Learning	AISec 2018	Oct 2018
The Past, Present, and Future of Cyberdyne	IEEE S&P	Apr 2018
DeepState - Symbolic Unit Testing for C and C++	BAR 2018	Feb 2018
Cyber-Deception and Attribution in Capture-the-Flag Exercises	FOSINT-SI 2015	Jul 2015

Conference presentations

Automated bug finding and exploitation

Presentation Title	Author(s)	Year
Differential analysis of x86-64 instruction decoders	William Woodruff, Niki Carroll, Sebastiaan Peters	2021
How to find bugs when (ground) truth isn't real	William Woodruff	2020
The Treachery of Files and Two New Tools that Tame It	Evan Sultanik	2019
Symbolically Executing a Fuzzy Tyrant	Stefan Edwards	2019
Kernel space fault injection with KRF	William Woodruff	2019
Binary Symbolic Execution With KLEE-Native	Sai Vegasena	2019
Going sicko mode on the Linux Kernel	William Woodruff	2019
Vulnerability Modeling with Binary Ninja	Josh Watson	2018
File Polyglottery; or, This PoC is also a picture of cats	Evan Sultanik	2017
Be a binary rockstar	Sophia D'Antoine	2017
Symbolic Execution for Humans	Mark Mossberg	2017
The spirit of the 90s is still alive in Brooklyn	Ryan Stortz, Sophia D'Antoine	2017
The dream of a static and dynamic analysis shootout	Ryan Stortz	2016
Binary constraint solving for automatic exploit generation	Sophia D'Antoine	2016
The Smart Fuzzer Revolution	Dan Guido	2016
Making a scaleable automated hacking system	Artem Dinaburg	2016
Cyberdyne - Automatic bug-finding at scale	Peter Goodman	2016
McSema: Static translation of x86 to LLVM IR	Andrew Ruef, Artem Dinaburg	2014

Blockchain

Presentation Title	Author(s)	Year
How to fuzz like a pro	Josselin Feist, Nat Chin	2022
Building a Practical Static Analyzer for Smart Contracts	Josselin Feist	2021
Testing and Verifying Smart Contracts: From Theory to Practice	Josselin Feist	2021
Safely integrating with ERC20 tokens	Josselin Feist	2021
Detecting transaction replacement attacks with Manticore	Sam Moelius	2020
Fantastic Bugs and How to Squash Them; or, the Crimes of Solidity	Evan Sultanik	2019
SlithIR: High-Precision Security Analysis with an IR for Solidity	Josselin Feist	2019
Slither: A Static Analysis Framework for Smart Contracts	Josselin Feist	2019
What blockchain got right	Dan Guido	2019
Property-testing of smart contracts	JP Smith	2018
Anatomy of an unsafe programming language	Evan Sultanik	2018
Contract upgrade risks and recommendations	Josselin Feist	2018
Blackhat Ethereum	Ryan Stortz, Jay Little	2018
Blockchain Autopsies - Analyzing Smart Contract Deaths	Jay Little	2018
Rattle - an Ethereum EVM binary analysis framework	Ryan Stortz	2018
Securing value on the Ethereum blockchain	Dan Guido	2018
Binary analysis, meet the blockchain	Mark Mossberg	2018
Automatic bug finding for the blockchain	Felipe Manzano, Josselin Feist	2017

Cryptography

Presentation Title	Author(s)	Year
die, PGP, die	William Woodruff	2022
Seriously, stop using RSA	Ben Perez	2019
Best Practices for Cryptography in Python	Paul Kehrer	2019
Analyzing the MD5 collision in Flame	Alex Sotirov	2012

Engineering

Presentation Title	Author(s)	Year
Improving PyPI's security with Two Factor Authentication	William Woodruff	2019
Linux Security Event Monitoring with osquery	Alessandro Gario	2019
osql: The community oriented osquery fork	Stefano Bonicatti, Mark Mossberg	2019
Getting started with osquery	Lauren Pearl, Andy Ying	2018
osquery Super Features	Lauren Pearl	2018
osquery Extension Skunkworks	Mike Myers	2018
Build it Break it Fix it	Andrew Ruef	2014

