Welcome to "The Fuzzing Book"! Software has bugs, and catching bugs can involve lots of effort. This book addresses this problem by automating software testing, specifically by generating tests automatically. Recent years have seen the development of novel…

Fuzz testing is an invaluable tool for finding & maximizing precision loss vulnerabilities..

Pre-built security properties for commonly forked DeFi protocols - 0xNazgul/fuzzydefi

In this post, we'll be comparing the proving of properties in a smart contract system using fuzzing and formal verification tools. We'll be using the eBTC protocol as a real-world case study.

We recently introduced our new offering, invariant development as a service. A recurring question that we are asked is, “Why fuzzing instead of formal verification?” And the answer is, “It’s complicated.” We use fuzzing for most of our audits but have used…

One click magically working Foundry + Medusa + Echidna Starter - Recon-Fuzz/create-chimera-app

Fuzzing—a testing technique that tries to find bugs by repeatedly executing test cases and mutating them—has traditionally been used to detect segmentation faults, buffer overflows, and other memory corruption vulnerabilities that are detectable through crashes.…

Fuzz smart contracts using the same code with Echidna, Medusa & Foundry!

Many high severity findings found during private audits by external auditors could have been found by the protocol developers themselves using invariant fuzz testing prior to engaging external auditors. While this doesn’t require developing an “attac...

At DeFi Security Summit 2024 I presented a workshop on how smart contract developers can use invariant fuzz testing to find high severity issues prior to external audit, based on my real-world experience doing private audits with Cyfrin.
Since fuzz t...

Writing smart contracts requires a higher level of security assurance than most other fields of software engineering. The industry has evolved from simple ERC20 tokens to complex, multi-component DeFi systems that leverage domain-specific algorithms and handle…

Learn how to implement and test smart contract invariants using Solidity. This guide covers tracking variables, defining properties, and running fuzzing tests with Echidna, Medusa, and Foundry.

A curated collection of tools, articles, research, and guides for fuzzing smart contracts on the Ethereum Virtual Machine (EVM). - perimetersec/evm-fuzzing-resources

A minimal smart contract fuzzer written in Rust 🦀. Contribute to EperezOk/minimal-evm-fuzzer development by creating an account on GitHub.

A list of public fuzzing campaigns. Contribute to perimetersec/public-fuzzing-campaigns-list development by creating an account on GitHub.

General purpose unopinionated Solidity fuzzing library for stateful and stateless fuzzing - perimetersec/fuzzlib

A blog post describing the new symbolic execution capabilities of Echidna include preliminary results and immediate future