Introduction

Fuzzing is a powerful technique used to uncover vulnerabilities and improve the security of software systems. Diligence Fuzzing provides a comprehensive solution for identifying potential vulnerabilities in Ethereum smart contracts. In this article, we will provide an overview of how fuzzing works with Diligence Fuzzing, highlighting two ways to run fuzzing campaigns: Foundry Fuzz Tests and Annotating Smart Contracts with Scribble and Running Fuzzing Campaigns.

Fuzzing EVM Bytecode with Harvey

Diligence Fuzzing utilizes a powerful fuzzer called Harvey, specifically designed for EVM bytecode. Harvey generates and mutates bytecode inputs to explore different execution paths and detect potential issues. It significantly outperforms other fuzzers in the market, as demonstrated in recent benchmarking studies (source).

Fuzz Mode 1: Foundry Fuzz Tests

Foundry is an existing platform for writing and running fuzz tests on Ethereum projects. Diligence Fuzzing seamlessly integrates with Foundry, allowing users to leverage their existing Foundry fuzz tests and run them on Diligence's powerful fuzzer. This option provides a near zero-setup experience, enabling users to transition their fuzzing campaigns to Diligence Fuzzing without significant changes to their existing workflows.

Here's a complete guide on how to Fuzz Foundry projects:

Fuzz Mode 2: Annotating Smart Contracts with Scribble and Running Fuzzing Campaigns

Diligence Fuzzing offers an alternative approach through the use of the Scribble language. Scribble is a specification language and runtime verification tool that translates high-level specifications into Solidity code. Developers can annotate their smart contracts with properties directly within the code, specifying desired behaviors or security properties of the contract.

To run fuzzing campaigns with Scribble, we follow these steps:

• Instrument the Solidity code with Scribble by adding annotations that define properties and invariants.

• Compile and run the contract's deployment script, typically on a Ganache or Hardhat node, to set up the environment for the fuzzing campaign.

• Submit the fuzzing campaign using the Diligence Fuzzing CLI, which seamlessly integrates with the contract and leverages Harvey's powerful fuzzing capabilities.

Here's a complete guide on how to Fuzz contracts with Scribble:

Conclusion

Diligence Fuzzing offers a comprehensive solution for conducting effective fuzzing campaigns on Ethereum smart contracts. Whether using Foundry Fuzz Tests or annotating contracts with Scribble, Diligence Fuzzing empowers users to enhance the security of their projects and identify potential vulnerabilities with ease. Explore the power of Diligence Fuzzing today and fortify your Ethereum smart contracts against potential vulnerabilities.