Blockchain

Our Design Assessment analyzes the fundamental design of the system. We assess the system architecture and component specifications, identify potential security shortcomings, and offer tailored risk mitigation strategies. We can also assess the testing strategies, emphasizing the effective use of security tools throughout the development life cycle. Finally, we provide customized solutions that address your concerns and enhance security.

• Strategic solution analysis

  We assess the proposed end-to-end solution to pinpoint potential security blockers and offer risk mitigations. We discuss the deployment plan and provide guidance on integrating an incident response plan and a monitoring strategy early on in the process.

• Component-level recommendations

  We assess component specifications, emphasizing high-level considerations such as arithmetic risks, access controls, and upgradeability. Additionally, we analyze risks tied to external interactions, such as oracles or third-party DeFi components. We evaluate alignment and interaction with the system for components integrating into existing codebases, including potential risks in live protocol deployment.

• Advanced testing techniques and tooling guidance

  We identify how to efficiently leverage security tools (e.g., static analyzer, fuzzing, formal verification methods) and advise you on what techniques to prioritize at various SDLC stages. We also guide training and upskilling opportunities related to using security tools.

• Customized client solutions

  We discuss your explicit concerns in detail, customizing our work to address your specific questions. Leveraging our extensive expertise, we can answer questions beyond the scope of blockchain protocols and cover cryptographic and application security concerns.

Leveraging a design review provides immediate feedback, minimizing project risks, saving development time and costs by reducing the need for late-stage refactoring.

Explore our Design Assessments: Public Report for Meson

The Early Stage Assessment provides guidance and recommendations that will aid your developers for the long term of the project. This service is a perfect fit for projects that are early on in their SDLC but are ready to receive feedback. This includes projects for which the code is not finalized or is nonexistent, the documentation and testing are ongoing, and the technical solution may evolve.
We can guide projects that build smart contracts, bridges, decentralized finance, and decentralized gaming applications. We also have strong in-house expertise on blockchain nodes and have worked with numerous geth-based projects.

• Lightweight Code Review

  We review the code in order to understand the technical solution. While we won't look for in-depth vulnerabilities during an early stage review, we will identify surface-level bugs and look for low hanging fruits.

• Architecture recommendations

  We evaluate the architectural choices and look for risky designs. We review the access controls and look for an adequate separation of privileged actors. We look for ways to reduce the code complexity, such as improvements in the code modularity or inheritance. We also evaluate if the system's decentralization is adequate with respect to what is advertised, including for future decentralization’s plans. We look for improvements in the on-chain and off-chain logic separation. Finally we also review the upgradeability schema, including the overall structure, the adequate usage of upgradeability and migration, and the integration of pausablable-like mechanism..

• Risk mitigation recommendations

  We identify existing risks and propose mitigation strategies. We assess whether the system is designed with maximum extractable value (MEV) risks in mind. We also check whether an oracle integration properly accounts for its underlying risks. Additionally, we evaluate the protocol’s reliance on blockchain risks (e.g., reorgs) and identify potential gaps in the handling of common ERCs. Finally, we assess the reliance and risks related to third-party component integration.

• Security gap identification

  We identify any areas that do not align with security best practices, including gaps and misplaced priorities in the project documentation. We also evaluate whether the testing strategy is sufficient for the long-term health of the project. Additionally, we review the monitoring plan and evaluate whether events—or similar logging information—are sufficient to identify issues in the system and recover in case of incidents. Finally, we evaluate the use of automated tools and provide recommendations about how to more effectively use tools.

• Tailored design recommendations

  We adapt our assessment based on the project’s unique needs and requirements and provide recommendations tailored to the protocol business logic.

• Codebase maturity evaluation

  We evaluate the maturity of the codebase from a security standpoint and provide actionable recommendations to help developers write more secure code in the long term.

This service helps projects to set a strong security foundation, receive expert recommendations earlier, and reduce costs by preventing late refactoring.

Enhance your blockchain security with our Invariant Testing & Development, which focuses exclusively on identifying, developing, and testing invariants. While security reviews typically contain some development of invariants in areas believed to contain bugs, this service is focused entirely on invariants to achieve a more holistic approach to long-term security.

• Invariant identification

  Our skilled engineers collaborate with your team to pinpoint invariants for your system. These may include function- or system-level invariants. We'll specify these and their preconditions not just in code but in plain English, ensuring a tailored approach for your development.