Education

Presentation Title	Author(s)	Year
A mostly gentle introduction to LLVM	William Woodruff	2022
JWTs, and why they suck	Rory M	2021
The Joy of Pwning	Sophia D'Antoine	2017
How to CTF - Getting and using Other People's Computers (OPC)	Jay Little	2014
Low-level Security	Andrew Ruef	2014
Security and Your Business	Andrew Ruef	2014
Bringing nothing to the party	Vincenzo Iozzo	2013
From One Ivory Tower to Another	Vincenzo Iozzo	2012

Infrastructure

Presentation Title	Author(s)	Year
Return to the 100 Acre Woods	Stefan Edwards	2019
Swimming with the kubectl fish	Stefan Edwards	2019

Machine Learning

Presentation Title	Author(s)	Year
Exploiting Machine Learning Pickle Files	Carson Harmon, Evan Sultanik, Jim Miller, Suha Hussain	2021
PrivacyRaven: Comprehensive Privacy Testing for Deep Learning	Suha Hussain	2020

Mobile security

Presentation Title	Author(s)	Year
Swift Reversing	Ryan Stortz	2016
Modern iOS Application Security	Sophia D'Antoine, Dan Guido	2016
The Mobile Exploit Intelligence Project	Dan Guido	2012
A Tale of Mobile Threats	Vincenzo Iozzo	2012

Programming

Presentation Title	Author(s)	Year
Python internals - let's talk about dicts	Dominik Czarnota	2019
Low-level debugging with Pwndbg	Dominik Czarnota	2018
Insecure Things to Avoid in Python	Dominik Czarnota	2018

Side channels

Presentation Title	Author(s)	Year
Hardware side channels in virtualized environments	Sophia D'Antoine	2015
Exploiting Out-of-Order Execution	Sophia D'Antoine	2015

Threat analysis & malware

Presentation Title	Author(s)	Year
Peeling back the 'Shlayers' of macOS Malware	Josh Watson, Erika Noerenberg	2019
The Exploit Intelligence Project Revisited	Dan Guido	2013

Datasets

Dataset	Date
Smart Contract Audit Findings	Aug 2019

Podcasts

Podcast	Guest	Date	Topic(s)
Risky Business 672	Dan Guido	Jul 2022	Blockchain security
Cloud Security Reinvented	Nick Selby	Jun 2022	Cloud security
Skiff Office Hours	Dan Guido	Mar 2022	Privacy technology
Risky Business 652	Dan Guido	Jan 2022	Zero-knowledge proofs
Secureum Safecast #3	Josselin Feist	Nov 2021	Blockchain security
Secureum Safecast #2	Dan Guido	Oct 2021	Blockchain security
Press Freedom Foundation	Dan Guido	Jul 2021	Mobile security and iVerify
Employee Cycle	Hannah Hanks	Mar 2021	First PeopleOps hire
Risky Business 614	Dan Guido	Feb 2021	iVerify
Building Better Systems #6	Dan Guido	Jan 2021	What blockchain got right
WCBS 880	Dan Guido	Sep 2020	Gap years and intern hiring
Risky Business 594	Dan Guido	Aug 2020	Apple security
Epicenter 346	Dan Guido	Jun 2020	Smart contract security
Absolute AppSec 97	Stefan Edwards	May 2020	Threat modeling
Unchained 170	Dan Guido	May 2020	DeFi security
Risky Business 580	Dan Guido	Apr 2020	Mobile voting
Absolute AppSec 91	Stefan Edwards	Apr 2020	Mobile voting
Zero Knowledge 122	Ben Perez	Mar 2020	Cryptography reviews, ZKPs
Changelog	Dan Guido	Jan 2020	AlgoVPN
Risky Business 559	Stefan Edwards	Oct 2019	Kubernetes
FOSS Weekly 545	William Woodruff	Sep 2019	PyPI security improvements
`Podcast.__init__` 225	William Woodruff	Aug 2019	PyPI security, UX, and sustainability
Absolute AppSec 68	Stefan Edwards, Bobby Tonic	Aug 2019	Kubernetes
Hashing it Out 53	Dan Guido	Jul 2019	Smart contract testing
Absolute AppSec 60	Stefan Edwards	May 2019	Android, programming languages
Absolute AppSec 55	Stefan Edwards	Apr 2019	Security testing
Hashing it Out 35	Dan Guido, Josselin Feist	Jan 2019	Ethereum's failed EIP-1283
Risky Business	JP Smith	Jan 2019	Post-quantum crypto in CTFs
Absolute AppSec 37	Stefan Edwards	Nov 2018	Programming languages, symbex
Risky Business 510	Lauren Pearl	Aug 2018	Open source security engineering
Absolute AppSec 34	Stefan Edwards	Oct 2018	Security testing, blockchain
Zero Knowledge 16	JP Smith	Mar 2018	Smart contract security
Risky Business 488	JP Smith	Feb 2018	Smart contract testing w/ Manticore
Risky Business 474	Dan Guido	Oct 2017	How to engineer secure software
Georgian Partners 47	Dan Guido	May 2017	AlgoVPN and Tor
VUC 643	Dan Guido	Apr 2017	AlgoVPN
Risky Business 449	Dan Guido	Mar 2017	Control Flow Integrity
Risky Business 425	Dan Guido	Sep 2016	Recap the week's news
Risky Business 421	Dan Guido	Aug 2016	Car hacking and the week's news
Risky Business 416	Dan Guido	Jul 2016	DARPA Cyber Grand Challenge
Risky Business 399	Dan Guido	Feb 2016	Apple vs the FBI
Risky Business 370	Dan Guido	Feb 2015	DARPA Cyber Grand Challenge
Risky Business 348	Dan Guido	Jun 2015	DARPA Cyber Grand Challenge

