And soon Slither will let you list all the entry points of a codebase with a single command: `slither . --print entry-points`

Trying this onchain fuzzing thing with Medusa and Cerberus Seems to work pretty well already

For anyone who just updated their Medusa, there's already another minor update with some critical bugfixes: github.com/crytic/medusa/…

Smart contract devs: Can you instantly name your protocol's five most critical invariants? Most can't - and that gap leads to costly vulnerabilities. (⬇️)

Our Valentine's Day gift

Trail of Bits are building Rust smart contract auditing tools via Meduza. x.com/arbitrumcore/s…

Trail of Bits Secures a Grant from Arbitrum’s Stylus Sprint! Trail of Bits has been awarded 415K ARB to enhance Medusa, enabling stateful fuzzing for Stylus smart contracts on Arbitrum! This will allow developers to test and secure mixed EVM and Stylus contracts using familiar

We were awarded an Arbitrum Stylus grant to extend Medusa's fuzzing capabilities to mixed EVM/Stylus deployments. (more info below!)

2 weeks ago at Defi Security Summit from Josselin Feist: Q: Will we see a billion dollar exploit in 2025? A: "If it happens, it won't be a smart contract, it'll be an operational security issue." x.com/summit_defi/st…

The $1.5B Bybit hack marks a new era in cryptocurrency security. Attackers have moved beyond technical exploits to sophisticated operational attacks. Read our initial analysis of this historic breach and its industry-wide implications: blog.trailofbits.com/2025/02/21/the…

How Threat Modeling Could Have Prevented the $1.5B Bybit Hack. Our blog explores one of our most popular but rarely published report types, and how adding threat modeling to your organization can save you from becoming the next billion-dollar headline. blog.trailofbits.com/2025/02/25/how…

Are you struggling to review solana programs? Check out anchorx-ray, our new tool to visualize the accounts' relationships: hubs.la/Q039cgxB0

Coverage reports that actually show you where to look. Medusa v1.2.1's new file explorer and search capabilities help security engineers precisely pinpoint untested code paths without drowning in raw data.

This is an interesting result and demonstrates the value of effective benchmarking. Echidna has used PC coverage since its inception but edge coverage is a staple following AFL’s innovative approach. Sam Alws did a great job getting it over the line

Stylus Sprint Spotlight - Trail of Bits We’re thrilled to see another Trail of Bits project selected by the Stylus Sprint Grants Program to adapt Solang, an existing Solidity-to-WASM compiler for Solana and Polkadot, to target Stylus on Arbitrum. This allows Solidity developers

Pleased to announce that I've been promoted to Director of the Blockchain security team at @TrailofBits I'm excited to continue to establish ToB as the best place to perform world-class, high-impact security research, and this year is shaping up to be one of the busiest yet. 🧵

Passkeys are the most important security technology of the past 10 years. You should know how they work. 🧵

I’ve been asked this so many times that I decided to turn it into an EthCC - Ethereum Community Conference talk See you there! ☀️

Our entire blockchain team descends on EthCC - Ethereum Community Conference next week. Catch our talks on auditor careers and exchange security—DM us if you want to grab lunch.

in the past month, our team has found two critical bugs whose impact was severe enough to cause two major chains to soft fork. be on the lookout for the writeups, they should be coming in the next month or so.