diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4b3e936e..10a41b54 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,43 +1,43 @@ -# Contributing to Building-secure-contracts +# Contributing to Building-Secure-Contracts -First, thanks for your interest in contributing to Building-secure-contracts! We welcome and appreciate all contributions, including bug reports, feature suggestions, tutorials/blog posts, and code improvements. +First, thank you for your interest in contributing to Building-Secure-Contracts! We appreciate and warmly welcome all contributions, which include bug reports, feature suggestions, tutorials/blog posts, and code improvements. -If you're unsure where to start, we recommend our [`good first issue`](https://github.com/crytic/building-secure-contracts/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22) and [`help wanted`](https://github.com/crytic/building-secure-contracts/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22) issue labels. +If you're not sure where to begin, we recommend checking out our [`good first issue`](https://github.com/crytic/building-secure-contracts/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22) and [`help wanted`](https://github.com/crytic/building-secure-contracts/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22) issue labels. -## Bug reports and feature suggestions +## Bug Reports and Feature Suggestions -Bug reports and feature suggestions can be submitted to our issue tracker. For bug reports, attaching the contract that caused the bug will help us in debugging and resolving the issue quickly. If you find a security vulnerability, do not open an issue; email opensource@trailofbits.com instead. +Please submit bug reports and feature suggestions to our issue tracker. When reporting a bug, attaching the contract causing the issue is helpful for efficient debugging and resolution. If you discover a security vulnerability, do not open an issue; instead, email opensource@trailofbits.com. ## Questions Questions can be submitted to the issue tracker, but you may get a faster response if you ask in our [chat room](https://slack.empirehacking.nyc/) (in the #ethereum channel). -## Code +## Code Contributions -building-secure-contracts uses the pull request contribution model. Please make an account on Github, fork this repo, and submit code contributions via pull request. For more documentation, look [here](https://guides.github.com/activities/forking/). +Building-Secure-Contracts follows the pull request contribution model. Create an account on Github, fork this repo, and submit code contributions through pull requests. For additional documentation, refer [here](https://guides.github.com/activities/forking/). Some pull request guidelines: -- Minimize irrelevant changes (formatting, whitespace, etc) to code that would otherwise not be touched by this patch. Save formatting or style corrections for a separate pull request that does not make any semantic changes. -- When possible, large changes should be split up into smaller focused pull requests. -- Fill out the pull request description with a summary of what your patch does, key changes that have been made, and any further points of discussion, if applicable. -- Title your pull request with a brief description of what it's changing. "Fixes #123" is a good comment to add to the description, but makes for an unclear title on its own. +- Limit unnecessary changes (formatting, whitespace, etc.) to code unrelated to the patch. Save formatting or style corrections for a separate pull request, which doesn't include any semantic changes. +- When possible, break down large changes into smaller, focused pull requests. +- Complete the pull request description with an overview of your patch, including key modifications, and any further discussion points if relevant. +- Use a concise title to describe your pull request's changes. "Fixes #123" is suitable for adding to the description, but not as a standalone title. ## Directory Structure -Below is a rough outline of building-secure-contracts's structure: +Here's a basic overview of Building-Secure-Contracts' structure: ```text . -├── development-guidelnes # High-level best-practices for all smart contracts +├── development-guidelines # High-level best practices for all smart contracts ├── learn_evm # EVM technical knowledge -├── not-so-smart-contracts # Examples of smart contract common issues. Each issue contains a description, an example and recommendations -├── program-analysis # How to use automated tools to secure contracts -├── ressources # Various online resources +├── not-so-smart-contracts # Examples of common smart contract issues, including descriptions, examples, and recommendations +├── program-analysis # How to utilize automated tools to secure contracts +├── resources # Various online resources └── ... ``` -## Linting and formatting +## Linting and Formatting To install the formatters and linters, run: @@ -45,26 +45,26 @@ To install the formatters and linters, run: npm install ``` -To run the formatter, use: +To use the formatter, run: ```bash npm run format ``` -To run the linters, use: +To use the linters, run: ```bash npm run lint ``` -To run the individual linters, use: +To use individual linters, run: - `npm run lint:format` to check the formatting -- `npm run lint:links` to check for invalid links in markdown files +- `npm run lint:links` to verify the validity of links in markdown files -## Create the book +## Creating the Book -We use `mdbook` to generate [secure-contracts.com](https://secure-contracts.com/). +We utilize `mdbook` to generate [secure-contracts.com](https://secure-contracts.com/). To run it locally: @@ -73,4 +73,4 @@ cargo install --git https://github.com/montyly/mdBook.git mdbook mdbook build ``` -Note: we use https://github.com/montyly/mdBook.git, which contains https://github.com/rust-lang/mdBook/pull/1584. +Note: We use https://github.com/montyly/mdBook.git, which contains https://github.com/rust-lang/mdBook/pull/1584. diff --git a/README.md b/README.md index 2599c7ae..f765c086 100644 --- a/README.md +++ b/README.md @@ -2,41 +2,39 @@ ![](https://github.com/crytic/building-secure-contracts/workflows/CI/badge.svg) ![](https://github.com/crytic/building-secure-contracts/workflows/Echidna/badge.svg) -This repository, brought to you by [Trail of Bits](https://www.trailofbits.com/), outlines guidelines and best practices to write secure smart contracts. +Brought to you by [Trail of Bits](https://www.trailofbits.com/), this repository offers guidelines and best practices for developing secure smart contracts. Contributions are welcome, you can contribute by following our [contributing guidelines](https://github.com/crytic/building-secure-contracts/blob/master/CONTRIBUTING.md). -We welcome contributions, and you can contribute by following our [contributing guidelines](https://github.com/crytic/building-secure-contracts/blob/master/CONTRIBUTING.md). +**Table of Contents:** -**Table of contents:** - -- [Development guidelines](./development-guidelines) - - [High-level best practices](./development-guidelines/guidelines.md): High-level best-practices for all smart contracts - - [Incident Response Recommendations](./development-guidelines/incident_response.md): Guidelines on how to formulate an incident response plan - - [Secure development workflow](./development-guidelines/workflow.md): A rough, high-level process to follow while you write code - - [Token integration checklist](./development-guidelines/token_integration.md): What to check when interacting with arbitrary token -- [Learn EVM](./learn_evm): EVM technical knowledge - - [EVM Opcodes](./learn_evm/evm_opcodes.md): Details on all EVM opcodes +- [Development Guidelines](./development-guidelines) + - [High-Level Best Practices](./development-guidelines/guidelines.md): Best practices for all smart contracts + - [Incident Response Recommendations](./development-guidelines/incident_response.md): Guidelines for creating an incident response plan + - [Secure Development Workflow](./development-guidelines/workflow.md): A high-level process to follow during code development + - [Token Integration Checklist](./development-guidelines/token_integration.md): What to check when interacting with arbitrary tokens +- [Learn EVM](./learn_evm): Technical knowledge about the EVM + - [EVM Opcodes](./learn_evm/evm_opcodes.md): Information on all EVM opcodes - [Transaction Tracing](./learn_evm/tracing.md): Helper scripts and guidance for generating and navigating transaction traces - [Arithmetic Checks](./learn_evm/arithmetic-checks.md): A guide to performing arithmetic