See More

Fuzzing Could Boost DeFi Security After Major Hacks Rattle Industry

2 mins
Updated by Geraint Price
Join our Trading Community on Telegram

In Brief

  • ConsenSys has released its Diligence Fuzzing tool to test smart contracts’ responses to semi-random inputs.
  • The tool, "gray box," also simulates transaction sequences and generates a report at the end of a test.
  • Amid increasing DeFi losses in H2, the tool is part of the arsenal DeFi projects can use to improve reliability.
  • promo

ConsenSys has released its Diligence Fuzzing tool for smart contract security as DeFi losses accelerate in H2.

While the tool was previously released through a closed Beta requiring approval, it is now part of the smart contract toolchain Foundry.

DeFi Diligence Fuzzing Tool Tests DApp Integrity

MetaMask developer ConsenSys says the tool tests how smart contracts respond to semi-random and invalid inputs in specific states. Developers can access fuzzing features of dApp development tool Foundry for free before buying it.

According to the product’s web page, the tool is a “gray box” because it considers the smart contract state when creating test data. In contrast, a black box fuzzing tool would output significantly harder-to-predict data.

The fuzzer can simulate transaction sequences to examine interactions between functions. Additionally, the tool can create three reports offering different insights into dApp functionality.

Diligence fuzzing tool improves smart contract security through detailed reports.
Fuzzing code coverage report | Source: ConsenSys

Earlier this year, ConsenSys launched the alpha testing phase of its new zero-knowledge rollup, Linea.

Fuzzing Tool Complements Recent Advances in AI and Auditing

ConsenSys’ fuzzing product is the latest addition to a growing arsenal of tools DeFi projects are looking at to improve security. The amount lost to hacks in H1, while 75% lower than in the first half of last year, has steadily risen in H2 with the recent attacks on decentralized exchanges important to their respective chains.

Sunday’s attack on Ethereum DEX Curve rattled many DeFi investors who viewed the project as one of the safest. The attack vector exploited a weakness in the Vyper tool that converts smart contracts into instructions a computer can understand. 

What exactly is a smart contract? Click here to find out more about the building block of decentralized finance.

A recent exploit on Base DEX LeetSwap has reportedly cost liquidity providers at least $600,000. The project team has yet to reveal the details, although security firm Peckshield traced the hack to a single swap function.

Companies whose services are becoming a regular feature of DeFi security strategies include Hacken, SlowMist, and CertiK. Hacken and CertiK have audited code in over 3,700 projects, while SlowMist has onboarded 1,000.

Earlier this year, announced a new artificial intelligence-based smart contract auditing tool as part of its Web3SOC security framework. 

Got something to say about Diligence Fuzzing, DeFi security, or anything else? Write to us or join the discussion on our Telegram channel. You can also catch us on TikTokFacebook, or Twitter.

Top crypto projects in the US | July 2024
Harambe AI Harambe AI Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | July 2024
Harambe AI Harambe AI Explore
Uphold Uphold Explore
Coinbase Coinbase Explore
Chain GPT Chain GPT Explore
Top crypto projects in the US | July 2024



In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

David Thomas
David Thomas graduated from the University of Kwa-Zulu Natal in Durban, South Africa, with an Honors degree in electronic engineering. He worked as an engineer for eight years, developing software for industrial processes at South African automation specialist Autotronix (Pty) Ltd., mining control systems for AngloGold Ashanti, and consumer products at Inhep Digital Security, a domestic security company wholly owned by Swedish conglomerate Assa Abloy. He has experience writing software in C,...