Cloud Hosting

Blockchain technology firm ConsenSys publicly released its Diligence Fuzzing tool for smart contract testing, according to an Aug. 1 announcement. The new tool produces random and invalid data points to find vulnerabilities in contracts before they are launched.

Over $2.8 billion was lost in decentralized finance hacks in 2022. According to ConsenSys, these losses are leading developers to embrace more sophisticated testing tools to help find vulnerabilities before attackers do.

The new tool used to be available in a closed beta version, where developers needed to get approval for access. This approval process is no longer necessary as of Aug. 1.Diligence Fuzzing is also now integrated with smart contract toolkit Foundry and features a free version for developers who want to test it out before spending any money.

Related: Crypto payment gateway CoinsPaid suspects Lazarus Group in $37M hack

In a conversation with Cointelegraph, ConsenSys security services lead Liz Daldalian explained how the tool works in more detail. Developers can annotate their contracts using a machine language called Scribble, also developed by ConsenSys. Once they do this, the annotations will be understood by the fuzzing tool. The tool produces unexpected inputs so as to test whether the contract can be forced to produce unintended actions.

ConsenSys security researcher Gonalo S said the tool is not a black box fuzzer. It does not produce completely random data. Instead, it is a grey-box fuzzer that employs an understanding of the programs current state to reduce the types of data produced, increasing the tool's efficiency.

S has seen developers becoming more interested in fuzzing recently. As Foundry has become more popular, developers have started to use its default black-box fuzzer and have grown accustomed to using it. On the other hand, some users want a more sophisticated fuzzer than the default one, which he argued Diligence Fuzzer could provide. He said:

Smart contract hacks have continued to pose a problem for users. Excluding rug pulls and phishing scams, over $471.43 million waslost from Web3 security vulnerabilities in the first half of 2023.Daldalian cautioned that Diligence Fuzzing is not a silver bullet that would eliminate all smart contract hacks. However, she argued that it is one tool in an arsenal that developers can use in order to write more secure smart contracts, which can at least set the Web3 community on a path to minimize losses from these attacks.

Here is the original post:

ConsenSys releases 'fuzzing' tool to test smart contract vulnerabilities - Cointelegraph