blockchain
Why fuzzing over formal verification?
By Tarun Bansal, Gustavo Grieco, and Josselin Feist We recently introduced our new offering, invariant development as a service. A recurring question that we are asked is, “Why fuzzing instead of formal ...
Releasing the Attacknet: A new tool for finding bugs in blockchain nodes using chaos testing
By Benjamin Samuels (@thebensams) Today, Trail of Bits is publishing Attacknet, a new tool that addresses the limitations of traditional runtime verification tools, built in collaboration with the Ethereum Foundation. Attacknet is ...
Secure your blockchain project from the start
Systemic security issues in blockchain projects often appear early in development. Without an initial focus on security, projects may choose flawed architectures or make insecure design or development choices that result in ...
When try, try, try again leads to out-of-order execution bugs
By Troy Sargent Have you ever wondered how a rollup and its base chain—the chain that the rollup commits state checkpoints to—communicate and interact? How can a user with funds only on ...
Circomspect has been integrated into the Sindri CLI
By Jim Miller Our tool Circomspect is now integrated into the Sindri command-line interface (CLI)! We designed Circomspect to help developers build Circom circuits more securely, particularly given the limited tooling support ...
Molly White Reviews Blockchain Book
Molly White—of “Web3 is Going Just Great” fame—reviews Chris Dixon’s blockchain solutions book: Read Write Own: In fact, throughout the entire book, Dixon fails to identify a single blockchain project that has ...
Celebrating our 2023 open-source contributions
At Trail of Bits, we pride ourselves on making our best tools open source, such as Slither, PolyTracker, and RPC Investigator. But while this post is about open source, it’s not about ...
Billion times emptiness
By Max Ammann Behind Ethereum’s powerful blockchain technology lies a lesser-known challenge that blockchain developers face: the intricacies of writing robust Ethereum ABI (Application Binary Interface) parsers. Ethereum’s ABI is critical to ...
NKAbuse Threat Uses NKN Blockchain Network for DDoS Attacks
A new multiplatform threat that uses the peer-to-peer (P2P) NKN network connectivity protocol as a communication channel for launching a range of threats, from distributed denial-of-service (DDoS) attacks to a remote access ...
US Sanctions Sinbad Mixer: Disrupting Threats Unveiled
The U.S. Treasury Department recently took a significant step in the ongoing battle against cybercrime by imposing sanctions on Sinbad. It’s a virtual currency mixer utilized by the North Korea-linked Lazarus Group ...