• Invariant writing

  We translate invariants into Solidity and determine the optimal testing method (internal, external, or partial testing), create necessary wrappers, and establish fuzzing initialization with contract deployments and preconditions. Our goal is minimal disruption to your codebase, selecting an approach that ensures long-term use of the invariants.

• Invariant testing and integration

  We run invariants locally and on dedicated cloud infrastructure, refining specifications based on fuzz testing results. Collaborating with your team, we integrate short-term fuzzing into CI (e.g., GitHub actions) and provide recommendations for long-term fuzzing campaigns, locally or in the cloud.

• Training and guidance

  We also include developer training through regular meetings throughout the service. We provide guidance and advice on how to maintain the provided invariants, write new ones, and improve the system’s design. Upon request, we can provide half a day of dedicated training, delving into the nuances of various testing methodologies and best practices.

Trail of Bits stands as a pioneer in Blockchain Invariant Development. Our seasoned engineers have been writing invariants for more than half of a decade (for examples, see the Balancer, Primitive, and Liquity reports), authored multiple fuzzers (Echidna, Medusa, test-fuzz), and delivered several educational materials on fuzzing ((+150 pre-defined invariants, How to fuzz like a pro (conference workshop), 10-hour fuzzing workshop, fuzzing tutorials).

This service will help your team to become proactive instead of reactive in securing your codebase, identify and develop the most impactful invariants, and educate the team on invariant-driven development.

Our comprehensive code assessment, covering the entire codebase, is our most thorough offering and includes all aspects of secure code review.

• Smart contract analysis

  We perform an in-depth examination of the codebase to identify vulnerabilities that stem from the blockchain environment, the language, and the target. This includes reentrancy, arithmetic issues, improper access controls, incorrect upgradeability schema, transactions replay, and programming language misuses. Our team has developed strong in-house expertise on smart contract languages (including Solidity, Vyper, YUL, Cairo, Teal/Pyteal, Go and Rust based languages) allowing us to cover the full spectrum of language-related risks.

• Business logic analysis

  We assess the logic and functionality of the target and identify potential business logic flaws. We look for economic-related issues, such as price manipulation, incorrect slippage, and unprotected liquidation. We also look for improper validation of external components. We explore the risk of stakeholders collision, and issues related to token integrations. We look for application-specific issues, such as incorrect Merkle tree usage, incorrect signature validation, and risks related to on-chain voting.

• L1/L2 node review

  We review the blockchain nodes and look for flaws that can break the liveness or safety of the blockchain protocol, as well as impersonate or isolate validators. We look at the VM to ensure that opcodes cannot be abused or lead to unintended side effects. We look for ways to crash the nodes with malformed transactions. We look at the replay risks at the network and consensus levels. We also leverage our strong in-house expertise on geth-related codebases. We look at the correctness of challenge protocols for rollups-related codebases, as well as incorrect state transition between L1 and L2.

• Bridges review

  We evaluate the bridges by leveraging our experience with smart contract and non smart contract components. We review every side of the bridge to ensure proper validation of transactions are applied. We look at the cross chain assets transfers to make sure the bridge bookkeeping is robust. We explore the risks to slashing, including preventing a valid slashing event from happening, as well as slashing honest behaviors. We have experience with EVM and non-EVM chains, allowing us to review complex bridges setup.

• Off chain components review

  We assess off chain components with a focus on the on-chain and off-chain interactions, and ensure adequate validation is present. We look for incorrect logic, and tailor our exploration based on the business logic. We look for incorrect block finality assumptions, as well as inadequate transactions validation. We review the indexing of on-chain events to ensure the application runs with the correct on-chain data. We also look for denial of service risks. We look at the data aggregation for multiple stakeholders systems, and ensure that the underlying assumptions hold.

• Code maturity analysis

  We evaluate the maturity of the codebase from a security standpoint. We provide actionable recommendations allowing developers to fix gaps in their security posture, and empowering them to write more secure code in the long term. Our experience has demonstrated that the likelihood of vulnerabilities is directly related to the software engineering practice. Our recommendations include on how to design better arithmetic and access control, how to reduce the code complexity, and where to focus on with respect to the documentation and testing.

• Automated tools integration

  Through our process, we leverage automated analysis tools to enhance our analysis; we aim to identify and write invariants and test them through the state of the art fuzzers, as well as leveraging custom static analysis rules tailored to the target’s logic.

Users of this service benefit from a holistic review of their system, gaining insight into potential vulnerabilities and architectural risks, along with actionable guidance into both short term and long term actions that improve your project’s security and integrity.