Gustavo Grieco -The Trail of Bits Blog

We recently introduced our new offering, invariant development as a service. A recurring question that we are asked is, “Why fuzzing instead of formal verification?” And the answer is, “It’s complicated.” We use fuzzing for most of our audits but have used formal verification methods in the […]

Cosmos is a platform enabling the creation of blockchains in Go (or other languages). Its reference implementation, Cosmos SDK, leverages strong fuzz testing extensively, following two approaches: smart fuzzing for low-level code, and dumb fuzzing for high-level simulation. In this blog post, we explain the differences between these approaches and show how […]

At Trail of Bits we do more than just security audits: We also push the boundaries of research in vulnerability detection tools, regularly present our work in academic conferences, and review interesting papers from other researchers (see our recent Real World Crypto and Financial Crypto recaps). In this spirit, we and Northern Arizona University are […]

TL;DR: We have improved Echidna with tons of new features and enhancements since it was released—and there’s more to come. Two years ago, we open-sourced Echidna, our property-based smart contract fuzzer. Echidna is one of the tools we use most in smart contract assessments. According to our records, Echidna was used in about 35% of […]

We have published an academic paper on Slither, our static analysis framework for smart contracts, in the International Workshop on Emerging Trends in Software Engineering for Blockchain (WETSEB), colocated with ICSE. Our paper shows that Slither’s bug detection outperforms other static analysis tools for finding issues in smart contracts in terms of speed, robustness, and […]

Gustavo Grieco

Why fuzzing over formal verification?

Improving the state of Cosmos fuzzing

Announcing the 1st International Workshop on Smart Contract Analysis

An Echidna for all Seasons

Slither: The Leading Static Analyzer for Smart Contracts