GithubHelp home page GithubHelp logo

tomaszzel / publications Goto Github PK

View Code? Open in Web Editor NEW

This project forked from trailofbits/publications

0.0 0.0 0.0 608.67 MB

Publications from Trail of Bits

Home Page: https://www.trailofbits.com

License: Creative Commons Attribution Share Alike 4.0 International

JavaScript 8.74% Python 31.51% C 4.57% PHP 0.18% Makefile 0.59% HTML 26.23% Dockerfile 0.58% Solidity 27.60%

publications's Introduction

Publications from Trail of Bits

Academic Papers

Paper Title Venue Publication Date
A Broad Comparative Evaluation of x86-64 Binary Rewriters CSET 22 August 2022
Evaluating Static Analysis Tools via Differential Mutation QRS 2021 Dec 2021
echidna-parade: Diverse multicore smart contract fuzzing ISSTA 2021 Jul 2021
Differential analysis of x86-64 instruction decoders LangSec 2021 May 2021
Echidna: effective, usable, and fast fuzzing for smart contracts ISSTA 2020 Jul 2020
Automated Grammar Extraction via Semantic Labeling of Parsers LangSec 2020 May 2020
What are the Actual Flaws in Important Smart Contracts? FC 2020 Feb 2020
Echidna: A Practical Smart Contract Fuzzer FC 2020 Feb 2020
RSA GTFO PoC||GTFO 0x20 Jan 2020
Manticore: Symbolic Execution for Binaries and Smart Contracts ASE 2019 Jun 2019
Slither: A Static Analysis Framework For Smart Contracts WETSEB 2019 May 2019
Toward Smarter Vulnerability Discovery Using Machine Learning AISec 2018 Oct 2018
The Past, Present, and Future of Cyberdyne IEEE S&P Apr 2018
DeepState - Symbolic Unit Testing for C and C++ BAR 2018 Feb 2018
Cyber-Deception and Attribution in Capture-the-Flag Exercises FOSINT-SI 2015 Jul 2015

Conference Presentations

Automated bug finding and exploitation

Presentation Title Author(s) Year
Differential analysis of x86-64 instruction decoders William Woodruff, Niki Carroll, Sebastiaan Peters 2021
How to find bugs when (ground) truth isn't real William Woodruff 2020
The Treachery of Files and Two New Tools that Tame It Evan Sultanik 2019
Symbolically Executing a Fuzzy Tyrant Stefan Edwards 2019
Kernel space fault injection with KRF William Woodruff 2019
Binary Symbolic Execution With KLEE-Native Sai Vegasena 2019
Going sicko mode on the Linux Kernel William Woodruff 2019
Vulnerability Modeling with Binary Ninja Josh Watson 2018
File Polyglottery; or, This PoC is also a picture of cats Evan Sultanik 2017
Be a binary rockstar Sophia D'Antoine 2017
Symbolic Execution for Humans Mark Mossberg 2017
The spirit of the 90s is still alive in Brooklyn Ryan Stortz, Sophia D'Antoine 2017
The dream of a static and dynamic analysis shootout Ryan Stortz 2016
Binary constraint solving for automatic exploit generation Sophia D'Antoine 2016
The Smart Fuzzer Revolution Dan Guido 2016
Making a scaleable automated hacking system Artem Dinaburg 2016
Cyberdyne - Automatic bug-finding at scale Peter Goodman 2016
McSema: Static translation of x86 to LLVM IR Andrew Ruef, Artem Dinaburg 2014

Blockchain

Presentation Title Author(s) Year
Building Secure Cairo Filipe Casal, Simone Monica 2022
How to fuzz like a pro Josselin Feist, Nat Chin 2022
Building a Practical Static Analyzer for Smart Contracts Josselin Feist 2021
Testing and Verifying Smart Contracts: From Theory to Practice Josselin Feist 2021
Safely integrating with ERC20 tokens Josselin Feist 2021
Detecting transaction replacement attacks with Manticore Sam Moelius 2020
Fantastic Bugs and How to Squash Them; or, the Crimes of Solidity Evan Sultanik 2019
SlithIR: High-Precision Security Analysis with an IR for Solidity Josselin Feist 2019
Slither: A Static Analysis Framework for Smart Contracts Josselin Feist 2019
What blockchain got right Dan Guido 2019
Property-testing of smart contracts JP Smith 2018
Anatomy of an unsafe programming language Evan Sultanik 2018
Contract upgrade risks and recommendations Josselin Feist 2018
Blackhat Ethereum Ryan Stortz, Jay Little 2018
Blockchain Autopsies - Analyzing Smart Contract Deaths Jay Little 2018
Rattle - an Ethereum EVM binary analysis framework Ryan Stortz 2018
Securing value on the Ethereum blockchain Dan Guido 2018
Binary analysis, meet the blockchain Mark Mossberg 2018
Automatic bug finding for the blockchain Felipe Manzano, Josselin Feist 2017

