Caracal has 10 vulnerability detectors, performs taint analysis, has two printers to report information, and more. Try it out: buff.ly/3rXIbsm

Many assume our open source tools are just for marketing. In reality, the effort to build and maintain these tools is immense, and overshadow any direct marketing gain. And from a business standpoint: competitors even benefit from our work for free. So, why do we do it? These

Testing test suite can help discover non-trivial security issues

If you are a Solidity dev you should definitely check this out. High-level recommendations to build more secure smart contracts. Really helpful stuff that every Solidity dev/auditor should know very well. github.com/crytic/buildin…

We’re decentralizing our Twitter. Follow Trail of Blocks for all of our Blockchain updates, resources, and more.

Do you want to convert a fuzzing run into foundry tests? Check out github.com/crytic/fuzz-ut……. It’s game changer for PoC generation and debugging

We are excited to announce Trail of Bits won a $1mil DARPA award to compete in the AIxCC! Learn about our approach and guiding principles: blog.trailofbits.com/2024/03/11/dar…

Today we're releasing Attacknet, a new tool in the blockchain security arsenal. Built in collaboration with the @Ethereum Foundation, it uses Chaos Engineering to test the most challenging network conditions imaginable for fault tolerance blog.trailofbits.com/2024/03/18/rel…

Starting with fuzzing is an easy and smart choice!

We presented our paper on Necessist, "Test Harness Mutilation," at Mutation 2024. Necessist finds bugs in real-world tests! Slides and a preprint of the paper are available at github.com/trailofbits/ne…

Hey everyone! I'm sure this next job announcement will excite many folks to apply, so I'm preparing myself to review hundreds, if not thousands, of resumes over the next few weeks, lol! We are actively seeking a Senior Security Engineer to join our well-known blockchain team.

Don't miss them if you want to learn how to effectively use security tools for auditing complex code.

Great news for Echidna users! In the upcoming release, coverage reports will display the number of executions per line. This feature is extremely useful for debugging the efficiency of fuzzing suites. By identifying branches that are rarely reached, you can add clamping or

Echidna 2.2.4 is out! tl;dr it brings many improvements in fuzzing speed and user experience. Github: buff.ly/3LxPLQx Learn more in 🧵

The @TrailofBits Blockchain team is hiring! Security Engineer II: buff.ly/3Wu0nGo Senior Security Engineer: buff.ly/3WoTYMN

.@TrailofBits audited Uniswap Labs 🦄's v4 code following multiple previous reviews. Our approach combined manual expertise with state-of-the-art automated analysis to reveal several issues (🧵 ) buff.ly/4d6HdvG

Radiant Capital receiving unbelievably bad advice here. FFS please separate your sensitive on-chain operations from browsing/discord/telegram/email/etc. x.com/RDNTCapital/st…

Good TON-specific findings in this report to learn about the TON smart contracts.

This talk is going to be a banger. Imagine being able to keep your treasury safe even if your entire multi-sig is compromised. It's easy to implement and something you could build tomorrow. Come to my talk to find out how

TOOL RELEASE: Detect plagiarized code even when variable names change and comments disappear. Vendetect uses semantic fingerprinting to catch copied code that traditional tools miss. blog.trailofbits.com/2025/07/21/det…