How Much Does a Trail of Bits Audit Cost?

July 13, 2026

Short answer: Trail of Bits does not publish a current blockchain security-review rate card on its official site. A precise “Trail of Bits price per engineer-week” should not be treated as current fact unless it comes from a dated proposal with comparable scope.

For general planning—not as a Trail of Bits quote—Sherlock's February 2026 market reference places smart-contract audits across the market at roughly $5,000 to $250,000+. Reviews involving novel cryptography, zero-knowledge systems, non-EVM languages, or compressed timelines can sit above ordinary EVM scopes. Request a proposal for the actual answer.

What Trail of Bits Publicly Confirms

Trail of Bits describes its blockchain practice as reviewing smart contracts, nodes, and bridges, backed by Slither, Echidna, and Medusa. Its broader services include cryptography, application security, software assurance, security engineering, and research and development.

That breadth is relevant for systems whose risk crosses contract, protocol, cryptographic, compiler, and off-chain boundaries. It does not establish a fixed price or fixed tool list for every engagement; the proposal should state what is in scope and how the team plans to test it.

What to Put in the Request

  • exact repository, commit, dependencies, and build instructions
  • smart-contract, node, bridge, cryptographic, and off-chain components in scope
  • languages, compilers, virtual machines, and deployment environments
  • protocol specification, threat model, invariants, and prior reports
  • desired researcher specialties and named staffing, if available
  • initial review, remediation review, deliverables, and publication expectations
  • target dates and any scheduling constraints

For novel systems, ask the provider to separate ordinary code review from custom tooling, formal methods, cryptographic analysis, or architecture research. Those are different work products even when delivered by one team.

How This Compares to Firepan

Trail of Bits offers specialist human research and builds several of the open-source tools used across the industry. Firepan provides an unauthenticated public-repository surface scan and authenticated deep-audit workflows. Firepan currently uses Slither as best-effort corroboration in compatible deep-audit contexts; it does not claim to bundle Trail of Bits' entire tool suite.

For novel cryptography, consensus code, or cross-domain architecture, specialist review may be the primary layer. Firepan is better framed as repeatable triage and repository coverage around—not a replacement for—that engagement.

Frequently Asked Questions

Q: What is the exact price of a Trail of Bits review?

A: Trail of Bits does not publish a current rate card on its official site. Request a proposal for the repository, commit, scope, specialties, and timeline you need.


Q: Did Trail of Bits create Slither and Echidna?

A: Trail of Bits develops and publishes Slither and Echidna and describes its blockchain practice as backed by those tools and Medusa.


Q: Is Trail of Bits only a smart-contract audit firm?

A: No. Its public services span blockchain, cryptography, application security, software assurance, security engineering, and research, which matters when a system's attack surface crosses domains.


Q: Does Firepan run the same toolchain?

A: No. Firepan's implementation includes its own deterministic detectors and HOUND AI workflows, with best-effort Slither corroboration in compatible deep audits. Echidna and Medusa are valuable independent tools but are not represented as mandatory Firepan pipeline stages.

Sources

Firepan

Scan Your Contracts Now

Run a free surface scan — results in minutes, no credit card required.

Run Free Scan →