Amid a rise in hacks and exploits, Fuzzing has emerged as a new buzzword. While working with smart contracts, we can use a fuzzer to find the test cases that could have been missed in the unit testing phase.
Smart Contracts have transformed the Blockchain domain at large, but at the same time has become a delicate link for blockchain security due to its code nature. Hence, efficient vulnerability detection of smart contracts is the important key to ensure security of the Blockchain platform.
The edge cases left unnoticed in the smart contracts can be discovered with ease by leveraging the fuzzer. In the forthcoming sections, we will discuss various dimensions of Fuzzing and how you can make your smart Contract more secure using a fuzz.
An Overview of Fuzzing
Fuzzing (or) Fuzz Testing is the methodology to automatically test a software (in our case, smart contracts).
It’s a “Black Box testing” technique that tests the application from an external front. In the current scenario, fuzz testing refers to a self-executing process of discovering security bugs by processing random inputs into a program until it finds any vulnerability. It relies on pushing large amounts of data called ‘fuzz’ to strike our target smart Contract.
Online Fuzzing Process
- First, investigate & test the ABI interface and bytecode of the smart Contract. Bring out the data type of various parameters used in the ABI function and the function signatures used.
- Carry out ABI signature analysis on various smart contracts crawled from the Ethereum platform. After this, arrange them as per the function signatures supported by each smart Contract.
- Create a legal fuzzing input that justifies the ABI specifications.
- Start the fuzzing test by calling the corresponding ABI interface.
- Now, examine the execution log created during the fuzzing test to look for security vulnerabilities.
How to Carry out Fuzz?
To carry out Fuzzing, we take advantage of various tools such as ‘Echidna.‘ It’s a Haskell program developed & designed to carry out fuzzing (or) property-based testing of Ethereum smart contracts. It takes advantage of grammar-based fuzzing campaigns standing on Contract ABI to nullify the Solidity assertions.
Executing the Test Runner
The core functionality of the Echidna is an executable by the name ‘echidna-test.’ Its input is the contracts and a list of invariants; it makes a random sequence of calls to the contract and verifies for each invariant.
Drawbacks of Fuzzing
It is not easy to emulate and test the EVM, and Echidna, on the other hand, has some drawbacks. Some of these limitations are inherited from hevm, while others are an outcome of the bugs in the code. Here, we list down some of those issues along with their status:
| Description | Issue | Status |
| Debug information can be insufficient | #656 | in review for 2.0 |
| Vyper support is limited | #652 | won’t fix |
| Limited library support for testing | #651 | won’t fix |
| If the contract is not properly linked, Echidna will crash | #514 | in review |
| Assertions are not detected in internal transactions | #601 | in review for 2.0 |
| Assertions are not detected in solc 0.8.x | #669 | in review for 2.0 |
| Value generation can fail in multi-abi mode, since the function hash is not precise enough | #579 | in review for 2.0 |
How does Fuzz Testing Works?
It’s not like this that attackers spend substantial time studying systems/applications for vulnerabilities. They look for a delicate nerve that can be exploited easily, and when this hit & trial mechanism is used for the testing process, it is called fuzzing.
We leverage specialized tools called ‘Fuzzers,’ such as Echidna that we discussed in the former section, to discover vulnerabilities. The other application security (appsec) tools require access to source code, fuzzers on the other hand, rely on several inputs being put to uncover new and unknown bugs.
Top Benefits of Fuzzing
The attackers tend to utilize various tactics to get into your smart contract code and eventually exploit it, and here comes the role of security testing tools. If you want to keep your platform secured from security breaches, you need to take advantage of fuzzing at various stages of the development lifecycle.
Cost-Effective: Compared to other testing techniques, fuzzing is cost-effective and suitable for businesses with budget constraints.
Security against Zero-day vulnerabilities: zero-day vulnerabilities are the worst of security breaches that can take place, but when fuzzing is successfully carried out as a black-box testing technique, it reduces the possibility of zero-day vulnerabilities.
Improves Security Testing Results: Indeed, it’s not the comprehensive testing methodology for security testing, but it enhances the security of your smart contract when implemented as a black box security testing strategy.
Conclusion
Fuzzing is not a cakewalk for many, as it requires a lot of brainstorming to get things done the right way, but it’s worth the pain.
Fuzzing will provide confidence to your stakeholders and a sense of security that can’t be obtained through just unit testing. At QuillAudits, we started fuzz testing our smart contracts to make them more secure from any potential future threats. We are a team of skilled and experienced professionals having concluded audits for over 200+ smart contracts.