Cryptography

Presentation Title Author(s) Year
Sigstore for Python Packaging: Next Steps for Adoption William Woodruff 2022
die, PGP, die William Woodruff 2022
Seriously, stop using RSA Ben Perez 2019
Best Practices for Cryptography in Python Paul Kehrer 2019
Analyzing the MD5 collision in Flame Alex Sotirov 2012

Engineering

Presentation Title Author(s) Year
Python Packaging Mystery Meat William Woodruff 2022
Improving PyPI's security with Two Factor Authentication William Woodruff 2019
Linux Security Event Monitoring with osquery Alessandro Gario 2019
osql: The community oriented osquery fork Stefano Bonicatti, Mark Mossberg 2019
Getting started with osquery Lauren Pearl, Andy Ying 2018
osquery Super Features Lauren Pearl 2018
osquery Extension Skunkworks Mike Myers 2018
Build it Break it Fix it Andrew Ruef 2014

Education

Presentation Title Author(s) Year
A mostly gentle introduction to LLVM William Woodruff 2022
JWTs, and why they suck Rory M 2021
The Joy of Pwning Sophia D'Antoine 2017
How to CTF - Getting and using Other People's Computers (OPC) Jay Little 2014
Low-level Security Andrew Ruef 2014
Security and Your Business Andrew Ruef 2014
Bringing nothing to the party Vincenzo Iozzo 2013
From One Ivory Tower to Another Vincenzo Iozzo 2012

Infrastructure

Presentation Title Author(s) Year
Return to the 100 Acre Woods Stefan Edwards 2019
Swimming with the kubectl fish Stefan Edwards 2019

Machine Learning

Presentation Title Author(s) Year
Exploiting Machine Learning Pickle Files Carson Harmon, Evan Sultanik, Jim Miller, Suha Hussain 2021
PrivacyRaven: Comprehensive Privacy Testing for Deep Learning Suha Hussain 2020

Mobile security

Presentation Title Author(s) Year
Swift Reversing Ryan Stortz 2016
Modern iOS Application Security Sophia D'Antoine, Dan Guido 2016
The Mobile Exploit Intelligence Project Dan Guido 2012
A Tale of Mobile Threats Vincenzo Iozzo 2012

Programming

Presentation Title Author(s) Year
Python internals - let's talk about dicts Dominik Czarnota 2019
Low-level debugging with Pwndbg Dominik Czarnota 2018
Insecure Things to Avoid in Python Dominik Czarnota 2018

Program Transformation

Presentation Title Author(s) Year
A Broad Comparative Evaluation of x86-64 Binary Rewriters Eric Schulte, Michael D. Brown, Vlad Folts 2022

Side channels

Presentation Title Author(s) Year
Hardware side channels in virtualized environments Sophia D'Antoine 2015
Exploiting Out-of-Order Execution Sophia D'Antoine 2015

Threat analysis & malware

Presentation Title Author(s) Year
Peeling back the 'Shlayers' of macOS Malware Josh Watson, Erika Noerenberg 2019
The Exploit Intelligence Project Revisited Dan Guido 2013

Datasets

Dataset Date
Smart Contract Audit Findings Aug 2019

Podcasts

We host our own podcast that explores the intersection of human intellect and computational power. You can download episodes from your favorite podcast app or listen to all the episodes on our website.

