Ethereum developer Consensys has launched a tool to automate smart contract security testing called ‘Fuzzing’. It has been released by Consensys’ smart contract audit unit, Diligence.
Developers will no longer have to establish their own infrastructure or design intricate test cases to identify vulnerabilities in their Ethereum smart contracts. The self-service tool will seamlessly detect these flaws.
The tool is based on the concept of fuzzing, which is a software testing technique that feeds a program a sequence of random or unexpected inputs, aiming to elicit bugs, crashes, or vulnerabilities.
It comes out as an effective approach as it examines the functional properties of entire contract systems and not just individual functions.
Lead at Consensys Diligence, Liz Daldalian, commented on the launch saying: “Our automated tool is meticulously crafted to unearth vulnerabilities in smart contracts. It stands out by offering an unmatched security solution, setting benchmarks for code coverage, speed, and bug detection. The launch of Diligence Fuzzing solidifies our unwavering devotion to enhancing smart contract security, aiming to make it user-friendly and accessible to all developers in the Ethereum ecosystem.”
Consensys asserted its “thorough approach” to be the main reason which sets it apart from other available smart contract audit tools. The protocol also seeks to do better in security, particularly considering how cryptocurrency-based projects experienced a series of devastating hacks and exploits last year.
According to security analysts, the total value of assets lost to crypto hacks in the year 2022 totalled $3billion. The frequency of these hacks accelerated rapidly during this time too.
Consensys also has another open-source tool called ‘Scribble’, which is a specification language and runtime verification tool that translates high-level specifications into Solidity code. It allows users to go beyond the traditional security audit by writing additional test cases and specifications that allow for specific contract properties to be verified.
Therefore, one can annotate smart contracts with properties, instead of writing in a separate file using this tool. Upon completion, Scribble transforms annotations in the Scribble specification language into concrete assertions that verify the specification.
When paired with the newly launched Fuzzing, developers can streamline their security testing process, deploying securely on the Ethereum mainnet.
Consensys described the same as “The most powerful fuzzer to find bugs and vulnerabilities before they are exploited by bad actors on mainnet. Combine with Scribble to set a target and unleash the fuzzer with millions of transactions to stress test your smart contract.”
