1. BITBILIHome
  2. Article

Consensys releases new tool for enhanced smart contract security

59 views

TL;DR Breakdown

  • Consensys has announced the release of a new diligence fuzzing tool to enhance smart contract security.
  • Embracing sophisticated fuzzing to mitigate Defi vulnerabilities.

Description

Blockchain technology firm ConsenSys has taken a significant step in bolstering the security of decentralized finance (DeFi) platforms by publicly releasing its “Diligence Fuzzing” tool for smart contract testing. The announcement, made on August 1, highlights the tool’s capability to generate “random and invalid data points” to detect vulnerabilities in contracts before they are deployed, … Read more

Blockchain technology firm ConsenSys has taken a significant step in bolstering the security of decentralized finance (DeFi) platforms by publicly releasing its “Diligence Fuzzing” tool for smart contract testing. The announcement, made on August 1, highlights the tool’s capability to generate “random and invalid data points” to detect vulnerabilities in contracts before they are deployed, potentially preventing millions of dollars in losses due to hacks and security breaches.

Consensys plans to prevent breaches with the tool

The urgency for better testing tools stems from the staggering $2.8 billion lost to DeFi hacks in 2022. As hackers continue to exploit vulnerabilities in smart contracts, developers are turning to more sophisticated testing methods to identify weaknesses before malicious actors can do so. The “Diligence Fuzzing” tool was initially accessible only through a closed beta version, which required developers to seek approval for access. However, as of August 1, the tool has been made available to all without the need for prior approval.

Additionally, it has been integrated into the smart contract toolkit Foundry, offering developers a free version to evaluate its effectiveness before committing to a full-fledged version. To implement the “Diligence Fuzzing” tool effectively, developers can use “Scribble,” a machine language developed by ConsenSys, to annotate their contracts. These annotations enable the fuzzing tool to understand the contract’s behavior and subsequently produce “unexpected” inputs to assess whether the contract can be manipulated to execute unintended actions.

It is important to note that the “Diligence Fuzzing” tool differs from a conventional “black box fuzzer” that generates completely random data. Instead, it operates as a “grey-box fuzzer,” leveraging insights into the program’s current state to produce data types more likely to uncover potential vulnerabilities. This approach increases the tool’s efficiency, allowing developers to uncover security risks more effectively. According to ConsenSys security researcher Gonçalo Sá, there has been a notable increase in developers’ interest in fuzzing.

Embracing sophisticated fuzzing to mitigate Defi vulnerabilities

Foundry’s popularity has led developers to utilize its default black-box fuzzer, becoming more comfortable with fuzzing methodologies. However, some developers are now seeking more sophisticated fuzzing capabilities, which Diligence Fuzzer aims to provide. Sá emphasized the growing awareness among developers about the power of security tools, including fuzzing. The need for enhanced security measures has become increasingly evident as the number of smart contract hacks continues to rise.

In the first half of 2023, excluding rug pulls and phishing scams, losses from Web3 security vulnerabilities exceeded $471.43 million. While Diligence Fuzzing represents a valuable step towards minimizing smart contract vulnerabilities, ConsenSys security services lead Liz Daldalian cautioned that it is not a “silver bullet” to eradicate all smart contract hacks. Nonetheless, it serves as a crucial tool that developers can use to write more secure smart contracts, mitigating potential losses from malicious attacks.

The public release of ConsenSys’ “Diligence Fuzzing” tool marks a significant milestone in the efforts to enhance smart contract security within the DeFi ecosystem. By enabling developers to identify vulnerabilities before contract deployment, the tool can potentially save millions of dollars lost to hacks and security breaches. While it may not provide an absolute solution to all security challenges, it stands as an essential asset in the ongoing battle to safeguard the Web3 community from malicious attacks. With an increasing number of developers recognizing the importance of fuzzing and security tools, the path toward a more secure DeFi landscape becomes clearer.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decisions.

文章来源于互联网:Consensys releases new tool for enhanced smart contract security

Disclaimers:

1. You are solely responsible for your investment decisions and this info is not liable for any losses you may incur.

2. The copyright of this article belongs to the writer, it represents the writer's opinions only, not represents the site's ones. Not financial advice.

Previous 2023年8月2日 12:04
Next 2023年8月2日 13:25

Related articles

  • Friend.Tech is no more – Activity tanks by 94%

    TL;DR Breakdown The daily trading volume on Friend.Tech has decreased by 94% from its all-time high, while the number of daily traders has fallen by 83%.  Friend.Tech network fees dropped from $1.7 million on August 21 to $95,000 on August 27. The collapse of Friend.Tech has left a bitter taste performance on Coinbase’s Base Network. Description The latest craze in the crypto world, Friend.Tech, is facing a significant issue with the presence of automated bots and speculative games. These bots are capable of manipulating the platform, affecting its integrity and fairness. Automated bot activity can manipulate trading volumes, prices, and other market-related metrics. Blink, and you will most probably miss the … Read more The latest craze in the crypto world, Friend.Tech, is facing a significant issue with the presence of automated bots and speculative games. These bots are capable of manipulating the platform, affecting its integrity and fairness. Automated bot activity can manipulate trading volumes, prices, and other market-related metrics. Blink, and you will most probably miss the latest crypto fad. Critics have quickly labeled the decentralized social network…