Podcast Guest Date Topic(s)
ASW 229 Nick Selby Feb 2023 Threat modeling and cloud-native audits
Risky Business 690 Dan Guido Jan 2023 Vuln disclosure
Risky Business 672 Dan Guido Jul 2022 Blockchain security
Cloud Security Reinvented Nick Selby Jun 2022 Cloud security
Skiff Office Hours Dan Guido Mar 2022 Privacy technology
Risky Business 652 Dan Guido Jan 2022 Zero-knowledge proofs
Secureum Safecast #3 Josselin Feist Nov 2021 Blockchain security
Secureum Safecast #2 Dan Guido Oct 2021 Blockchain security
Press Freedom Foundation Dan Guido Jul 2021 Mobile security and iVerify
Employee Cycle Hannah Hanks Mar 2021 First PeopleOps hire
Risky Business 614 Dan Guido Feb 2021 iVerify
Building Better Systems 6 Dan Guido Jan 2021 What blockchain got right
WCBS 880 Dan Guido Sep 2020 Gap years and intern hiring
Risky Business 594 Dan Guido Aug 2020 Apple security
Epicenter 346 Dan Guido Jun 2020 Smart contract security
Absolute AppSec 97 Stefan Edwards May 2020 Threat modeling
Unchained 170 Dan Guido May 2020 DeFi security
Risky Business 580 Dan Guido Apr 2020 Mobile voting
Absolute AppSec 91 Stefan Edwards Apr 2020 Mobile voting
Zero Knowledge 122 Ben Perez Mar 2020 Cryptography reviews, ZKPs
Changelog Dan Guido Jan 2020 AlgoVPN
Risky Business 559 Stefan Edwards Oct 2019 Kubernetes
FOSS Weekly 545 William Woodruff Sep 2019 PyPI security improvements
Podcast.__init__ 225 William Woodruff Aug 2019 PyPI security, UX, and sustainability
Absolute AppSec 68 Stefan Edwards, Bobby Tonic Aug 2019 Kubernetes
Hashing it Out 53 Dan Guido Jul 2019 Smart contract testing
Absolute AppSec 60 Stefan Edwards May 2019 Android, programming languages
Absolute AppSec 55 Stefan Edwards Apr 2019 Security testing
Hashing it Out 35 Dan Guido, Josselin Feist Jan 2019 Ethereum's failed EIP-1283
Risky Business JP Smith Jan 2019 Post-quantum crypto in CTFs
Absolute AppSec 37 Stefan Edwards Nov 2018 Programming languages, symbex
Risky Business 510 Lauren Pearl Aug 2018 Open source security engineering
Absolute AppSec 34 Stefan Edwards Oct 2018 Security testing, blockchain
Zero Knowledge 16 JP Smith Mar 2018 Smart contract security
Risky Business 488 JP Smith Feb 2018 Smart contract testing w/ Manticore
Risky Business 474 Dan Guido Oct 2017 How to engineer secure software
Georgian Partners 47 Dan Guido May 2017 AlgoVPN and Tor
VUC 643 Dan Guido Apr 2017 AlgoVPN
Risky Business 449 Dan Guido Mar 2017 Control Flow Integrity
Risky Business 425 Dan Guido Sep 2016 Recap the week's news
Risky Business 421 Dan Guido Aug 2016 Car hacking and the week's news
Risky Business 416 Dan Guido Jul 2016 DARPA Cyber Grand Challenge
Risky Business 399 Dan Guido Feb 2016 Apple vs the FBI
Risky Business 370 Dan Guido Feb 2015 DARPA Cyber Grand Challenge
Risky Business 348 Dan Guido Jun 2015 DARPA Cyber Grand Challenge

Security Reviews

Companies that have allowed us to speak about our work can be found here. Many more remain confidential.

