Etherscan Source Fetchers - Fetches verified smart contract source code from Etherscan for automated vulnerability analysis.
Binary Analysis - Trail of Bits lifts machine code to an intermediate representation and performs dynamic symbolic execution, taint analysis, and constraint solving on native binaries.
Smart Contract Analysis - Extracts and reports structural and functional properties of smart contracts such as inheritance and control flow.
Control Flow Analysis - Constructs call graphs and control-flow graphs from smart contract bytecode to trace execution paths and identify unsafe code patterns.
Custom Rule Frameworks - Provides a Python API for writing and running custom static analysis checks on smart contracts.
Source Code Loaders - Loads Solidity and Vyper source files into an internal representation for subsequent static analysis.
Smart Contract Auditing - Trail of Bits scans Solidity and Vyper source files for security vulnerabilities using static analysis.
Programmable Analysis Frameworks - Provides a programmable Python API for building custom security analyses and detectors on contract code.
Smart Contract Security - Runs as a command-line tool or CI integration to enforce security rules and catch bugs in smart contracts.
Fuzzing Engines - Uses a dedicated fuzzing framework to automatically generate and test edge-case inputs against contract logic.
Vulnerability Detection - Identifies common security issues like reentrancy and integer overflows using a built-in rule set.
Analysis Integration APIs - Provides a Python API for building custom analyses and integrating vulnerability detection into workflows.
Code Analysis APIs - Provides a programmable Python API for writing and executing custom analysis rules against smart contract code.
Missing transferFrom Parameter Detectors - Trail of Bits warns when msg.sender is not used as the from parameter in transferFrom, allowing an attacker to drain another user's approved tokens.
Security Scanners - Detects reentrancy, integer overflows, and access control flaws in Ethereum smart contracts before deployment.
Static Analysis Configurations - Allows users to select, exclude, or configure detectors and printers through CLI flags and JSON config files.
CI/CD Pipeline Integrations - Runs automated vulnerability scans as part of continuous integration pipelines to catch issues before deployment.
CI Pipeline Integrators - Runs as part of continuous integration workflows including GitHub Actions and pre-commit hooks.
Unchecked Transfer Return Detectors - Trail of Bits identifies when the return value of an external transfer/transferFrom call is not checked.
Intermediate Representations - Transforms Solidity and Vyper source code into an intermediate representation for analysis.
Timing Attack Prevention - Trail of Bits develops constant-time coding support for LLVM using intrinsics that preserve constant-time properties throughout compilation, protecting cryptographic implementations.
Python Code Analysis Libraries - Exposes the IR and analysis primitives as a Python library for custom detectors and analysis passes.
Custom Detection Rules - Provides a Python API that lets developers write and integrate their own vulnerability detection rules.
tx.origin Abuse Detectors - Trail of Bits identifies tx.origin-based protection that can be abused by a malicious contract.
Structured Finding Generators - Trail of Bits returns a list of findings with supporting information that can include contract objects and text.
Source Code Vulnerability Scanning - Trail of Bits scans source code with static analysis and fuzzing to find security flaws without manual effort.
Solidity Vulnerability Detectors - Identifies common security patterns like unprotected selfdestruct and delegatecall misuse in Solidity contracts.
Unprotected Initializer Detections - Trail of Bits finds logic contracts in proxy patterns that lack a constructor to prevent initialize from being called directly.
Control-Flow Graph Generation - Builds per-function control flow graphs from the IR to enable path-sensitive analysis and vulnerability detection.
Custom Analysis Rules - Provides a Python API to write and integrate user-defined static analysis checks for contract structure and state variables.
Unprotected Variable Detectors - Trail of Bits identifies variables marked as protected that are not actually protected.
Detector-Based Plugin Architectures - Each vulnerability check is implemented as an independent detector module that registers with the framework.
Static Analysis Extensions - Adds new vulnerability detectors that run from the command line by subclassing a base class.
Static Analysis Rule Engines - Provides a framework for writing and running user-defined analysis rules and detectors on smart contract codebases.
Smart Contract Call Graph Resolvers - Resolves contract inheritance hierarchies and inter-contract call graphs to detect shadowing and reentrancy.
Unprotected State Variable Detectors - Trail of Bits flags variables marked with write-protection annotations that can still be modified by functions lacking the required access control.
Static Analysis - Accepts a project directory or single file and performs static analysis using the underlying compilation framework.
Fuzz Testing - Automatically generates and tests edge-case inputs against smart contracts to discover vulnerabilities.
Static Code Analysis - Scans Solidity and Vyper source code for security vulnerabilities using static analysis without executing the code.
Custom Configuration Extensions - Provides a Python API that lets developers write their own static analyses and detectors for smart contracts.
View/Pure Function Mislabel Detectors - Trail of Bits identifies functions declared as constant/pure/view that change the state, potentially trapping contracts compiled with Solidity 0.5.
Vyper Analyzers - Checks Vyper smart contracts for logic errors and security weaknesses through automated static analysis.
Invariant Verifications - Trail of Bits checks that user-specified properties written in Solidity hold for all possible contract executions using symbolic execution.
State Variable Shadowing Detectors - Trail of Bits flags derived contracts that redeclare state variables from their base contracts, breaking inherited modifiers and functions.
Application Integrity Evaluations - Trail of Bits checks for code integrity bypasses in Electron apps by analyzing V8 heap snapshot tampering risks.
