Part 2: Improving crypto code in Rust using LLVM’s optnone

By Henrik Brodin Let’s implement crypto! Welcome to the second part of our posts on the challenges of implementing constant-time Rust code. Part 1 discussed challenges with constant-time impl…

Part 1: The life of an optimization barrier

By Fredrik Dahlgren Many engineers choose Rust as their language of choice for implementing cryptographic protocols because of its robust security guarantees. Although Rust makes safe cryptographic…

C your data structures with rellic-headergen

By Francesco Bertolaccini Have you ever wondered how a compiler sees your data structures? Compiler Explorer may help you understand the relation between the source code and machine code, but it do…

Toward a Best-of-Both-Worlds Binary Disassembler

By Stefan Nagy This past winter, I was fortunate to have the opportunity to work for Trail of Bits as a graduate student intern under the supervision of Peter Goodman and Artem Dinaburg. During my …

Celebrating our 2021 Open Source Contributions

At Trail of Bits, we pride ourselves on making our best tools open source, such as algo, manticore, and graphtage. But while this post is about open source, it’s not about our tools… In 2021, Trail…

Disclosing Shamir’s Secret Sharing vulnerabilities and announcing ZKDocs

By Filipe Casal and Jim Miller Trail of Bits is publicly disclosing two bugs that affect Shamir’s Secret Sharing implementation of Binance’s threshold signature scheme library (tss-lib) and most of…

What does your code use, and is it vulnerable? It-depends!

You just cloned a fresh source code repository and want to get a quick sense of its dependencies. Our tool, it-depends, can get you there. We are proud to announce the release of it-depends, an ope…

Detecting MISO and Opyn’s msg.value reuse vulnerability with Slither

By Simone Monica On August 18, 2021, samczsun reported a critical vulnerability in SushiSwap’s MISO smart contracts, which put ~350 million USD (109 thousand ETH) at risk. This issue is similar to …

What does your code use, and is it vulnerable? It-depends!

You just cloned a fresh source code repository and want to get a quick sense of its dependencies. Our tool, it-depends, can get you there. We are proud to announce the release of it-depends, an ope…

All your tracing are belong to BPF

By Alessandro Gario, Senior Software Engineer Originally published August 11, 2021 TL;DR: These simpler, step-by-step methods equip you to apply BPF tracing technology to real-word problems—no spec…