Technology Product Reviews

Product Date Level of
Effort
Announcement Report
OpenVPN3 Jan 2023 6
Fraxlend and veFPIS Jan 2023 4
Redpanda Core, Console, and Console Enterprise Jan 2023 4
Injective Labs Options Market Jan 2023 4
OpenArchive (Android) Dec 2022 1
Enclave Markets Trading Platform Nov 2022 9
Phantom Nov 2022 2
Fiat Ramps Nov 2022 4
cURL Oct 2022 9.5 OSTIF (official announcement), Daniel Stenberg (blog). Trail of Bits (blog) ๐Ÿ“„โœ…๐Ÿ“›
CloudEvents Oct 2022 4 Results of CloudEvents Security
Assessment
๐Ÿ“„
OpenArchive Save (iOS) Oct 2022 1.2
Fraxlend and FraxFerry Oct 2022 4 ๐Ÿ“„
SimpleX Chat Oct 2022 1 Security assessment by Trail of Bits ๐Ÿ“„
AlphaSOC API Sep 2022 1 ๐Ÿ“„โœ…
Consul Enterprise Sep 2022 6
snarkVM Sep 2022 12 ๐Ÿ“„โœ…
Uniswap Mobile Wallet Aug 2022 4 ๐Ÿ“„โœ…
Hashicorp Boundary Jul 2022 6
BLS Signature Scheme Jul 2022 1
Skiff Jul 2022 6
Terraform Cloud Jun 2022 6
CGGMP21 and FROST May 2022 8
Datadog May 2022 6
Phantom Wallet Apr 2022 4
Datadog May 2022 6
MATTR May 2022 4
ArmorLock Apr 2022 6
DigitalOcean Function Apr 2022 4
Auvik Collector Apr 2022 8
snarkVM and snarkOS Apr 2022 12
Fuchsia Platform Mar 2022 8
Optimus ROM Jan 2022 4
BitcoinBeach Mar 2022 4 ๐Ÿ“„
osquery Jan 2022 6 ๐Ÿ“„
Redjack Dec 2021 2
DigitalOcean Cloud Nov 2021 12
SpruceID Oct 2021 12 ๐Ÿ“„
Doppler Sept 2021 4
Datadog Agent Aug 2021 8
Appian Jun 2021 4
Cashero-2.0 Jun 2021 4
Orbit Apr 2021 1
Linux Kernel Apr 2021 2 Linux Kernel Release Signing and Management ๐Ÿ“„
VGS Proxy Apr 2021 4
Skiff Feb 2021 4
CircleCI Server 3.0 Jan 2021 6 Penetration testing at CircleCI
BitMEX Jan 2021 4
SecureDrop Dec 2020 8 2nd audit of SecureDrop Workstation ๐Ÿ“„
Citizen Browser Dec 2020 0.43 How We Built a Facebook Inspector
Ren Aug 2020 4 August Development Update ๐Ÿ“„
Hey.com Jun 2020 1 Serious Security ๐Ÿ“„
Azure Sphere Jun 2020 12 Azure Sphere 20.07 Security Enhancements
Zoom May 2020 9 90 Days Done, Whatโ€™s Next for Zoom
Secure Transport Apr 2020 4
ZeroTier 2.0 Mar 2020 2 ZeroTier ๐Ÿ“„
Standard Notes Mar 2020 1 Standard Notes Completes Crypto Audit ๐Ÿ“„
Voatz Feb 2020 12 Voatz, Tusk ๐Ÿ“„๐Ÿ“›
Vault Feb 2020 12
Voice Jan 2020 4
Sweet B Jan 2020 4 Western Digital ๐Ÿ“„
SanDisk X600 May 2019 6 Multiple vulnerabilities in SanDisk X600 ๐Ÿ“„
Azure Sphere Jun 2019 12
Project Callisto Aug 2018 5
zlib Sep 2016 1 ๐Ÿ“„

Cloud-Native Reviews

Product Date Level of
Effort
Announcement Report
KEDA Dec 2022 6 Our Audit of Kubernetes Event Driven Autoscaling (KEDA) is Complete! ๐Ÿ“„
Terraform Enterprise Nov 2022 6
Nomad Enterprise Nov 2022 6
HashiCorp Cloud Jun 2022 9
Tekton Mar 2022 4 Tekton Security Review Completed ๐Ÿ“„
Linkerd Feb 2022 4 ๐Ÿ“›๐Ÿ“„โœ…
CoreDNS Jan 2022 4 ๐Ÿ“„
Terraform Enterprise Nov 2021 6
Nomad Enterprise Nov 2021 6
Consul Enterprise Oct 2021 6
Vault Enterprise Oct 2021 6
HashiCorp Cloud Jun 2021 8
Argo Mar 2021 4 ๐Ÿ“›๐Ÿ“„
Terraform Cloud Jan 2021 6
Consul Oct 2020 10
Nomad Aug 2020 6
Helm Aug 2020 4 Helm 2nd Security Audit ๐Ÿ“„
Terraform Mar 2020 6
OPA Mar 2020 2 Open Policy Agent (OPA) Graduation Proposal ๐Ÿ“„
etcd Jan 2020 4 CNCF ๐Ÿ“„
Rook Dec 2019 2 CNCF ๐Ÿ“„
Kubernetes May 2019 12 Google, CNCF ๐Ÿ“›๐Ÿ“„๐Ÿ“ฐ

Blockchain Reviews

Algorand

Product Date Level of
Effort
Announcement Report
Folks Finance Protocol Nov 2022 6
wXTZ Nov 2020 4 ๐Ÿ“„
wALGO Nov 2020 4 ๐Ÿ“„
Meld Gold Jul 2020 2
Algorand Mar 2019 14 Success and momentum of Algorand
Pixel Dec 2019 4