Security reviews

Companies that have allowed us to speak about our work can be found here. Many more remain confidential.

Technology product reviews

Product	Date	Level of Effort	Announcement	Report
Hashicorp Terraform Cloud	June 2022	6
Binance CGGMP21 and FROST	May 2022	8
Datadog	May 2022	6
Phantom Wallet	Apr 2022	4
Datadog	May 2022	6
MATTR	May 2022	4
ArmorLock	Apr 2022	6
DigitalOcean Function	Apr 2022	4
Auvik Collector	Apr 2022	8
snarkVM and snarkOS	Apr 2022	12
Fuchsia Platform	Mar 2022	8
Optimus ROM	Jan 2022	4
BitcoinBeach	Mar 2022	4		📄
osquery	Jan 2022	6
Redjack	Dec 2021	2
DigitalOcean Cloud	Nov 2021	12
SpruceID	Oct 2021	12		📄
Doppler	Sept 2021	4
Datadog Agent	Aug 2021	8
Appian	Jun 2021	4
Cashero-2.0	Jun 2021	4
Orbit	Apr 2021	1
Linux Kernel	Apr 2021	2	Linux Kernel Release Signing and Key Management	📄
VGS Proxy	Apr 2021	4
Skiff	Feb 2021	4
CircleCI Server 3.0	Jan 2021	6	Penetration testing at CircleCI
BitMEX	Jan 2021	4
SecureDrop	Dec 2020	8	2nd audit of SecureDrop Workstation	📄
Citizen Browser	Dec 2020	0.43	How We Built a Facebook Inspector
Ren	Aug 2020	4	August Development Update	📄
Hey.com	Jun 2020	1	Serious Security	📄
Azure Sphere	Jun 2020	12	Azure Sphere 20.07 Security Enhancements
Zoom	May 2020	9	90 Days Done, What’s Next for Zoom
Secure Transport	Apr 2020	4
ZeroTier 2.0	Mar 2020	2	ZeroTier	📄
Standard Notes	Mar 2020	1	Standard Notes Completes Crypto Audit	📄
Voatz	Feb 2020	12	Voatz, Tusk	📄 📛
Vault	Feb 2020	12
Voice	Jan 2020	4
Sweet B	Jan 2020	4	Western Digital	📄
SanDisk X600	May 2019	6	Multiple vulnerabilities in SanDisk X600	📄
Azure Sphere	Jun 2019	12
Project Callisto	Aug 2018	5
zlib	Sep 2016	1		📄

