Blockchain

Smart contracts, nodes, bridges, and DeFi

Work with us

Overview

We review complete blockchain systems, from smart contracts and protocol logic to nodes, bridges, governance, and off-chain infrastructure. Trail of Bits was early to move from Web 2.0 security into blockchain, and we have secured systems for Uniswap, Aave, Arbitrum, and other teams where failures put real value at risk.

The toolchain much of the industry audits with, Slither, Echidna, and Medusa, is ours. We use it in every engagement, tune it to your codebase, and leave your team with detectors, invariants, and recommendations that make each deployment stronger.

Why work with Trail of Bits

01

The tools we built run the audit

Slither, Echidna, and Medusa came out of our engagements and are now industry-standard fuzzers and static analyzers. We use them in every review, contribute fixes back, and tune custom detectors against your specific codebase, capability you don't get from firms that just license third-party tooling.
02

We publish everything

Methodologies, exploit primitives, and ecosystem write-ups all end up in public reports, papers, or open-source repos. Building Secure Contracts, Not-So-Smart-Contracts, and our crytic toolchain are free for the industry to use, and for your team to learn from.
03

Secure development that lasts after the audit

We leave your team with CI-ready detectors, invariant tests, and SDLC recommendations that help developers catch the next class of bug before it ships.

Read our assessment of Uniswap v4 Core

Services & deliverables

Design Assessment

Service

Our Design Assessment analyzes the fundamental design of the system. We assess the system architecture and component specifications, identify potential security shortcomings, and offer tailored risk mitigation strategies. We can also assess the testing strategies, emphasizing the effective use of security tools throughout the development life cycle. Finally, we provide customized solutions that address your concerns and enhance security.

01: Security analysis of deployment plans with incident response integration
02: Risk assessment of oracles, DeFi integrations & upgradeability patterns
03: Strategic implementation of fuzzing, static analysis & formal verification
04: Cryptographic & application security beyond standard blockchain risks

Leveraging a design review provides immediate feedback, minimizing project risks, saving development time and costs by reducing the need for late-stage refactoring.

Public Report for Meson

Early Stage Assessment

Service

The Early Stage Assessment provides guidance and recommendations that will aid your developers for the long term of the project. This service is a perfect fit for projects that are early on in their SDLC but are ready to receive feedback. This includes projects for which the code is not finalized or is nonexistent, the documentation and testing are ongoing, and the technical solution may evolve.

We can guide projects that build smart contracts, bridges, DeFi, and decentralized gaming applications. We also have strong in-house expertise on blockchain nodes and have worked with numerous geth-based projects.

01: Surface-level vulnerability detection in early-stage codebases
02: Decentralization analysis & upgradeability schema evaluation
03: MEV exposure analysis & oracle integration risk assessment
04: Testing coverage evaluation & monitoring system design
05: Protocol-specific security recommendations & best practices
06: Long-term security posture improvement roadmap

This service helps projects to set a strong security foundation, receive expert recommendations earlier, and reduce costs by preventing late refactoring.

Invariant Testing & Development

Service

Enhance your blockchain security with our Invariant Testing & Development, which focuses exclusively on identifying, developing, and testing invariants. While security reviews typically contain some development of invariants in areas believed to contain bugs, this service is focused entirely on invariants to achieve a more holistic approach to long-term security.

Trail of Bits stands as a pioneer in Blockchain Invariant Development. Our seasoned engineers have been writing invariants for more than half of a decade (for examples, see the Balancer, Primitive, and Liquity reports), authored multiple fuzzers (Echidna, Medusa, test-fuzz), and delivered several educational materials on fuzzing.

01: System & function-level invariant identification with preconditions
02: Custom fuzzing initialization with minimal codebase disruption
03: CI/CD integration of fuzzing campaigns with cloud infrastructure
04: Hands-on developer training in invariant-driven testing methodologies

This service will help your team to become proactive instead of reactive in securing your codebase, identify and develop the most impactful invariants, and educate the team on invariant-driven development.

Public Report for Curvance

Comprehensive Code Assessment

Service

Our most thorough blockchain review combines manual code review with the tools we build and maintain, including Slither, Echidna, Medusa, and custom analysis written for your system.

We assess the full codebase, whether it is a Solidity dapp, a Go-based node, a bridge, or off-chain infrastructure, and evaluate whether the system is prepared for the challenges of public deployment.

