Trail of Bits

Analyzes smart contract codebases to identify state-changing entry points for security auditing — categorizes by access level and generates structured audit reports.

Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding.

Security-focused differential review of code changes (PRs, commits, diffs) — calculates blast radius and generates markdown reports.

Find similar vulnerabilities across codebases using pattern-based analysis — hunt bug variants, build CodeQL/Semgrep queries, and perform systematic code audits.

Detects timing side-channel vulnerabilities in cryptographic code across C, C++, Go, Rust, Swift, Java, Kotlin, C#, PHP, JS, TS, Python, and Ruby.

Verifies code implements exactly what documentation specifies for blockchain audits — finds gaps between specs and implementation.

Detects fail-open insecure defaults — hardcoded secrets, weak authentication, and permissive security configurations that allow apps to run insecurely in production.

Identifies error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes — evaluates "secure by default" principles.

Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns.

Creates language variants of existing Semgrep rules — ports rules to target languages with independent test directories.

Configures Python projects with modern tooling (uv, ruff, ty) — creating projects, standalone scripts, and migrating from pip/Poetry/mypy/black.

Guidance for property-based testing across multiple languages and smart contracts — stronger coverage than example-based tests.

Identifies dependencies at heightened risk of exploitation or takeover — assesses supply chain attack surface and dependency health.

Guides authoring of high-quality YARA-X detection rules for malware identification — naming conventions, string selection, performance, and false positive reduction.

Detects missing zeroization of sensitive data in source code and zeroization removed by compiler optimizations — assembly-level analysis.

Audits GitHub Actions workflows for security vulnerabilities in AI agent integrations — detects prompt injection via env var patterns and dangerous sandbox configs.

Scans Android APKs for Firebase security misconfigurations — open databases, storage buckets, authentication issues, and exposed cloud functions.

Skill for searching and exploring Burp Suite project files (.burp) from the command line, including regex search over response bodies and audit finding extraction.

Expertise for analyzing DWARF debug files and understanding the DWARF debug format/standard (v3-v5).

Prepares codebases for security review using Trail of Bits checklist — sets review goals, runs static analysis, increases test coverage.

Analyzes token implementations for ERC20/ERC721 conformity, checks 20+ weird token patterns, and evaluates protocol handling of non-standard tokens.

Systematic 9-category code maturity assessment for smart contracts — arithmetic safety, access controls, complexity, MEV risks, and testing.

Techniques for writing effective fuzzing harnesses across languages — creating new fuzz targets and improving existing harness code.

AFL++ fuzzer with advanced features — multi-core fuzzing of C/C++ projects with better performance than original AFL.

De facto fuzzing tool for Rust projects using Cargo with libFuzzer backend.

Coverage-guided Python fuzzer based on libFuzzer — fuzzing pure Python code and Python C extensions.

Scans codebases for security vulnerabilities using CodeQL interprocedural data flow and taint tracking — supports full and important-only scan modes.

Runs Semgrep static analysis with parallel subagents — full ruleset and high-confidence security scan modes with Semgrep Pro cross-file taint analysis.

Smart contract development advisor based on Trail of Bits best practices — analyzes architecture, upgradeability, dependencies, and testing.