Did a pretty cool thing with Curvance (Loading...) and Trail of Bits!

Excited to finally be able to highlight this!

blog.trailofbits.com/2024/04/30/cur…

gigagas ✅
teragas ✅
petagas - soon

ItyFuzz with GPU EVM on 8x H100 can fuzz smart contracts at 700M+ transactions per second (~0.1 petagas/s).

Now that we’re seeing auditors joining projects as security partners, I wonder how long it’ll be before we see teams opt for an invariant testing driven development cycle with fuzzing/formal verification like we’ve seen with unit/end-to-end testing in web2.

This seems like it…

The 3.4 million dollar Paraswap whitehat rescue across eight chains had an unusual twist in it.

Front running by MEVbots was a big concern - some chains don't have private txs. So the team added a new bug that only they could exploit, then used it for the rescue. MEV impossible.

Here's the script I've been using to make both Echidna & Medusa work with external libraries.

gist.github.com/aviggiano/d0c3…

This is useful so that you don't need to manually edit your `cryticArgs` or `deployContracts` config parameters. Also, it converts all external libs to…

I just built the first Fuzzing Campaign with Create Chimera App 👀

- Foundry + Medusa by default
- Best practices templates
- Coded examples in the docs
- Runs medusa with zero config
- Compatible with Recon Pro

Template written by nican0r

Go check it out!

Today I talk about onchain fuzzing with Echidna

allthingsfuzzy.substack.com/p/onchain-fuzz…

I do it exactly the same way.

We just added helpers for this to fuzzlib today 🙂
github.com/perimetersec/f…

I often get asked how to start with fuzzing. This is what I recommend:

Start with the Echidna tutorial by Trail of Bits.
github.com/crytic/buildin…

Once you're familiar with the basics, study other fuzzing campaigns.
github.com/perimetersec/p…

For a deep dive into the principles…

- Invariant Testing on Live Smart Contracts
- Recipes
- And Recurring Automations

all in the latest recording of the Recon Office Hours!

halmos v0.1.11

Adds support for
- the ecrecover precompile
- the vm.addr(key) and vm.sign(key, digest) cheats
- the makeAddr functions from forge-std

If you're getting into fuzz testing and want to see some examples of what it looks like on real codebases I'd highly recommend this repo by Rappie.

There's a lot of small details you learn from seeing real implementations that are hard to get from tutorials/docs alone.…

Huge thanks to 0xScourgedev for the MIM Swap Fuzzing tool created during our audit with Guardian

Give us more confidence moving forward with the product. Awesome suite!

github.com/Abracadabra-mo…

The Chrome extension Smart Contract Inspect has been approved and is published in the Chrome Web Store 🚀

chromewebstore.google.com/detail/smart-c…

What does it do? It allows you to inspect the source code of a Smart Contract with your preferred Web IDE with just one click (or keyboard…

Slither 0.10.2 was released yesterday with a new-and-improved mutation testing tool with first class support for Foundry!

We also released a detector to identify unused imports.

What's that about an LSP??? stay tuned

Here's how easy it is to use Recon to Scaffold Invariant Tests!

(Now I have to figure out how to put this in the homepage)