01: Multi-language smart contract and protocol vulnerability analysis
02: Economic risk assessment, including price manipulation and liquidation paths
03: VM, node, bridge, and cross-chain transaction validation review
04: Custom static-analysis, fuzzing, and invariant-testing guidance
05: Long-term recommendations that help developers avoid repeating bug classes
06: Codebase Maturity Evaluation against modern blockchain security expectations

You leave with a report that explains what is vulnerable, why it matters, how to fix it, and what engineering practices will make future deployments safer.

What ships with every engagement

Most pen-test firms hand you a PDF and walk away. Every Trail of Bits engagement ships a deliverable set your engineering team can plug into their workflow on day one and keep using long after we're gone.

Deliverable	Trail of Bits	Status Quo
Written findings report Severity, difficulty, and exploit scenario for every finding.	✓	✓
Short- and long-term SDLC recommendations Not just bug fixes, but process changes that prevent the next class of bug.	✓	—
Codebase maturity evaluation Structured review of testing, deployment, upgradeability, and operational hygiene.	✓	—
Custom Slither / Medusa / Echidna detectors Static-analysis and fuzzing harnesses tuned to the patterns we found in your code.	✓	—
Invariant test suites Drop-in invariant fuzzers and properties your team keeps running after we leave.	✓	—
LLM and Claude-skill harnesses Agent skills and prompts to help your team triage findings and pre-flight the next review.	✓	—
Live walkthrough + fix-review retest We read out findings in person and re-test patches when they land.	✓	Sometimes
Open publication of generalizable findings Novel issues turn into public research so the whole industry benefits.	✓	—

Comparison based on the standard published deliverables of major blockchain-security firms, as of 2026.

Public work

Public Blockchain assessments

Browse library →

Public engagements: 443
Person-weeks logged: 2035
Distinct groups: 19
With effort reported: 442

Recent public engagements

Date	Engagement	Client / group	Effort
May 2026	Kiln Lagoon Vault Diff Review	Ethereum/EVM	1 wk
Apr 2026	Franklin Templeton BenjiSwap Differential Review	Ethereum/EVM	1.2 wks
Apr 2026	Gensyn Buyback-and-Burn Vault	Ethereum/EVM	1 wk
Apr 2026	Gensyn Bridged Token	Ethereum/EVM	0.2 wks
Apr 2026	Gensyn Delphi Dynamic Paramutuel Markets	Ethereum/EVM	3.4 wks
Mar 2026	Shape TokenLock	Ethereum/EVM	0.4 wks
Mar 2026	EthStaker Deposit CLI	Other/Multi-Chain	1 wk
Feb 2026	Offchain Labs Arbitrum Quorum Changes	Offchain Labs	1.2 wks
Feb 2026	Aave v4	Ethereum/EVM	6 wks
Feb 2026	Chainlink LlamaRisk LlamaGuard NAV CRE	Other/Multi-Chain	1 wk

How We Work

How we approach a blockchain engagement

Every blockchain assessment follows the same five-stage flow. The depth of each stage scales to the system and the threat model, but the sequence never changes, so every finding traces back to a root cause and a fix. We tell you what we did, in what order, and why.

Scope and threat model.

Define the system boundary: contracts, nodes, bridges, off-chain services, deployment plan. Capture trust assumptions (oracles, admin keys, upgradeability) and the economic model. We document them explicitly so they can be tested.
Design and upgradeability review.

Audit the architecture before the bytecode. Inspect upgrade paths, access control, oracle integration, governance, and cross-chain message flow. Most catastrophic blockchain failures live in these layers, not in the inner contract logic.
Implementation review.

Manual review backed by Slither, Medusa, and Echidna runs tuned to your codebase. Cover smart contracts, off-chain components, node configuration, and the build/deployment pipeline.
Invariant testing and exploit development.

Identify and codify system- and function-level invariants. Build fuzzing harnesses and exploit PoCs for severity-relevant findings, plus economic / MEV simulations where they're load-bearing.
Reporting and remediation.

Deliver a written report, walk findings through with your team, and re-test patches when the work returns. Custom detectors and the invariant suite ship with the report.

Full-system coverage, not contract-only review

That process applies across the full deployed system, not just the smart contracts. We review the protocol, economics, clients, integrations, and operational controls together because failures often emerge between layers.