checks in the EVM - - [Yellow Paper Guidance](./learn_evm/yellow-paper.md): Symbol reference for more easily reading the Ethereum yellow paper - - [Forks <> EIPs](./learn_evm/eips_forks.md): Summarize the EIPs included in each Ethereum fork - - [Forks <> CIPs](./learn_evm/cips_forks.md): Summarize the CIPs and EIPs included in each Celo fork _(EVM-compatible chain)_ - - [Upgrades <> TIPs](./learn_evm/tips_upgrades.md): Summarize the TIPs included in each TRON upgrade _(EVM-compatible chain)_ - - [Forks <> BEPs](./learn_evm/beps_forks.md): Summarize the BEPs included in each BSC fork _(EVM-compatible chain)_ -- [Not so smart contracts](./not-so-smart-contracts): Examples of smart contract common issues. Each issue contains a description, an example and recommendations + - [Yellow Paper Guidance](./learn_evm/yellow-paper.md): Symbol reference for easier reading of the Ethereum yellow paper + - [Forks <> EIPs](./learn_evm/eips_forks.md): Summaries of the EIPs included in each Ethereum fork + - [Forks <> CIPs](./learn_evm/cips_forks.md): Summaries of the CIPs and EIPs included in each Celo fork _(EVM-compatible chain)_ + - [Upgrades <> TIPs](./learn_evm/tips_upgrades.md): Summaries of the TIPs included in each TRON upgrade _(EVM-compatible chain)_ + - [Forks <> BEPs](./learn_evm/beps_forks.md): Summaries of the BEPs included in each BSC fork _(EVM-compatible chain)_ +- [Not So Smart Contracts](./not-so-smart-contracts): Examples of common smart contract issues, complete with descriptions, examples, and recommendations - [Algorand](./not-so-smart-contracts/algorand) - [Cairo](./not-so-smart-contracts/cairo) - [Cosmos](./not-so-smart-contracts/cosmos) - [Substrate](./not-so-smart-contracts/substrate) - [Solana](./not-so-smart-contracts/solana) -- [Program analysis](./program-analysis): How to use automated tools to secure contracts - - [Echidna](./program-analysis/echidna): a fuzzer that will check your contract's properties. - - [Slither](./program-analysis/slither): a static analyzer available through a CLI and scriptable interface. - - [Manticore](./program-analysis/manticore): a symbolic execution engine that can prove the correctness properties. - - For each tool, this training material will provide: - - a theoretical introduction, a walkthrough of its API, and a set of exercises. - - exercises expected to require ~two hours to practically learn its operation. -- [Resources](./resources): Various online resources - - [Trail of Bits blogposts](./resources/tob_blogposts.md): List of blockchain related blogposts made by Trail of Bits +- [Program Analysis](./program-analysis): Using automated tools to secure contracts + - [Echidna](./program-analysis/echidna): A fuzzer that checks your contract's properties + - [Slither](./program-analysis/slither): A static analyzer with both CLI and scriptable interfaces + - [Manticore](./program-analysis/manticore): A symbolic execution engine that proves the correctness of properties + - For each tool, this training material provides: + - A theoretical introduction, an API walkthrough, and a set of exercises + - Exercises that take approximately two hours to gain practical understanding +- [Resources](./resources): Assorted online resources + - [Trail of Bits Blog Posts](./resources/tob_blogposts.md): A list of blockchain-related blog posts created by Trail of Bits # License diff --git a/SUMMARY.md b/SUMMARY.md index 95194c5d..85317bf5 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -2,11 +2,11 @@ [Introduction](./README.md) -- [Development-guidelines](./development-guidelines/README.md) - - [High-level best practices](./development-guidelines/guidelines.md) - - [Token integration checklist](./development-guidelines/token_integration.md) +- [Development Guidelines](./development-guidelines/README.md) + - [High-Level Best Practices](./development-guidelines/guidelines.md) + - [Token Integration Checklist](./development-guidelines/token_integration.md) - [Incident Response Recommendations](./development-guidelines/incident_response.md) - - [Secure development workflow](./development-guidelines/workflow.md) + - [Secure Development Workflow](./development-guidelines/workflow.md) - [Learn EVM](./learn_evm/README.md) - [EVM Opcode Reference](./learn_evm/evm_opcodes.md) - [Transaction Tracing](./learn_evm/tracing.md) @@ -23,32 +23,32 @@ - [Closing Account](./not-so-smart-contracts/algorand/closing_account/README.md) - [Closing Asset](./not-so-smart-contracts/algorand/closing_asset/README.md) - [Group Size Check](./not-so-smart-contracts/algorand/group_size_check/README.md) - - [Time-based Replay Attack](./not-so-smart-contracts/algorand/time_based_replay_attack/README.md) + - [Time-Based Replay Attack](./not-so-smart-contracts/algorand/time_based_replay_attack/README.md) - [Access Controls](./not-so-smart-contracts/algorand/access_controls/README.md) - - [Asset Id Check](./not-so-smart-contracts/algorand/asset_id_check/README.md) + - [Asset ID Check](./not-so-smart-contracts/algorand/asset_id_check/README.md) - [Denial of Service](./not-so-smart-contracts/algorand/denial_of_service/README.md) - [Inner Transaction Fee](./not-so-smart-contracts/algorand/inner_transaction_fee/README.md) - [Clear State Transaction Check](./not-so-smart-contracts/algorand/clear_state_transaction_check/README.md) - [Cairo](./not-so-smart-contracts/cairo/README.md) - - [Improper access controls](./not-so-smart-contracts/cairo/access_controls/README.md) - - [Integer division errors](./not-so-smart-contracts/cairo/integer_division/README.md) - - [View state modifications](./not-so-smart-contracts/cairo/view_state/README.md) - - [Arithmetic overflow](./not-so-smart-contracts/cairo/arithmetic_overflow/README.md) - - [Signature replays](./not-so-smart-contracts/cairo/replay_protection/README.md) + - [Improper Access Controls](./not-so-smart-contracts/cairo/access_controls/README.md) + - [Integer Division Errors](./not-so-smart-contracts/cairo/integer_division/README.md) + - [View State Modifications](./not-so-smart-contracts/cairo/view_state/README.md) + - [Arithmetic Overflow](./not-so-smart-contracts/cairo/arithmetic_overflow/README.md) + - [Signature Replays](./not-so-smart-contracts/cairo/replay_protection/README.md) - [L1 to L2 Address Conversion](./not-so-smart-contracts/cairo/L1_to_L2_address_conversion/README.md) - [Incorrect Felt Comparison](./not-so-smart-contracts/cairo/incorrect_felt_comparison/README.md) - [Namespace Storage Var Collision](./not-so-smart-contracts/cairo/namespace_storage_var_collision/README.md) - [Dangerous Public Imports in Libraries](./not-so-smart-contracts/cairo/dangerous_public_imports_in_libraries/README.md) - [Cosmos](./not-so-smart-contracts/cosmos/README.md) - - [Incorrect signers](./not-so-smart-contracts/cosmos/incorrect_getsigners/README.md) - - [Non-determinism](./not-so-smart-contracts/cosmos/non_determinism/README.md) - - [Not prioritized messages](./not-so-smart-contracts/cosmos/messages_priority/README.md) - - [Slow ABCI methods](./not-so-smart-contracts/cosmos/abci_fast/README.md) - - [ABCI methods panic](./not-so-smart-contracts/cosmos/abci_panic/README.md) - - [Broken bookkeeping](./not-so-smart-contracts/cosmos/broken_bookkeeping/README.md) - - [Rounding errors](./not-so-smart-contracts/cosmos/rounding_errors/README.md) - - [Unregistered message handler](./not-so-smart-contracts/cosmos/unregistered_msg_handler/README.md) - - [Missing error handler](./not-so-smart-contracts/cosmos/missing_error_handler/README.md) + - [Incorrect Signers](./not-so-smart-contracts/cosmos/incorrect_getsigners/README.md) + - [Non-Determinism](./not-so-smart-contracts/cosmos/non_determinism/README.md) + - [Not Prioritized Messages](./not-so-smart-contracts/cosmos/messages_priority/README.md) + - [Slow ABCI Methods](./not-so-smart-contracts/cosmos/abci_fast/README.md) + - [ABCI Methods Panic](./not-so-smart-contracts/cosmos/abci_panic/README.md) + - [Broken Bookkeeping](./not-so-smart-contracts/cosmos/broken_bookkeeping/README.md) + - [Rounding Errors](./not-so-smart-contracts/cosmos/rounding_errors/README.md) + - [Unregistered Message Handler](./not-so-smart-contracts/cosmos/unregistered_msg_handler/README.md) + - [Missing Error Handler](./not-so-smart-contracts/cosmos/missing_error_handler/README.md) - [Solana](./not-so-smart-contracts/solana/README.md) - [Arbitrary CPI](./not-so-smart-contracts/solana/arbitrary_cpi/README.md) - [Improper PDA Validation](./not-so-smart-contracts/solana/improper_pda_validation/README.md) @@ -56,18 +56,18 @@ - [Signer Check](./not-so-smart-contracts/solana/signer_check/README.md) - [Sysvar Account