ConsenSys, a blockchain technology firm, has publicly launched its “Diligence Fuzzing” tool for smart contract testing, as revealed in an announcement on August 1.
This new tool is designed to identify vulnerabilities in contracts before they are deployed by generating “random and invalid data points.”
The release comes in the wake of significant losses in decentralized finance hacks, which surpassed $2.8 billion in 2022.
The escalating financial implications of these hacks have prompted developers to seek more sophisticated testing tools to proactively discover vulnerabilities before malicious attackers do.
Previously available as a closed beta version with access approval requirements, ConsenSys has now made Diligence Fuzzing accessible to all developers without any restrictions.
Additionally, the tool has been integrated with the smart contract toolkit Foundry, and developers can test it out for free before committing to any expenses.
Liz Daldalian, the lead of ConsenSys security services, elaborated on the functioning of the tool in an interview with Cointelegraph.
Developers can utilize “Scribble,” a machine language developed by ConsenSys, to annotate their contracts.
READ MORE:SEC Chairman Gary Gensler Raises Alarm Over Widespread Fraud in Crypto Market
These annotations allow the fuzzing tool to comprehend the contract’s logic and generate “unexpected” inputs to test whether the contract produces unintended actions under various scenarios.
The ConsenSys security researcher, Gonçalo Sá, clarified that Diligence Fuzzing is not a “black box fuzzer,” meaning it doesn’t employ completely random data.
Instead, it functions as a “grey-box fuzzer” that leverages an understanding of the contract’s current state to optimize the data produced and enhance the tool’s efficiency.
Sá observed an increasing interest in fuzzing among developers, particularly with the growing popularity of Foundry’s default black-box fuzzer.
Many users, however, seek a more sophisticated fuzzer than the default one, which Diligence Fuzzer aims to provide.
Sá emphasized that people are recognizing the power of fuzzing and are seeking more potent tools to fortify their security measures.
Smart contract hacks remain a persistent issue for users, with Web3 security vulnerabilities resulting in over $471.43 million in losses during the first half of 2023, excluding rug pulls and phishing scams.
While Diligence Fuzzing is not a foolproof solution to eradicate all smart contract hacks, Daldalian asserted that it represents one essential tool in developers’ arsenal to create more secure smart contracts.
By adopting such tools, the Web3 community can take significant strides towards mitigating losses from these attacks.
Other Stories:
Bitcoin’s Reduced Volatility Sparks Anticipation for Exciting Long-Term Bull Signal
Liquid Staking Tokens Poised to Dethrone Ethereum’s Ether (ETH) as Dominant DeFi Asset
BNB Smart Chain (BSC) Hit by Copycat Attacks