Cloud-Native reviews

Product	Date	Level of Effort	Announcement	Report
Tekton	Mar 2022	4
Linkerd	Feb 2022	4
CoreDNS	Jan 2022	4		📄
Terrform Enterprise	Nov 2021	6
Nomad Enterpprise	Nov 2021	6
Consul Enterprise	Oct 2021	6
Vault Enterprise	Oct 2021	6
HashiCorp Cloud	Jun 2021	8
Argo	Mar 2021	4		📛 📄
Terrform Cloud	Jan 2021	6
Consul	Oct 2020	10
Nomad	Aug 2020	6
Helm	Aug 2020	4	Helm 2nd Security Audit	📄
Terraform	Mar 2020	6
OPA	Mar 2020	2	Open Policy Agent (OPA) Graduation Proposal	📄
etcd	Jan 2020	4	CNCF	📄
Rook	Dec 2019	2	CNCF	📄
Kubernetes	May 2019	12	Google, CNCF	📛 📄 📰

Blockchain reviews

Algorand

Product	Date	Level of Effort	Announcement	Report
wXTZ	Nov 2020	4		📄
wALGO	Nov 2020	4		📄
Meld Gold	Jul 2020	2
Algorand	Mar 2019	14	Success and momentum of Algorand
Pixel	Dec 2019	4

Avalanche

Product	Date	Level of Effort
Alkimiya Silica V2	June 2022	6
Ava Labs	Apr 2022	8
Flare Network	Mar 2021	8

Bitcoin & derivatives

Product	Date	Level of Effort	Announcement	Report
STAS SDK	Oct 2021	4
STAS-JS SDK	Sept 2021	4
Bitcoin SV	Jan 2021	6
Zcoin	Jul 2020	2	Lelantus Cryptographic Library Audit Results	📄
Zcash	Apr 2020	3	Heartwood security assessment results	📄
Zcash	Nov 2019	6	NU3, Blossom, and Sapling security reviews	📄
Zcash	Nov 2019	6		📄
Paymail Protocol	Nov 2019	7
Bitcoin SV	Nov 2018	12
Simple Ledger	Oct 2019	3
ZecWallet	Apr 2019	2		📄
RSKj	Nov 2017	6	RSK security audit results	📄

