As per the recent development, ConsenSys has released a diligence fuzzing tool for smart contract testing. According to the announcement of the launch, the new tool produces a series of random and invalid data points in an effort to find potential vulnerabilities in smart contracts prior to their launch. It is a fact that more than $2.8 billion was lost in DeFi hacks throughout 2022, and ConsenSys highlighted how such losses are making developers embrace highly sophisticated testing tools to find vulnerabilities before hackers.
📢 We are thrilled to announce two major upgrades to Diligence Fuzzing – we've improved the user experience for Foundry projects & introduced a new, more affordable pricing plan. 🎉
🤩 Making Diligence Fuzzing even more accessible to all builders out there. 🧵 pic.twitter.com/nFntuQgthr
— Consensys Diligence (@ConsensysAudits) August 1, 2023
The new tool was previously available in the closed beta version and developers had to get approval for access. However, the recent update has completely eliminated the need of getting approvals. Diligence Fuzzing has now been integrated with the smart contract toolkit Foundry and also features a free version for developers who are interested to test things out before spending any money.
ConsenSys Eyed Fuzzing for Quite Some Time
The ConsenSys security services explained how the service works in greater detail. It has become possible for developers to annotate their contracts via the use of a programming language called Scribble, which has also been developed by ConsenSys. As soon as the developers do this, the annotations would be understood by the fuzzing tool.
The tool would, later on, produce unexpected inputs to test whether or not the contract can be forced to produce unintended actions. However, it was clarified that the tool is not a black box fuzzer and does not produce any random data. Instead, it is a grey box fuzzer that employs the understanding of the program’s current state to reduce the types of data produced and also to improve overall efficiency.
The security researcher at ConsenSys, Gonçalo Sá, highlighted that the developers at the platform had become increasingly interested in Fuzzing for a while. As foundry has become increasingly popular, developers have begun using it as a black box fuzzer and have become used to it. However, several developers have expressed a need for a more sophisticated Fuzzer, something which Diligence Fuzzer could provide.
Over the course of time, smart contract exploits have continued to pose a series of problems for users. Apart from rug pulls and phishing scams, more than $471.43 million has been lost from Web3 security vulnerabilities during the first quarter of 2023. However, it is still necessary to keep in mind that Diligence Fuzzing would not completely eliminate the risk of exploits.