Existing and new customers
Office Hour Session
FREE
- $1,000
- Offer Value
Offers (1)
Basic Info
We secure the world’s most targeted organizations and products – combining security research with an attacker mentality to reduce risk and fortify code. Our software security R&D firm has specialized practices in application/infrastructure security, blockchain security, AI/ML security, and cryptography. We perform formal threat modeling, design reviews, and low-level, detail-oriented source code reviews across a variety of industries.
Why work with us
Clients choose Trail of Bits for:
- Our results: We’re known for our rigor, ability to formally verify code correctness, and development/use of open-source tools. Our results are repeatable and verifiable; their impacts extend beyond our engagements, because we help clients improve their techniques rather than just a point-in-time list of issues.
- Our integrated research: Trail of Bits is the industry leader in published research. Most clients and other firms look to our past work as a reference and recognize us as a rare expert in both consulting and applied research.
- Our people: We offer specialized expertise covering engineering, blockchain security, cryptography, binary analysis, and custom software development for security operations. Our employees (~10% of whom hold PhDs) have been published in peer-reviewed journals and cited in major news sources.
Clients (4)
Internet Software & Services
Google, LLC is an American multinational technology company that specializes in Internet-related services and products, which include online advertising technologies, a search engine, cloud ... read more
Zoom Video Communications
Internet Software & Services
Zoom is the leader in modern enterprise video communications, with an easy, reliable cloud platform for video and audio conferencing, chat, and webinars across mobile, desktop, and room syst... read more
OpenSea
Internet Software & Services
OpenSea is an American online non-fungible token marketplace headquartered in New York City. read more
Uniswap
Uniswap is a cryptocurrency exchange which uses a decentralized network protocol. read more
Brochure
Video
Company focus
Industries
Projects or Case studies (3)
Uniswap V3 Core Code Review
January 2021 - March 2021
Public report: https://github.com/trailofbits/publications/blob/master/reviews/UniswapV3Core.pdf Trail of Bits conducted a 10 engineer-week assessment of the uniswap-v3-core repository. We focused on the three main contracts, reviewed the factory contract and the mint/burn and flash functionalities, and the math libraries and the swap function. This included a manual review of the arithmetic libraries, the flash loan feature, and pool initialization and focus on using our Ethereum smart contract fuzzer, Echidna, to test properties. We also added more Echidna properties to the core pool contracts and libraries and improved the existing properties by adding dynamic position creation. This enabled us to discover issues such as TOB-UNI-010. We found 10 issues, including 2 of high severity. The most critical is TOB-UNI-005, which allows anyone to drain a pool’s funds in both tokens due to an incorrect balance comparison.
Open Source Tools
-
We are purveyors of open-source security tools (which can be found at https://github.com/crytic) and maintain a repository of guidelines and best practices to write secure smart contracts (https://github.com/crytic/building-secure-contracts)
Toward Comprehensive Risk Assessments and Assurance of AI-Based Systems
March 2023 -
Our AI/ML practice has developed a novel, end-to-end AI risk framework that incorporates the concept of an Operational Design Domain (ODD), which can better outline the hazards and harms a system can potentially have. By having a framework that can be applied to all AI-based systems, we can better assess potential risks and required safety mitigations, no matter the application.