Ethereum/EVM

Product	Date	Level of Effort	Announcement	Report
Morpho	June 2022	4	@trailofbits performed a security audit of Morpho	📄
Balancer Relayer Contracts	June 2022	2
AuctionRaffle	May 2022	2
Seaport Protocol	May 2022	4	Introducing Seaport Protocol	📄
Shell Protocol V2	May 2022	4
Optimism	Apr 2022	6
NFTX	Apr 2022	4	Trail of Bits Audit	📄
Frax	May 2022	4
ReserveLending+	Apr 2022	4	Security Audit for ReserveLending+
Firefly	Apr 2022	4
Gamestop Wallet	Mar 2022	0.6	GameStop Launches Wallet for Cryptocurrencies and NFTs
Gyroscope	Mar 2022	6
LooksRare	Mar 2022	4		📄
Symbiosis	Mar 2022	2
RAILGUN	Feb 2022	4
RAILWAY	Feb 2022	4
Persistence ETH2.0	Feb 2022	4
Advanced Blockchain	Feb 2022	6		📄
Perpetual Protocol V2	Feb 2022	4		📄
Futureswap V4.1	Feb 2022	4
Firefly	Feb 2022	8
API3	Feb 2022	8		📄
Beethoven X	Feb 2022	1		📄
Minterest Finance	Jan 2022	6
pSTAKE	Jan 2022	6
Primitive	Jan 2022	8	Publishing the Primitive RMM smart contracts audit by @trailofbits	📄
Strips Finance	Jan 2022	8
Cardstack	Dec 2021	4
Frax	Dec 2021	4		📄
Sherlock Protocol V2	Dec 2021	4		📄
Maple	Nov 2021	4	Maple Loans Audit Reports	📄
Advanced Blockchain	Nov 2021	6		📄
Opyn	Nov 2021	6		📄
Aave V3	Nov 2021	4
Tokemak	Oct 2021	3
Fuji Fianance	Oct 2021	6		📄
V2 Vault	Oct 2021	4
Yield V2	Sept 2021	6		📄
Gro protocol	Sept 2021	2
Futureswap V4	Sept 2021	6
RocketPool	Aug 2021	5		📄
AlphaX	Aug 2021	6
Bug Bounty Platform	Aug 2021	8
88mph V3	Aug 2021	6		📄
Timeswap	Jul 2021	2
CompliFi	Jul 2021	6		📄
Optics	Jul 2021	2
FlareFinance	Jun 2021	4
Uniswap V3 Staker	Jun 2021	2
Abyss Lockup	Jun 2021	2
Futureswap V3	Jun 2021	6
CompliFi	Jun 2021	6
Syndicate	May 2021	4
Opyn Gamma	May 2021	6		📄
Frax	May 2021	4		📄
Yearn v2 Vaults	Apr 2021	6		📄
DFX Finance	Apr 2021	6
Tokemak	Apr 2021	1
Warp Contracts	Apr 2021	6	Completion of Trail of Bits’ Audit	📄
FlareFinance	Apr 2021	3
MC Dai	Mar 2021	6
Uniswap V3	Mar 2021	10	Introducing Uniswap V3	📄
dForce Lending	Mar 2021	6
Liquity Proxy Contract	Feb 2021	0.57		📄
Liquity Protocol	Feb 2021	8		📄
RAY-DAO	Feb 2021	4
Futureswap	Jan 2021	2
Balancer V2	Jan 2021	6
C.R.E.A.M.	Jan 2021	1		📄
LUSD	Dec 2020	8		📄
Origin Dollar	Nov 2020	4	Origin Dollar Relaunches	📄
Zerion SDK	Nov 2020	4
Teller Protocol	Nov 2020	4
Hermez	Nov 2020	4	Hermez Second Audit, by Trail of Bits	📄
Graph Protocol	Oct 2020	3
OVM	Oct 2020	6
Prysm	Sep 2020	6
DODO	Sep 2020	3		📄
Yield Protocol	Aug 2020	6		📄
Smart Pool	Aug 2020	1
DeFiner	Aug 2020	1
ETH2.0 Deposit CLI	Aug 2020	4		📄
Argent	Aug 2020	4
CurveDAO	Jul 2020	6		📄
Amp	Jul 2020	3		📄
Federated Bridge	Jul 2020	1
dForce dToken	Jul 2020	2		📄
Matic	Jun 2020	4
Lighthouse	Jun 2020	4
tBTC	May 2020	6		📄
QTUM	Apr 2020	0.43		📄
Hegic	Apr 2020	0.43		📄
Golem Network	Mar 2020	2
Reddit	Mar 2020	1	A New Frontier
Chai	Feb 2020	0.28		📄
Compound	Feb 2020	2		📄
WorkLock	Jan 2020	2	WorkLock Security Audit	📄
Balancer	Jan 2020	4		📄
Curve.fi	Jan 2020	1		📄
Livepeer	Oct 2019	3
Topo Finance	Oct 2019	4
0x Protocol	Oct 2019	10		📄
Dharma Wallet	Oct 2019	4		📄
Flexa	Sep 2019	2	Announcing Flexa Capacity	📄
AZTEC Protocol	Sep 2019	10		📄
Oasis Labs	Sep 2019	13
Aave Protocol	Sep 2019	4		📄
MC Dai	Aug 2019	13	MCD Security Roadmap Update: Oct 2019	📄
Staked	Aug 2019	4
Compound	Aug 2019	2		📄
Computable	Jul 2019	8	Computable Contract Audit	📄
Numerai	May 2019	3	NMR 2.0 is now live!	📄
MerkleX	May 2019	4
TokenCard	May 2019	5		📄
Unity Coin	Apr 2019	1
Compound	Apr 2019	8	Compound v2 is Live	📄
Ocean Protocol	Mar 2019	4	One Protocol. One Network. One Community
UMA Project	Mar 2019	3
Centrifuge	Mar 2019	5
Nomisma	Mar 2019	1
Reserve Protocol	Mar 2019	1		📄
Set Protocol	Mar 2019	5	The Road to MainNet	📄
NuCypher	Feb 2019	4	Security Audits (Round 2)	📄
AMP StableWire	Jan 2019	1
EIP-1283	Jan 2019	1	Constantinople Security Update	📄
Ampleforth	Nov 2018	4	Source Code and Security Audits with Trail of Bits	📄
Origin Protocol	Nov 2018	4	How We Approach Security at Origin	📄
Paxos Standard	Oct 2018	4		📄
Basecoin	Oct 2018	12		📄
Pantheon	Oct 2018	8	What we learned from auditing our Ethereum client	📄
Compound	Sep 2018	12	Compound launches money markets for Ethereum
NuCypher	Aug 2018	12	Security audits: round 1	📄
CENTRE	Jul 2018	4	Designing an upgradeable Ethereum contract
Bloom	Jul 2018	1	Bloom development update
Gemini Dollar	Jun 2018	8	Stablecoins: Understanding Counterparty Risk	📄
Dharma	May 2018	1	Dharma protocol v1 is live on mainnet
Golem	Apr 2018	4	Smart contracts: audit report	📄
LivePeer	Mar 2018	4	Livepeer smart contract security audit #1 results	📄
DappHub	Dec 2017	8		📄
MakerDAO Sai	Oct 2017	8	Single-collateral Dai security reviews	📄
Omega One	Aug 2017	6

