audit firm profile

Trail of Bits

est. 2012

SolidityRustGoC++VyperCairoEthereumSolanaPolygonDEXLendingBridge

Trail of Bits is a blockchain security firm known for deep protocol-level audits across DEX, Lending, Bridge. This profile aggregates its public audit record, 3200 findings and notable clients — so you can evaluate fit before requesting a competitive quote through Procur3.

Request a quote from Trail of Bits View public reports ↗

280

Public audits

across 14+ years

3200

Findings logged

all severities

1,295

Crit + high + med

material findings

Incidents attributed

see history below

overview

About Trail of Bits

Founded in 2012, Trail of Bits is a blockchain security firm specialising in smart contract audits and protocol-level security reviews. The team works primarily in Solidity, Rust, Go and C++, covering engagements across Ethereum, Solana, Polygon and related ecosystems. Core areas of expertise include DEX, Lending, Bridge, CDP.

With 280 public audits on record, Trail of Bits has worked with notable protocols including Uniswap V3, MakerDAO, Compound V3, Yearn V3. The firm's review history provides a transparent track record that teams can evaluate before engaging.

Trail of Bits is tracked on Procur3's auditor directory. Teams can compare their profile, stats and track record against other firms before requesting a quote.

track record

Findings by severity

HighMediumLowInfoGas

Critical	181	5.7%
High	453	14.2%
Medium	661	20.7%
Low	857	26.8%
Informational	667	20.8%
Gas	381	11.9%

Across 280 public audits, Trail of Bits has logged 3200 findings. Critical and high-severity issues account for roughly 40% of all findings — a profile reflecting thorough, deep-dive analysis across diverse protocol architectures.

Figures aggregated from publicly available audit reports. Counts are updated periodically and may lag the firm's latest private engagements. Severity labels follow each report's own classification.

selected work

Notable clients

Uniswap V3

DEX

↗

MakerDAO

CDP

↗

Compound V3

Lending

↗

Yearn V3

Yield Aggregator

↗

post-audit incidents

Incident history

Incidents recorded where a protocol was exploited after a Trail of Bits engagement. Attribution is contextual — a later exploit may fall outside the audited scope or post-date the review. We link the public source so you can judge for yourself.

source: rekt.news

Exploit in a previously-reviewed protocol

1 public incident is associated with a protocol Trail of Bits had engaged with. The exploited component fell partially outside the original audit scope. See the linked post-mortem for the full timeline and root cause.

get started

Ready to work with Trail of Bits?

Post your scope once. Trail of Bits quotes it competitively alongside other matched firms — you compare and award.

Request a quote — free Browse all firms

vetted firms onlyquotes in hoursfree for builders