Layer	What we assess
Protocol architecture	Trust boundaries, roles, state machines, governance, emergency controls, upgrade paths
Smart contracts	Access control, accounting, invariants, storage layout, token integrations, reentrancy, MEV exposure
DeFi and economics	Oracles, pricing, liquidations, incentives, liquidity assumptions, market-manipulation paths
Cross-chain systems	Bridges, relayers, replay protection, finality assumptions, validator sets, message verification
Nodes and clients	Consensus assumptions, syncing, fork handling, RPC behavior, mempool behavior, P2P surfaces
Off-chain infrastructure	Indexers, keepers, APIs, backend services, signing flows, deployment pipelines, monitoring
Launch readiness	Test strategy, invariant suites, fuzzing setup, mutation testing, CI detectors, incident response, operational runbooks

Specialist staffing model

Cross-practice depth when the system demands it

Blockchain engagements are led by protocol security experts, with specialists from other Trail of Bits practices brought in when another domain materially affects risk.

Blockchain systems rarely fail in isolation. A protocol may depend on cryptography, web applications, AI/ML automation, node software, bridge infrastructure, deployment pipelines, or signing workflows. When those areas become important to the review, we pull in engineers from the Trail of Bits teams that work in those domains every day.

That gives clients one blockchain engagement with deeper coverage where it matters: the blockchain team evaluates protocol-specific risk, while specialists assess the parts of the system that require dedicated domain expertise.

Practice	How it adds value
Cryptography	Reviews protocol assumptions, primitives, signatures, key management, proof systems, and ZK-adjacent designs.
Application Security	Assesses wallets, APIs, dashboards, auth flows, backend services, and signing paths that connect users to on-chain assets.
AI/ML Security	Evaluates agents, model-assisted workflows, oracle-like automation, adversarial inputs, and model-dependent controls.

Ecosystems we work in

We work across these ecosystems:

Ethereum

We've completed assessments for companies building on Ethereum and have reviewed various components of the ecosystem itself. Our expertise in Ethereum security is demonstrated through our numerous comprehensive reports. Our comprehensive approach to security has led us to create some of the best security tools in the Ethereum ecosystem (Slither, Echidna, Medusa), which we leverage in our security reviews for greater confidence.

Move

We have conducted thorough security assessments for Aptos/Sui projects, enhancing the security and reliability of this innovative platform.

How Sui Move rethinks flash loan security

Solana

Our team has extensive experience in auditing Solana-based projects. We've provided comprehensive security assessments and developed tools to enhance Solana's security.

Arbitrum

We have reviewed Arbitrum systems across Nitro, ArbOS, governance, bridges, and Stylus. Our work on Stylus gives us direct experience with Arbitrum's new smart contract language and execution environment, including the risks that emerge when smart contract platforms expand beyond the EVM.

Optimism

We've been selected by the Optimism Grant Foundation to offer grant-funded security assessments to projects deploying on Optimism.

Cosmos

We have significantly contributed to the security of Cosmos projects, including detailed fuzzing and security analyses.

Substrate

We have provided extensive security assessments for Substrate-based projects, ensuring robust security measures and thorough evaluations.

Starknet

We have conducted thorough security assessments for Starknet projects, enhancing the security and reliability of this innovative platform.

TON

We have conducted in-depth security assessments for projects on the TON blockchain, helping to secure and optimize its ecosystem.

Get in touch

Book a technical office hours session

Spend a free hour with one of our engineers on a specific technical problem: an architecture you're unsure about, a tool you want to stand up, a finding you can't reproduce. No pitch and no sales engineer, just a working session with someone who does this every day.

Book a session

Blockchain

Why work with Trail of Bits

The tools we built run the audit

We publish everything

Secure development that lasts after the audit

Design Assessment

Early Stage Assessment

Invariant Testing & Development

Comprehensive Code Assessment

What ships with every engagement

Public Blockchain assessments

How we approach a blockchain engagement

Scope and threat model.

Design and upgradeability review.

Implementation review.

Invariant testing and exploit development.

Reporting and remediation.

Full-system coverage, not contract-only review

Cross-practice depth when the system demands it

Ecosystems we work in

Ethereum

Move

Solana

Arbitrum

Optimism

Cosmos

Substrate

Starknet

TON

Tools

Blog

Handbooks

Book a technical office hours session