Trail of Bits

• Name: Trail of Bits
• URL: https://www.trailofbits.com/
• Category: security research firm / smart-contract security tooling / crypto audit infrastructure
• Summary: Trail of Bits is a serious security research and engineering firm with a large crypto footprint. The useful point is not just that it audits things. The company also ships durable tooling, public reviews, training material, and analysis infrastructure that many teams treat as part of the background security stack.
• What it does:
  • Performs software-assurance and security-engineering work spanning blockchain, cryptography, systems software, and broader critical infrastructure
  • Maintains a large public publications repository with academic papers, white papers, security reviews, and blockchain-specific client work across many ecosystems
  • Operates the crytic open-source blockchain-security group, which publishes tools such as Slither, Echidna, crytic-compile, solc-select, and related EVM analysis infrastructure
  • Publishes first-party smart-contract training and reference material through secure-contracts.com, covering development guidelines, incident response, EVM internals, and tool-guided secure-development workflows
  • Pairs consulting work with a durable tooling-and-education strategy, which makes Trail of Bits more infrastructure-like than a normal audit boutique
• Key claims:
  • The official homepage says Trail of Bits helps secure highly targeted organizations and combines high-end security research with an attacker mentality to reduce risk and fortify code.
  • The software-assurance page says the practice spans application security, blockchain, cryptography, and AI/ML, and emphasizes multidisciplinary engagements across the software-development lifecycle.
  • The main GitHub organization explicitly points to @crytic as its blockchain security group, which is a strong signal that crypto security tooling is a first-class part of the company’s operating surface.
  • The crytic organization highlights well-known smart-contract tools including Slither, Echidna, Medusa, secure-contract training content, and supporting EVM analysis utilities.
  • The publications repository organizes academic papers, white papers, guides, and a long set of public security reviews, including a dedicated blockchain-reviews section and named clients such as Frax Finance, Offchain Labs, Reserve Protocol, Scroll, and Uniswap.
  • secure-contracts.com explicitly says it is brought to users by Trail of Bits and collects secure-development guidance, incident-response recommendations, EVM references, and training for Slither, Echidna, Medusa, and Manticore.
  • Taken together, the current primary-source surface suggests Trail of Bits belongs in the corpus as security-tooling and research infrastructure with a significant crypto specialization, not simply as a consulting brand.
• Whitepaper: No single canonical Trail of Bits company whitepaper surfaced in this pass, but the publications archive includes multiple official white papers and the strongest current sources of truth are the official site, trailofbits and crytic GitHub organizations, the publications repository, and secure-contracts.com; see ../whitepapers/trail-of-bits-primary-sources-2026-04-30.md.

Internal linkages

• Best comparisons: certora, runtime-verification, and echidna.

• Sources:

  • https://www.trailofbits.com/
  • https://www.trailofbits.com/services/software-assurance/
  • https://github.com/trailofbits
  • https://github.com/crytic
  • https://github.com/trailofbits/publications
  • https://raw.githubusercontent.com/trailofbits/publications/master/README.md
  • https://secure-contracts.com/
  • https://raw.githubusercontent.com/crytic/slither/master/README.md
  • https://raw.githubusercontent.com/crytic/echidna/master/README.md

• Last reviewed: 2026-05-31 UTC