Avalanche

Product Date Level of
Effort
Announcement Report
Alkimiya Silica V2 Jun 2022 6
Ava Labs Apr 2022 8
Flare Network Mar 2021 8

Bitcoin & Derivatives

Product Date Level of
Effort
Announcement Report
STAS SDK Oct 2021 4
STAS-JS SDK Sept 2021 4
Bitcoin SV Jan 2021 6
Zcoin Jul 2020 2 Lelantus Cryptographic Library Audit Results ๐Ÿ“„
Zcash Apr 2020 3 Heartwood security assessment results ๐Ÿ“„
Zcash Nov 2019 6 NU3, Blossom, and Sapling security reviews ๐Ÿ“„
Zcash Nov 2019 6 ๐Ÿ“„
Paymail Protocol Nov 2019 7
Bitcoin SV Nov 2018 12
Simple Ledger Oct 2019 3
ZecWallet Apr 2019 2 ๐Ÿ“„
RSKj Nov 2017 6 RSK security audit results ๐Ÿ“„

Ethereum/EVM

Product Date Level of
Effort
Announcement Report
Primitive Hyper Jan 2023 8
Polygon Edge Jan 2023 6
Optimism Dec 2022 8
Paxos Dec 2022 1
GameStop iOS Web Wallet Nov 2022 1
GSquared Oct 2022 6 ๐Ÿ“„โœ…
Meson Protocol Oct 2022 6 ๐Ÿ“„โœ…
Managed pool smart contracts Oct 2022 4 ๐Ÿ“„
Ondo Oct 2022 4 ๐Ÿ“„โœ…
Maple Protocol v2 Sep 2022 8 ๐Ÿ“„โœ…
Increment Protocol Sep 2022 4 ๐Ÿ“„โœ…
Subspace Network Desktop Farmer Sep 2022 2 ๐Ÿ“„โœ…
Optimism Sep 2022 16 ๐Ÿ“„
Nayms Sep 2022 6
Aggregator Aug 2022 2
The Franchiser Aug 2022 3
Meson Protocol Jul 2022 0.6 ๐Ÿ“„
Relay Jul 2022 1
Beanstalk Jul 2022 8
Purpose for Profit Jul 2022 3
Reserve Protocol Jul 2022 8
Solon Jul 2022 6
Roll Jul 2022 2
Ante Protocol May 2022 2 ๐Ÿ“„โœ…
Sherlock Jun 2022 4
FlareFinance Jun 2022 4
TBTv2 Jun 2022 6
Morpho Jun 2022 4 @trailofbits security audit of Morpho ๐Ÿ“„
Relayer Contracts Jun 2022 2
AuctionRaffle May 2022 2
Seaport Protocol May 2022 4 Introducing Seaport Protocol ๐Ÿ“„
Shell Protocol v2 May 2022 4 ๐Ÿ“„
Optimism Apr 2022 6
NFTX Apr 2022 4 Trail of Bits Audit ๐Ÿ“„
Frax May 2022 4 ๐Ÿ“„
ReserveLending+ Apr 2022 4 Security Audit for ReserveLending+
Firefly Apr 2022 4
GameStop Wallet Mar 2022 2 GameStop wallet for cryptocurrencies
and NFTs
Gyroscope Mar 2022 6
LooksRare Mar 2022 4 ๐Ÿ“„
Symbiosis Mar 2022 2
RAILGUN Feb 2022 4
RAILWAY Feb 2022 4
Persistence ETH2.0 Feb 2022 4
Advanced Blockchain Feb 2022 6 ๐Ÿ“„
Perpetual Protocol V2 Feb 2022 4 ๐Ÿ“„
Futureswap V4.1 Feb 2022 4
Firefly Feb 2022 8
API3 Feb 2022 8 ๐Ÿ“„
Beethoven X Feb 2022 1 ๐Ÿ“„
Minterest Finance Jan 2022 6
pSTAKE Jan 2022 6
Primitive Jan 2022 8 Primitive RMM smart contracts audit by @trailofbits ๐Ÿ“„
Strips Finance Jan 2022 8
Cardstack Dec 2021 4
Frax Dec 2021 4 ๐Ÿ“„
Sherlock Protocol V2 Dec 2021 4 ๐Ÿ“„
Maple Nov 2021 4 Maple Loans Audit Reports ๐Ÿ“„
Advanced Blockchain Nov 2021 6 ๐Ÿ“„
Opyn Nov 2021 6 ๐Ÿ“„
Aave V3 Nov 2021 12
Tokemak Oct 2021 3
Fuji Finance Oct 2021 6 ๐Ÿ“„
V2 Vault Oct 2021 4
Yield V2 Sept 2021 6 ๐Ÿ“„
Gro protocol Sept 2021 2
Futureswap V4 Sept 2021 6
RocketPool Aug 2021 5 ๐Ÿ“„
AlphaX Aug 2021 6
Bug Bounty Platform Aug 2021 8
88mph V3 Aug 2021 6 ๐Ÿ“„
Timeswap Jul 2021 2
CompliFi Jul 2021 6 ๐Ÿ“„
Optics Jul 2021 2
FlareFinance Jun 2021 4
Uniswap V3 Staker Jun 2021 2
Abyss Lockup Jun 2021 2
Futureswap V3 Jun 2021 6
CompliFi Jun 2021 6
Syndicate May 2021 4