NervOS

Product	Date	Level of Effort	Report
xUDT	Jun 2021	2
Nervos -RSA	Mar 2021	4
Nervos SUDT	Oct 2020	6	📄
Cheque Cell & ORU	Feb 2021	8
Force Bridge - Solidity	Feb 2021	4
Force Bridge - Rust	Feb 2021	3

StarkWare

Product	Date	Level of Effort	Announcement	Report
StarkPerpetual	Jan 2022	8
StarkEx	Nov 2021	8

Solana

Product	Date	Level of Effort	Announcement	Report
Solana	Apr 2022	12

Substrate

Product	Date	Level of Effort	Announcement	Report
Parallel Finance	Mar 2022	6		📄
Polkadex	Feb 2022	10
Polkadex	Dec 2021	4
PINT	Sept 2021	4
Polkaswap	Jul 2021	6
AlephBFT	Jun 2021	4
Acala Network	Jun 2021	4
Compound Chain	May 2021	6
Acala Network	Jan 2021	6		📄
Parity Fether	Aug 2019	4
Parity	Jul 2018	12	Parity completes Trail of Bits security review	📄

Tendermint/Cosmos

Product	Date	Level of Effort	Announcement	Report
Umee	Feb 2022	8		📄
Columbus-5	Jan 2022	2
IBC Protocol	Dec 2021	4
THORChain	Aug 2021	12
Tendermint	Mar 2019	12
ndau	Nov 2018	8	ndau Holders Elect Inaugural Policy Council

Tezos

Product	Date	Level of Effort	Announcement	Report
Kolibri	Apr 2022	4
Tezori (T2)	Dec 2020	4		📄
Tezori	Jul 2018	2	Thanks to @trailofbits for their security review
Magma	Jun 2020	1		📄
Dexter	Jun 2020	4		📄