Check](./not-so-smart-contracts/solana/sysvar_account_check/README.md) - [Substrate](./not-so-smart-contracts/substrate/README.md) - - [Arithmetic overflow](./not-so-smart-contracts/substrate/arithmetic_overflow/README.md) - - [Don't panic!](./not-so-smart-contracts/substrate/dont_panic/README.md) - - [Weights and fees](./not-so-smart-contracts/substrate/weights_and_fees/README.md) - - [Verify first](./not-so-smart-contracts/substrate/verify_first/README.md) - - [Unsigned transaction validation](./not-so-smart-contracts/substrate/validate_unsigned/README.md) - - [Bad randomness](./not-so-smart-contracts/substrate/randomness/README.md) - - [Bad origin](./not-so-smart-contracts/substrate/origins/README.md) + - [Arithmetic Overflow](./not-so-smart-contracts/substrate/arithmetic_overflow/README.md) + - [Don't Panic!](./not-so-smart-contracts/substrate/dont_panic/README.md) + - [Weights and Fees](./not-so-smart-contracts/substrate/weights_and_fees/README.md) + - [Verify First](./not-so-smart-contracts/substrate/verify_first/README.md) + - [Unsigned Transaction Validation](./not-so-smart-contracts/substrate/validate_unsigned/README.md) + - [Bad Randomness](./not-so-smart-contracts/substrate/randomness/README.md) + - [Bad Origin](./not-so-smart-contracts/substrate/origins/README.md) - [Program Analysis](./program-analysis/README.md) - [Echidna](./program-analysis/echidna/README.md) - [Introduction](./program-analysis/echidna/introduction/README.md) - - [Introduction to fuzzing](./program-analysis/echidna/introduction/fuzzing-introduction.md) - - [How to test a property](./program-analysis/echidna/introduction/how-to-test-a-property.md) + - [Introduction to Fuzzing](./program-analysis/echidna/introduction/fuzzing-introduction.md) + - [How to Test a Property](./program-analysis/echidna/introduction/how-to-test-a-property.md) - [Basic](./program-analysis/echidna/basic/README.md) - [How to select the most suitable testing mode](./program-analysis/echidna/basic/testing-modes.md) - [How to select the best testing approach](./program-analysis/echidna/basic/common-testing-approaches.md) diff --git a/resources/tob_blogposts.md b/resources/tob_blogposts.md index 7a817bd9..907baa2c 100644 --- a/resources/tob_blogposts.md +++ b/resources/tob_blogposts.md @@ -1,20 +1,20 @@ -# Trail of Bits blogposts +# Trail of Bits Blog Posts -The following contains the blockchain related blogposts made by Trail of Bits. +The following contains blockchain-related blog posts made by Trail of Bits. -- [Trail of Bits blogposts](#trail-of-bits-blogposts) - - [Consensus algorithms](#consensus-algorithms) - - [Fuzzing compilers](#fuzzing-compilers) +- [Trail of Bits Blog Posts](#trail-of-bits-blog-posts) + - [Consensus Algorithms](#consensus-algorithms) + - [Fuzzing Compilers](#fuzzing-compilers) - [General](#general) - [Guidance](#guidance) - [Presentations](#presentations) - [Tooling](#tooling) - [Upgradeability](#upgradeability) - - [Zero-knowledge](#zero-knowledge) + - [Zero-Knowledge](#zero-knowledge) -## Consensus algorithms +## Consensus Algorithms -Research in the distributes systems area +Research in the distributed systems area | Date | Title | Description | | ---------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- | @@ -22,27 +22,27 @@ Research in the distributes systems area | 2019/10/25 | [Formal Analysis of the CBC Casper Consensus Algorithm with TLA+](https://blog.trailofbits.com/2019/10/25/formal-analysis-of-the-cbc-casper-consensus-algorithm-with-tla/) | Verification of finality of the Correct By Construction (CBC) PoS consensus protocol | | 2019/07/12 | [On LibraBFT’s use of broadcasts](https://blog.trailofbits.com/2019/07/12/librabft/) | Liveness of LibraBFT and HotStuff algorithms | | 2019/07/02 | [State of the Art Proof-of-Work: RandomX](https://blog.trailofbits.com/2019/07/02/state/) | Summary of our audit of ASIC and GPU-resistant PoW algorithm | -| 2018/10/12 | [Introduction to Verifiable Delay Functions (VDFs)](https://blog.trailofbits.com/2018/10/12/introduction-to-verifiable-delay-functions-vdfs/) | Basics of VDFs - a class of hard to compute, not paralelizable, but easily verifiable functions | +| 2018/10/12 | [Introduction to Verifiable Delay Functions (VDFs)](https://blog.trailofbits.com/2018/10/12/introduction-to-verifiable-delay-functions-vdfs/) | Basics of VDFs - a class of hard to compute, not