Opyn Gamma May 2021 6 ๐Ÿ“„
Frax May 2021 4 ๐Ÿ“„
Yearn v2 Vaults Apr 2021 6 ๐Ÿ“„
DFX Finance Apr 2021 6
Tokemak Apr 2021 1
Warp Contracts Apr 2021 6 Completion of Trail of Bitsโ€™ Audit ๐Ÿ“„
FlareFinance Apr 2021 3
MC Dai Mar 2021 6
Uniswap V3 Mar 2021 10 Introducing Uniswap V3 ๐Ÿ“„
dForce Lending Mar 2021 6
Liquity Proxy Contract Feb 2021 0.57 ๐Ÿ“„
Liquity Protocol Feb 2021 8 ๐Ÿ“„
RAY-DAO Feb 2021 4
Futureswap Jan 2021 2
Balancer V2 Jan 2021 6
C.R.E.A.M. Jan 2021 1 ๐Ÿ“„
LUSD Dec 2020 8 ๐Ÿ“„
Origin Dollar Nov 2020 4 Origin Dollar Relaunches ๐Ÿ“„
Zerion SDK Nov 2020 4
Teller Protocol Nov 2020 4
Hermez Nov 2020 4 Hermez Second Audit, by Trail of Bits ๐Ÿ“„
Graph Protocol Oct 2020 3
OVM Oct 2020 6
Prysm Sep 2020 6
DODO Sep 2020 3 ๐Ÿ“„
Yield Protocol Aug 2020 6 ๐Ÿ“„
Smart Pool Aug 2020 1
DeFiner Aug 2020 1
ETH2.0 Deposit CLI Aug 2020 4 ๐Ÿ“„
Argent Aug 2020 4
CurveDAO Jul 2020 6 ๐Ÿ“„
Amp Jul 2020 3 ๐Ÿ“„
Federated Bridge Jul 2020 1
dForce dToken Jul 2020 2 ๐Ÿ“„
Matic Jun 2020 4
Lighthouse Jun 2020 4
tBTC May 2020 6 ๐Ÿ“„
QTUM Apr 2020 0.43 ๐Ÿ“„
Hegic Apr 2020 0.43 ๐Ÿ“„
Golem Network Mar 2020 2
Reddit Mar 2020 1 A New Frontier
Chai Feb 2020 0.28 ๐Ÿ“„
Compound Feb 2020 2 ๐Ÿ“„
WorkLock Jan 2020 2 WorkLock Security Audit ๐Ÿ“„
Balancer Jan 2020 4 ๐Ÿ“„
Curve.fi Jan 2020 1 ๐Ÿ“„
Livepeer Oct 2019 3
Topo Finance Oct 2019 4
0x Protocol Oct 2019 10 ๐Ÿ“„
Dharma Wallet Oct 2019 4 ๐Ÿ“„
Flexa Sep 2019 2 Announcing Flexa Capacity ๐Ÿ“„
AZTEC Protocol Sep 2019 10 ๐Ÿ“„
Oasis Labs Sep 2019 13
Aave Protocol Sep 2019 4 ๐Ÿ“„
MC Dai Aug 2019 13 MCD Security Roadmap Update: Oct 2019 ๐Ÿ“„
Staked Aug 2019 4
Compound Aug 2019 2 ๐Ÿ“„
Computable Jul 2019 8 Computable Contract Audit ๐Ÿ“„
Numerai May 2019 3 NMR 2.0 is now live! ๐Ÿ“„
MerkleX May 2019 4
TokenCard May 2019 5 ๐Ÿ“„
Unity Coin Apr 2019 1
Compound Apr 2019 8 Compound v2 is Live ๐Ÿ“„
Ocean Protocol Mar 2019 4 One Protocol. One Network. One Community
UMA Project Mar 2019 3
Centrifuge Mar 2019 5
Nomisma Mar 2019 1
Reserve Protocol Mar 2019 1 ๐Ÿ“„
Set Protocol Mar 2019 5 The Road to MainNet ๐Ÿ“„
NuCypher Feb 2019 4 Security Audits (Round 2) ๐Ÿ“„
AMP StableWire Jan 2019 1
EIP-1283 Jan 2019 1 Constantinople Security Update ๐Ÿ“„
Ampleforth Nov 2018 4 Security Audits with Trail of Bits ๐Ÿ“„
Origin Protocol Nov 2018 4 How We Approach Security at Origin ๐Ÿ“„
Paxos Standard Oct 2018 4 ๐Ÿ“„
Basecoin Oct 2018 12 ๐Ÿ“„
Pantheon Oct 2018 8 What we learned auditing our Ethereum
client
๐Ÿ“„
Compound Sep 2018 12 Compound launches money markets
NuCypher Aug 2018 12 Security audits: round 1 ๐Ÿ“„
CENTRE Jul 2018 4 Designing an upgradeable Ethereum contract
Bloom Jul 2018 1 Bloom development update
Gemini Dollar Jun 2018 8 Stablecoins: Understanding Counterparty Risk ๐Ÿ“„
Dharma May 2018 1 Dharma protocol v1 is live on mainnet
Golem Apr 2018 4 Smart contracts: audit report ๐Ÿ“„
LivePeer Mar 2018 4 Livepeer security audit results ๐Ÿ“„
DappHub Dec 2017 8 ๐Ÿ“„
MakerDAO Sai Oct 2017 8 Single-collateral Dai security reviews ๐Ÿ“„
Omega One Aug 2017 6