Other/Multi-Chain

Product	Date	Level of Effort	Announcement	Report
DFINITY Threshold ECDSA	May 2022	8
Arbitrum Nitro	Mar 2022	16
DeGate	Feb 2022	4		📄
ShardX	Dec 2021	2
DeGate	Dec 2021	4
Threshold-DSA	Nov 2021	6
DFINITY Consensus	Nov 2021	2	Internet Computer Consensus: Security Assessment	📄
PolySign HSM	Oct 2021	6
Hop Protocol V2	Sept 2021	4
Golden Gate Library	Sept 2021	1
PolySign	Sept 2021	6
Qredo Blockchain	Sept 2021	6
Arbitrum	Sept 2021	16
go-schnorrkel	Aug 2021	4
ShardX	Aug 2021	4
Casper Web Wallet	Jul 2021	4		📄
AElf	Jul 2021	4
CrossChain-Bridge	Jul 2021	8
Open Oracle	Apr 2021	2
DFINITY	May 2021	24		📄
Arbitrum V2	Feb 2021	8
Fog Protocol	Jan 2021	4		📄
eFIL	Jan 2021	2
MobileCoin BFT	Oct 2020	4		📄
Highway Consensus	Nov 2020	4	ToB Audit of the Casper Highway Protocol	📄
Stacks V2	Sep 2020	6
MobileCoin	Aug 2020	4		📄
VRFs	Aug 2020	2
Arbitrum	Jul 2020	6
MYKEY	Jul 2020	4
Symbol	Jul 2020	4	Symbol from NEM completes Trail of Bits Security Audit	📄
Ledger Filecoin	Jul 2020	2		📄
Chainlink	Jun 2020	8
Chainlink Flux	May 2020	4
Elrond	Mar 2020	6
EOSIO SDK	Jan 2020	4
NEAR Protocol	Nov 2019	8
EOSIO 2.0	Oct 2019	8
Status-go	Oct 2019	9
Celo	Sep 2019	8
Blockchain.com	Aug 2019	4
RandomX	Jun 2019	2	Monero and Arweave to Validate RandomX	📄
Interest Token	May 2019	0.28
Loom	May 2019	10	Loom SDK Q1 2019 Security Audit
Building Blocks	Aug 2018	7	UN WFP uses Ethereum to aid 100,000 refugees
Web3	Mar 2018	2	W3F and TOB hardware wallet security guidance	💬

Workshops

Workshop Title	Venue	Date
Smart Contract Security Automation Workshop	TruffleCon 2019	Oct 2019
Manticore EVM Workshop	Devcon4 2018	Nov 2018
Introduction to Smart Contract Exploitation	GreHack 2018	Nov 2018
DeepState: Bringing Vulnerability Detection Tools into the Dev Cycle	SecDev 2018	Oct 2018
Smart Contract Security Automation Workshop	TruffleCon 2018	Oct 2018
Smart Contract Security Automation Workshop	ETH Berlin 2018	Sep 2018
Manticore EVM Workshop	EthCC 2018	Mar 2018
Manticore Workshop	GreHack 2017	Oct 2017

Legend

Icon	Definition
💬	Blog post or other social media
📄	Security Assessment report
📛	Threat Model report
📰	Whitepaper

Header	Definition
Level of Effort	Defined in person-weeks for the project

publications
publications copied to clipboard

Metadata

Publications from Trail of Bits

Academic papers

Conference presentations

Automated bug finding and exploitation

Blockchain

Cryptography

Engineering

Education

Infrastructure

Machine Learning

Mobile security

Programming

Side channels

Threat analysis & malware

Datasets

Podcasts

Security reviews

Technology product reviews

Cloud-Native reviews

Blockchain reviews

Algorand

Avalanche

Bitcoin & derivatives

Ethereum/EVM

NervOS

StarkWare

Solana

Substrate

Tendermint/Cosmos

Tezos

Other/Multi-Chain

Workshops

Legend

← Metadata

Owner

Metadata

publications publications copied to clipboard

Metadata

Publications from Trail of Bits

Academic papers

Conference presentations

Automated bug finding and exploitation

Blockchain

Cryptography

Engineering

Education

Infrastructure

Machine Learning

Mobile security

Programming

Side channels

Threat analysis & malware

Datasets

Podcasts

Security reviews

Technology product reviews

Cloud-Native reviews

Blockchain reviews

Algorand

Avalanche

Bitcoin & derivatives

Ethereum/EVM

NervOS

StarkWare

Solana

Substrate

Tendermint/Cosmos

Tezos

Other/Multi-Chain

Workshops

Legend

← Metadata

Owner

Metadata

publications
publications copied to clipboard