    Article 2023年8月28日

  • Ethereum records $1M MEV block reward following Curve Finance exploit

    TL;DR Breakdown Ethereum core developer “eric.eth” reported that the exploit of Curve Finance stable pools on July 30 led to a surge in MEV reward blocks, generating significant profits for certain participants. One of the recent MEV reward blocks recorded an astonishing 584.05 ETH, valued at approximately $1 million. Description The recent exploit on Curve Finance has given rise to one of the largest Maximal Extractable Value (MEV) reward blocks ever witnessed in Ethereum‘s history. On July 31, Ethereum core developer “eric.eth” reported that the exploit of Curve Finance stable pools on July 30 led to a surge in MEV reward blocks, generating significant profits … Read more The recent exploit on Curve Finance has given rise to one of the largest Maximal Extractable Value (MEV) reward blocks ever witnessed in Ethereum‘s history. On July 31, Ethereum core developer “eric.eth” reported that the exploit of Curve Finance stable pools on July 30 led to a surge in MEV reward blocks, generating significant profits for certain participants. MEV, in the context of Ethereum, refers to the potential revenue that can be…

    Article 2023年7月31日

  • Where to buy Worldcoin?

    TL;DR Breakdown Worldcoin, under the leadership of OpenAI’s chief Sam Altman, was released on Monday after collecting more than 2 million users during a beta period. At the core of the Worldcoin project is an eye-scanning “orb” that must be used in person and provides users with a unique digital identity to confirm they are real humans and not bots. WLD token is available on global crypto exchanges such as Binance, Huobi and Bybit. WLD has a circulating supply of 108,569,365 WLD coins and a max. supply of 10,000,000,000 WLD coins. Description Worldcoin, the ambitious crypto and digital ID initiative led by OpenAI’s chief Sam Altman, went live on Monday after years of development. The coin commits to verify users’ identities by scanning their eyes, potentially resolving one of the most pressing issues posed by recent advances in artificial intelligence, which have made it more difficult to … Read more Worldcoin, the ambitious crypto and digital ID initiative led by OpenAI’s chief Sam Altman, went live on Monday after years of development. The coin commits to verify users’ identities by…

    Article 2023年7月26日

  • Are U.S. investors still afraid of potential recession?

    TL;DR Breakdown Despite robust market gains, U.S. investors remain cautious, avoiding companies vulnerable to economic downturns. Investors are focusing on resilient “secular growth themes” like artificial intelligence, indicating a lack of confidence in a cyclical recovery. Tech giants, termed the “magnificent seven,” are dominating the market, accounting for the majority of Nasdaq’s gains. Description The ghost of an impending economic downturn still lingers on Wall Street. Despite the healthy numbers from the broader stock market and robust economic data, U.S. investors remain apprehensive. This sense of trepidation has led them to steer clear of consumer companies vulnerable to an economic slump. A muted enthusiasm amid market gains This year … Read more The ghost of an impending economic downturn still lingers on Wall Street. Despite the healthy numbers from the broader stock market and robust economic data, U.S. investors remain apprehensive. This sense of trepidation has led them to steer clear of consumer companies vulnerable to an economic slump. A muted enthusiasm amid market gains This year has witnessed a significant rebound in major stock indices. The S&P 500 has…

    Article 2023年7月27日

  • German regulator BaFin warns consumers about unlicensed financial services on Bitcoin Bank Breaker

    TL;DR Breakdown BaFin investigates Bitcoin Bank Breaker for suspected illegal activities in the cryptocurrency exchange. BaFin warned German consumers to be cautious when dealing with the platform due to a lack of company information. Allegations of unlicensed financial services offered by Bitcoin Bank Breaker under BaFin scrutiny. Description Germany’s Federal Financial Supervisory Authority, BaFin, has initiated an investigation into cryptocurrency exchange Bitcoin Bank Breaker, citing various warning signs that raise suspicions of illegal activities. The regulator expresses concerns over the platform’s failure to provide essential company information on its website, such as a full company name, legal form, or place of business. Consequently, … Read more Germany’s Federal Financial Supervisory Authority, BaFin, has initiated an investigation into cryptocurrency exchange Bitcoin Bank Breaker, citing various warning signs that raise suspicions of illegal activities. The regulator expresses concerns over the platform’s failure to provide essential company information on its website, such as a full company name, legal form, or place of business. Consequently, BaFin has warned German consumers, urging caution while interacting with the platform. BaFin alleges that Bitcoin Bank Breaker’s developers…

    Article 2023年8月1日
TOP