NervOS

Product Date Level of
Effort
Announcement Report
xUDT Jun 2021 2
Nervos -RSA Mar 2021 4
Nervos SUDT Oct 2020 6 ๐Ÿ“„
Cheque Cell & ORU Feb 2021 8
Force Bridge - Solidity Feb 2021 4
Force Bridge - Rust Feb 2021 3

StarkWare

Product Date Level of
Effort
Announcement Report
Nostra Dec 2022 8
StarkGate Dec 2022 2
StarkEx Oct 2022 1
StarkNet token Jul 2022 1
StarkPerpetual Jan 2022 8
StarkEx Nov 2021 8

Solana

Product Date Level of
Effort
Announcement Report
Solana Apr 2022 12

Substrate

Product Date Level of
Effort
Announcement Report
ParaSpace Dec 2022 1 ๐Ÿ“„
ParaSpace Nov 2022 7 ๐Ÿ“„โœ…
Parallel Finance Mar 2022 6 ๐Ÿ“„
Polkadex Feb 2022 10
Polkadex Dec 2021 4
PINT Sept 2021 4
Polkaswap Jul 2021 6
AlephBFT Jun 2021 4 ๐Ÿ“„
Acala Network Jun 2021 4
Compound Chain May 2021 6
Acala Network Jan 2021 6 ๐Ÿ“„
Parity Fether Aug 2019 4
Parity Jul 2018 12 Parity completes Trail of Bits security review ๐Ÿ“„

Tendermint/Cosmos

Product Date Level of
Effort
Announcement Report
Umee Feb 2022 8 ๐Ÿ“„
Columbus-5 Jan 2022 2
IBC Protocol Dec 2021 4
THORChain Aug 2021 12
Tendermint Mar 2019 12
ndau Nov 2018 8 ndau Holders Elect Inaugural Policy Council

Tezos

Product Date Level of
Effort
Announcement Report
Kolibri Apr 2022 4
Tezori (T2) Dec 2020 4 ๐Ÿ“„
Tezori Jul 2018 2 Thanks to @trailofbits for their security review
Magma Jun 2020 1 ๐Ÿ“„
Dexter Jun 2020 4 ๐Ÿ“„

