Working with blockchains as a Trail of Bits intern
By Vara Prasad Bandaru
Earlier this year, I completed my internship at Trail of Bits and secured a full-time position as a Blockchain Security Analyst.
This post is not intended to be a technical description of the work I did during the internship. Rather, it is intended to describe my overall experience as a Trail of Bits intern. I hope that reading about my experience will motivate others to apply for future internships at Trail of Bits.
First, I want to introduce myself and provide some background on my technical expertise. Next, I’ll explain the application and interview processes and describe some of the work I did during my time as an intern (spoiler alert: I worked on Tealer, a static analyzer for Algorand’s smart contracts!). Finally, I’ll list takeaways that I would have liked to have known when I applied, and a few things I enjoyed about interning at Trail of Bits.
Who am I?
I’m in the final year of my bachelor’s program in computer science at RGUKT Nuzvid, a tier 3 college in India. Before my internship at Trail of Bits in Winter 2021, I didn’t have much industry experience other than completing one computer science project (Monkey Interpreter, a Python rewrite of a Golang implementation) and competing in capture-the-flag (CTF) competitions. I started competing in CTFs near the end of the first year of my undergraduate program (and still do on weekends) under the username S3v3ru5.
I concentrated mainly on cryptography-related challenges, my strongest category, when I first started competing in CTFs. But around August 2021, I started participating in blockchain-related challenges to gain experience with this technology that everyone is talking about. I was able to complete a simple Solana blockchain challenge in ALLES CTF and all the Ethereum blockchain challenges in Ethernaut CTF, a web3/Solidity based wargame. I started this work only about a month and a half before I applied for my internship at Trail of Bits. As you can see, I didn’t have much blockchain experience beforehand.
It was through working with these CTFs that I became familiar with Trail of Bits. I would always see Trail of Bits in the sponsor section of the CTFs I competed in, and I still remember solving a challenge presented by Trail of Bits in one of the CSAW finals. I always referenced (and still do) the Trail of Bits CTF guide and blog posts, especially “ECDSA: Handle with Care.”
Looking for an internship
As I neared the end of 2021, I started looking into cybersecurity practices, mainly those related to cryptography (my forte) and blockchain (my latest area of interest). There were very few internships that both related to my interests and that would accept a bachelor’s student who had no previous experience other than competing in CTFs and who had not completed many projects. But I remembered that Trail of Bits is a top cybersecurity research and consulting firm that values CTFs, emphasizes self-learning, and gives people chances.
I decided to take a closer look at Trail of Bits’ open roles and discovered the wintership program. These interns work on a Trail of Bits project, or even on their own security-related projects, under the guidance of a mentor. The internship is paid and takes place over the winter break to give students and new safety engineers real industry experience and an opportunity to write a publication for their CV. An internship at Trail of Bits can even lead to an offer for a full-time role.
I wasn’t working on any projects at the time I applied for the internship, so I decided to apply to some of the available Trail of Bits projects that seemed interesting to me. First, I applied to two projects that would allow me to gain more experience with blockchain technology: Manticore, a token execution tool developed by Trail of Bits to analyze Ethereum smart contracts and Linux ELF binaries, and a project researching the Solana blockchain. Both Ethereum and Solana are blockchains I am technically familiar with, so I thought these projects would be a good fit. However, I later decided to apply to work with Tealer, a static analyzer for code written in Teal, an assembly-like language used in the Algorand blockchain. Although I had no experience with static analysis or the Algorand blockchain, Tealer was both a relatively small and new project: I knew that I could easily read through the source code to get my feet wet and that my work on this project could form the basis of future work. In the end, the application procedure was the same for all three projects, so I thought “why not?”
I was invited to an initial 30-minute phone screen to discuss both Manticore and Tealer. It was my first interview, so I was a little nervous, but the Trail of Bits engineer I interviewed with, Felipe Manzano (who later became one of my mentors), made the experience enjoyable and stress-free. It felt more like an informal conversation with a friend about the work and my experience and interests. After that we had another five minute conversation to discuss the internship start date, work location and other onboarding information. I got the offer letter later that day: I was selected to work on Tealer, the project I hesitated to apply for.