parallelizable, but easily verifiable functions | -## Fuzzing compilers +## Fuzzing Compilers -Our work in the topic of fuzzing the `solc` compiler +Our work on the topic of fuzzing the `solc` compiler -| Date | Title | Description | -| ---------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | -| 2021/03/23 | [A Year in the Life of a Compiler Fuzzing Campaign](https://blog.trailofbits.com/2021/03/23/a-year-in-the-life-of-a-compiler-fuzzing-campaign/) | Results and feature of fuzzing solc | -| 2020/06/05 | [Breaking the Solidity Compiler with a Fuzzer](https://blog.trailofbits.com/2020/06/05/breaking-the-solidity-compiler-with-a-fuzzer/) | Our approach to fuzzing solc | +| Date | Title | Description | +| ---------- | ----------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------ | +| 2021/03/23 | [A Year in the Life of a Compiler Fuzzing Campaign](https://blog.trailofbits.com/2021/03/23/a-year-in-the-life-of-a-compiler-fuzzing-campaign/) | Results and features of fuzzing solc | +| 2020/06/05 | [Breaking the Solidity Compiler with a Fuzzer](https://blog.trailofbits.com/2020/06/05/breaking-the-solidity-compiler-with-a-fuzzer/) | Our approach to fuzzing solc | ## General -Security research, analyses, announcements, and writeups +Security research, analyses, announcements, and write-ups | Date | Title | Description | | ---------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| 2022/10/12 | [Porting the Solana eBPF JIT compiler to ARM64](https://blog.trailofbits.com/2022/10/12/solana-jit-compiler-ebpf-arm64/) | Low-level writeup of the work done to make Solana compiler work on ARM64 | -| 2022/06/24 | [Managing risk in blockchain deployments](https://blog.trailofbits.com/2022/06/24/managing-risk-in-blockchain-deployments/) | Summary of "Do You Really Need a Blockchain? An Operational Risk Assessment" report | -| 2022/06/21 | [Are blockchains decentralized?](https://blog.trailofbits.com/2022/06/21/are-blockchains-decentralized/) | Summary of "Are Blockchains Decentralize? Unintended Centralities in Distributed Ledgers" report | -| 2020/08/05 | [Accidentally stepping on a DeFi lego](https://blog.trailofbits.com/2020/08/05/accidentally-stepping-on-a-defi-lego/) | Writeup of a vulnerability in yVault project | +| 2022/10/12 | [Porting the Solana eBPF JIT compiler to ARM64](https://blog.trailofbits.com/2022/10/12/solana-jit-compiler-ebpf-arm64/) | Low-level write-up of the work done to make the Solana compiler work on ARM64 | +| 2022/06/24 | [Managing risk in blockchain deployments](https://blog.trailofbits.com/2022/06/24/managing-risk-in-blockchain-deployments/) | A summary of "Do You Really Need a Blockchain? An Operational Risk Assessment" report | +| 2022/06/21 | [Are blockchains decentralized?](https://blog.trailofbits.com/2022/06/21/are-blockchains-decentralized/) | A summary of "Are Blockchains Decentralized? Unintended Centralities in Distributed Ledgers" report | +| 2020/08/05 | [Accidentally stepping on a DeFi lego](https://blog.trailofbits.com/2020/08/05/accidentally-stepping-on-a-defi-lego/) | Write-up of a vulnerability in yVault project | | 2020/05/15 | [Bug Hunting with Crytic](https://blog.trailofbits.com/2020/05/15/bug-hunting-with-crytic/) | Description of 9 bugs found by Trail of Bits tools in public projects | | 2019/11/13 | [Announcing the Crytic $10k Research Prize](https://blog.trailofbits.com/2019/11/13/announcing-the-crytic-10k-research-prize/) | Academic research prize promoting open source work | | 2019/10/24 | [Watch Your Language: Our First Vyper Audit](https://blog.trailofbits.com/2019/10/24/watch-your-language-our-first-vyper-audit/) | Pros and cons of Vyper language and disclosure of vulnerability in the Vyper's compiler | @@ -112,7 +112,7 @@ Our work related to contracts upgradeability | 2018/10/29 | [How contract migration works](https://blog.trailofbits.com/2018/10/29/how-contract-migration-works/) | Alternative to upgradability mechanism - moving data to a new contract | | 2018/09/05 | [Contract upgrade anti-patterns](https://blog.trailofbits.com/2018/09/05/contract-upgrade-anti-patterns/) | Discussion of risks and recommendations for Data Separation and Delegatecall Proxy patterns. Disclosure of vulnerability in Zeppelin Proxy contract. | -## Zero-knowledge +## Zero-Knowledge Our work in Zero-Knowledge Proofs space