Implementation Audits - Trail of Bits detects flaws in blockchain ABI parsers and threshold signature schemes that could enable denial-of-service or key compromise.
On-Chain State Seeders - Initializes fuzzers with values fetched from a live blockchain to increase real-world vulnerability discovery.
VSCode Extension Exploits - Trail of Bits finds and exploits vulnerabilities in VSCode extensions and the editor itself for lateral movement.
Analysis Result Exporters - Outputs structured analysis data such as inheritance graphs using a selected printer module.
LLM-Powered Code Graphs - Transforms source code into a graph structure that powers LLM skills for security analysis.
CodeQL Variant Analysis - Downloads pre-built CodeQL databases and runs custom queries against them, displaying results in the terminal.
Interface Definition Generators - Creates Solidity interface definitions from compiled contract artifacts for easier integration.
Semantic Code Clone Detection - Finds copied or vendored code across repositories using semantic fingerprinting and traces it to the source commit.
Missing Dependency Detection - Finds packages a software project needs by observing runtime behavior rather than self-reported requirements.
Analysis Suppressions - Supports suppressing individual findings by marking specific lines or code blocks to be ignored by a named detector.
Blockchain - Retrieves verified source code from Etherscan and feeds it through the same compilation and analysis pipeline.
Weak Key Detectors - Detects biased or weak RSA and DSA keys using polynomial-based cryptanalysis techniques.
Weak Key Factorings - Recovers private keys from vulnerable RSA and DSA moduli using polynomial-based cryptanalysis.
Dangerous Default IV Detections - Trail of Bits identifies AES libraries that provide dangerous default initialization vectors (IVs), leading to key/IV reuse vulnerabilities affecting many projects.
Deserialization Security - Exploits Ruby Marshal deserialization vulnerabilities by bypassing patches through repeated research.
Circom Circuit Security - Integrates into a development CLI to help identify and fix security issues in Circom circuits.
Signature Forgery Exploitations - Trail of Bits discovers vulnerabilities in elliptic curve libraries that allow signature forgery or prevent valid signature verification.
Vulnerability Disclosures - Trail of Bits discovers and discloses vulnerabilities in elliptic curve libraries that could allow signature forgery or prevent valid signature verification.
Saved Balance Reentrancy Detectors - Trail of Bits flags reentrancy vulnerabilities where a balance is saved before an external call and checked again after, allowing manipulation.
Non-Interactive Proof Transformations - Applies the Fiat-Shamir transform to convert interactive ZK protocols into non-interactive verifiable documents.
Post-Quantum Cryptographic Operations - Trail of Bits provides open-source Go implementations of ML-DSA and SLH-DSA, enabling post-quantum cryptographic signing.
RSA Cryptanalysis - Applies polynomial-based cryptanalysis to factor weak RSA and DSA keys with biased bits.
Electron Code Integrity Bypasses - Trail of Bits tampers with V8 heap snapshot files to bypass code integrity checks and install local backdoors in Electron applications.
Interactive Triage Workflows - Prompts users to hide or keep each finding, saving decisions to a database for future analysis runs.
Ruby Code Fuzzings - Runs coverage-guided fuzzing on pure Ruby code and Ruby C extensions using an advanced fuzzing engine.
Exploit Crafting - Trail of Bits designs reliable and discreet prompt injection exploits targeting AI agents like GitHub Copilot.
AES Implementations - Trail of Bits identifies AES libraries that provide dangerous default initialization vectors, leading to key/IV reuse vulnerabilities in thousands of projects.
Vulnerability Pattern Identifications - Trail of Bits detects six common vulnerability patterns in ERC-4337 smart accounts after auditing dozens of implementations.
Security Rule Development - Trail of Bits uses a set of public Semgrep rules, including regex mode and HCL language support, to find security issues in codebases.
Enclave Build Verification - Creates reproducible builds for SGX enclaves so anyone can verify the enclave runs the claimed source code.
Bytecode Vulnerability Inspections - Trail of Bits inspects Solidity and Vyper bytecode for common vulnerability patterns and logic errors.
Detector Severity Thresholds - Skips all detectors that report findings at or below a configurable severity level during analysis.
Runtime Dependency Observers - Determines software dependencies by observing runtime behavior rather than reading declared requirements.
Mutation Testing Frameworks - Introduces small code changes to measure whether existing tests detect injected faults.
SARIF Integrations - Serializes analysis results into SARIF, JSON, or human-readable formats for CI and IDE integration.
Editor-Integrated SARIF Browsers - Displays static analysis results from SARIF files inside the editor with navigation and filtering capabilities.
LLM-Augmented - Integrates language models to supply precise static analysis results for automated code review.
Raw Storage Inspectors - Reads raw storage values from deployed contracts for debugging or analysis purposes.
Smart Contract Fuzzing - Explores contract code paths using coverage-guided fuzzing to discover deep state vulnerabilities.
Runtime Data Mutations for Fuzzing - Creates fuzzing inputs by mutating values observed during execution and insights from static analysis.
Smart Contract Reports - Produces human-readable summaries, inheritance graphs, call graphs, and other structured reports about contract structure.
Selective Detector Activation - Runs only a user-specified subset of vulnerability detectors, excluding all others from the analysis.
Unicode Override Character Detections - Trail of Bits finds Unicode right-to-left override characters in source code that can be used to hide malicious logic.