I was surprised by this interview process. It was completely different from many of my friends’ experiences interviewing with other companies. My interview was easy and better than most in every way for an internship.
Preparing for practice
As I prepared for my first internship, I realized that I was unfamiliar with many of the tools and concepts I would be working with. For example, I hadn’t worked with the Algorand blockchain or static analysis tools, and I wasn’t very experienced in Git or GitHub. I was worried that I was going to fail my internship if I didn’t make an effort to learn these tools and concepts before the internship started.
My internship was supposed to start on December 13, 2021, so I started my preparations on the first day of December. I read through various resources to learn about static analysis, the Algorand blockchain, Git, and GitHub during the first 10 days of December. I was able to see the results of my preparation when I found problems in Tealer’s parsing of Teal code compared to the developer docs, even before the start of my internship!
During the internship period
Because of the level of preparation I did before my start date, I was able to start work with Tealer on my first day. During my internship I achieved the following:
I really enjoyed working with Tealer and my internship was an excellent experience. All my work was open for review and merged after approval. I got very good feedback and help when I got stuck. I got to take part in active discussions about the tool. And being offered a full-time position because of my performance at the internship made my experience even better.
Tips and takeaways
I would like to give some tips to potential interns that I wish I had heard before the internship. Now that I have first-hand experience with an internship at Trail of Bits, I can speak to how true these tips really are.
- It’s OK if you don’t meet all the requirements for an internship you’re applying for. There is nothing wrong with applying. I was hesitant to apply to work at Tealer, but in the end it worked out really well for me.
- You do not need to know everything you need to know for the internship you are applying for. The point of practice is to gain experience and to learn new things. Employers are also not looking for people who already know everything (no one does), but for people who can learn and gain the necessary knowledge if given enough time.
- Always ask for and accept suggestions when in doubt.
- Always seek help from your mentors. You don’t have to figure it all out yourself, and no one expects you to. Mentors are more experienced, have more knowledge and are there to help their interns.
- For non-native speakers like me, don’t stress if you don’t speak English fluently. As long as your colleagues can understand what you’re trying to communicate, it’s okay if you’re not very fluent or make mistakes. Of course, improving your communication skills is a good idea in the long run, but never let your current level of English stop you from applying for internships.
Why apply for a Trail of Bits internship?
I cannot say enough good things about my experience interning at Trail of Bits. From the stress-free interview process, to my ability to participate in active discussions about the project, to the direct merging of my work, it was a great experience. In short, I was an intern, but I felt like a full-time employee. Nevertheless, here are some highlights from my internship:
- I was given the freedom to work with the tool as I wanted. I was never told not to do something as long as what I wanted to do improved the tool and worked toward the goal.
- I had no restrictions on what time I worked or how long I worked. There were days when I couldn’t make much progress with the project, as usually happens with me when I start working on something new, but I had the freedom to work at my own pace.
- Finally, the biggest highlight of my internship was when Dan, the CEO of Trail of Bits, sent a little note that Slack appreciated my work. I didn’t think I would feel this way when I read similar stories from other interns, but I felt really proud. I still remember showing that message to some of my friends.
A heartfelt thank you
I would like to thank Felipe Manzano and Josselin Feist for giving me free rein over the project and making my first internship an extraordinary learning experience. Thanks also to Trail of Bits for extending the offer to join the company full-time after my studies. This internship could not have been better, and I hope for a similar experience in my full-time role.
One thing I wanted to change while writing this blog post is the use of the word “I”. Using “I” makes it feel like this experience was exclusively my. This is not true: this story could easily be yours. Be sure to check for the next open internships on Trail of Bits and get your own extraordinary experience.
*** This is a Security Bloggers Network syndicated blog from Trail of Bits Blog written by Trail of Bits. Read the original post at:
