While the tool was previously released through a closed Beta requiring approval, it is now part of the smart contract toolchain Foundry.
DeFi Diligence Fuzzing Tool Tests DApp Integrity
According to the product’s web page, the tool is a “gray box” because it considers the smart contract state when creating test data. In contrast, a black box fuzzing tool would output significantly harder-to-predict data.
The fuzzer can simulate transaction sequences to examine interactions between functions. Additionally, the tool can create three reports offering different insights into dApp functionality.
Fuzzing code coverage report | Source: ConsenSys
Earlier this year, ConsenSys launched the alpha testing phase of its new zero-knowledge rollup, Linea.
Fuzzing Tool Complements Recent Advances in AI and Auditing
ConsenSys’ fuzzing product is the latest addition to a growing arsenal of tools DeFi projects are looking at to improve security. The amount lost to hacks in H1, while 75% lower than in the first half of last year, has steadily risen in H2 with the recent attacks on decentralized exchanges important to their respective chains.
Sunday’s attack on Ethereum DEX Curve rattled many DeFi investors who viewed the project as one of the safest. The attack vector exploited a weakness in the Vyper tool that converts smart contracts into instructions a computer can understand.
What exactly is a smart contract? Click here to find out more about the building block of decentralized finance.
A recent exploit on Base DEX LeetSwap has reportedly cost liquidity providers at least $600,000. The project team has yet to reveal the details, although security firm Peckshield traced the hack to a single swap function.
Companies whose services are becoming a regular feature of DeFi security strategies include Hacken, SlowMist, and CertiK. Hacken and CertiK have audited code in over 3,700 projects, while SlowMist has onboarded 1,000.
Earlier this year, AnChain.ai announced a new artificial intelligence-based smart contract auditing tool as part of its Web3SOC security framework.