Fuzzing Could Boost DeFi Security After Major Hacks Rattle Industry

In Brief

• ConsenSys has released its Diligence Fuzzing tool to test smart contracts’ responses to semi-random inputs.
• The tool, "gray box," also simulates transaction sequences and generates a report at the end of a test.
• Amid increasing DeFi losses in H2, the tool is part of the arsenal DeFi projects can use to improve reliability.
• promo

  ConsenSys has released its Diligence Fuzzing tool for smart contract security as DeFi losses accelerate in H2.

  While the tool was previously released through a closed Beta requiring approval, it is now part of the smart contract toolchain Foundry.

  MetaMask developer ConsenSys says the tool tests how smart contracts respond to semi-random and invalid inputs in specific states. Developers can access fuzzing features of dApp development tool Foundry for free before buying it.

  According to the product’s web page, the tool is a “gray box” because it considers the smart contract state when creating test data. In contrast, a black box fuzzing tool would output significantly harder-to-predict data.

  The fuzzer can simulate transaction sequences to examine interactions between functions. Additionally, the tool can create three reports offering different insights into dApp functionality.

  Earlier this year, ConsenSys launched the alpha testing phase of its new zero-knowledge rollup, Linea.

  ConsenSys’ fuzzing product is the latest addition to a growing arsenal of tools DeFi projects are looking at to improve security. The amount lost to hacks in H1, while 75% lower than in the first half of last year, has steadily risen in H2 with the recent attacks on decentralized exchanges important to their respective chains.

  Sunday’s attack on Ethereum DEX Curve rattled many DeFi investors who viewed the project as one of the safest. The attack vector exploited a weakness in the Vyper tool that converts smart contracts into instructions a computer can understand. 

  What exactly is a smart contract? Click here to find out more about the building block of decentralized finance.

  A recent exploit on Base DEX LeetSwap has reportedly cost liquidity providers at least $600,000. The project team has yet to reveal the details, although security firm Peckshield traced the hack to a single swap function.

  Companies whose services are becoming a regular feature of DeFi security strategies include Hacken, SlowMist, and CertiK. Hacken and CertiK have audited code in over 3,700 projects, while SlowMist has onboarded 1,000.

  Earlier this year, AnChain.ai announced a new artificial intelligence-based smart contract auditing tool as part of its Web3SOC security framework. 

  Got something to say about Diligence Fuzzing, DeFi security, or anything else? Write to us or join the discussion on our Telegram channel. You can also catch us on TikTok, Facebook, or Twitter.