Other/Multi-Chain

Product Date Level of
Effort
Announcement Report
DFINITY Canister Sandbox Sept 2022 2 ๐Ÿ“„โœ…
DFINITY Threshold ECDSA
& BTC Canisters
Sept 2022 4 ๐Ÿ“„โœ…
MobileCoin Jul 2022 2 ๐Ÿ“„
CAT Standard Jun 2022 8
FROST BLS Protocols Jul 2022 12
SORA Trustless Bridge Jul 2022 8
DFINITY Threshold ECDSA May 2022 8
Arbitrum Nitro Mar 2022 16
DeGate Feb 2022 4 ๐Ÿ“„
ShardX Dec 2021 2
DeGate Dec 2021 4
Threshold-DSA Nov 2021 6
DFINITY Consensus Nov 2021 2 Internet Computer Consensus: Security
Assessment
๐Ÿ“„
PolySign HSM Oct 2021 6
Hop Protocol V2 Sept 2021 4
Golden Gate Library Sept 2021 1
PolySign Sept 2021 6
Qredo Blockchain Sept 2021 6
Arbitrum Sept 2021 16
go-schnorrkel Aug 2021 4
ShardX Aug 2021 4
Casper Web Wallet Jul 2021 4 ๐Ÿ“„
AElf Jul 2021 4
CrossChain-Bridge Jul 2021 8
Open Oracle Apr 2021 2
DFINITY May 2021 24 ๐Ÿ“„
Arbitrum V2 Feb 2021 8
Fog Protocol Jan 2021 4 ๐Ÿ“„
eFIL Jan 2021 2
MobileCoin BFT Oct 2020 4 ๐Ÿ“„
Highway Consensus Nov 2020 4 ToB Audit of the Casper Highway Protocol ๐Ÿ“„
Stacks V2 Sep 2020 6
MobileCoin Aug 2020 4 ๐Ÿ“„
VRFs Aug 2020 2
Arbitrum Jul 2020 6
MYKEY Jul 2020 4
Symbol Jul 2020 4 Symbol from NEM completes Trail of Bits
Security Audit
๐Ÿ“„
Ledger Filecoin Jul 2020 2 ๐Ÿ“„
Chainlink Jun 2020 8
Chainlink Flux May 2020 4
Elrond Mar 2020 6
EOSIO SDK Jan 2020 4
NEAR Protocol Nov 2019 8
EOSIO 2.0 Oct 2019 8
Status-go Oct 2019 9
Celo Sep 2019 8
Blockchain.com Aug 2019 4
RandomX Jun 2019 2 Monero and Arweave to Validate RandomX ๐Ÿ“„
Interest Token May 2019 0.28
Loom May 2019 10 Loom SDK Q1 2019 Security Audit
Building Blocks Aug 2018 7 UN WFP uses Ethereum to aid 100,000
refugees
Web3 Mar 2018 2 W3F and TOB hardware wallet security
guidance
๐Ÿ’ฌ

Disclosures

Product Date CVE CVSS Exploits Report
SQLite Jul 2022 CVE-2022-35737 7.5 Crash
Live lock
Code execution
๐Ÿ’ฌ

Workshops

Workshop Title Venue Date
Smart Contract Security Automation Workshop TruffleCon 2019 Oct 2019
Manticore EVM Workshop Devcon4 2018 Nov 2018
Introduction to Smart Contract Exploitation GreHack 2018 Nov 2018
DeepState: Bringing Vulnerability Detection Tools into the Dev Cycle SecDev 2018 Oct 2018
Smart Contract Security Automation Workshop TruffleCon 2018 Oct 2018
Smart Contract Security Automation Workshop ETH Berlin 2018 Sep 2018
Manticore EVM Workshop EthCC 2018 Mar 2018
Manticore Workshop GreHack 2017 Oct 2017

Legend

Icon Definition
๐Ÿ’ฌ Blog post or other social media
๐Ÿ“„ Security Assessment report
โœ… Fix review report
๐Ÿ“› Threat Model report
๐Ÿ“ฐ Whitepaper
Header Definition
Level of Effort Defined in person-weeks for the project

publications's People

Contributors

dguido avatar carampearson avatar montyly avatar woodruffw avatar ggrieco-tob avatar cdahlheimer avatar lojikil avatar agroce avatar traviswpeters avatar esultanik avatar mike-myers-tob avatar svv232 avatar quend avatar james-miller-93 avatar mgcolburn avatar offlinemark avatar pgoodman avatar feliam avatar gregotto avatar bnknkl avatar blperez01 avatar reaperhulk avatar incertia avatar yan avatar snd avatar roleengineer avatar hacker-dom avatar dvaliant avatar artemdinaburg avatar 0xalpharush avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.