- More than $471.43 million was lost through Web3 security vulnerabilities in the first half of 2023.
- The Diligence Fuzzing has been integrated with the smart contract toolkit Foundry.
- The tool features a free version for developers who wish to test it out before making any payments.
The blockchain technology company ConsenSys has announced the public release of its “Diligence Fuzzing” smart contract testing tool. The new tool generates “random and invalid data points” to identify contract flaws prior to the smart contract launch.
The launch is very timely seeing that decentralized finance hacks cost over $2.8 billion in 2022. ConsenSys claims that as a result of these losses, developers are adopting more sophisticated testing tools to assist in identifying vulnerabilities before attackers do.
Previously, developers had to request access to the closed beta version of the new tool before using it. As of August 1 after the release of the “Diligence Fuzzing” tool, this approval procedure is no longer required.
Diligence Fuzzing is now integrated with Foundry’s smart contract toolkit, and it offers a free version for developers to try out.
How does the “Diligence Fuzzing” work?
According to ConsenSys security services lead Liz Daldalian, developers using the “Diligence Fuzzing” tool can annotate their contracts using a machine language called “Scribble,” which is also developed by ConsenSys. After doing this, the fuzzing tool will interpret the annotations and produce “unexpected” inputs so as to test whether the smart contract can be forced to produce unintended actions.
ConsenSys security researcher Gonçalo Sá has, however, stated that the “Diligence Fuzzing” tool is not a “black box fuzzer” and that it does not produce completely random data. Instead, Gonçalo says that the fuzzing tool acts as a “grey-box fuzzer” that understands the smart contract’s current state to limit the types of data produced, thus increasing the tool’s efficiency.