This project is heavily inspired by oss-fuzz.
Fuzz testing is a well-known technique for uncovering programming errors in software. Many of these detectable errors, like reentrancy issues, can have serious security implications.
Fuzzied provides a scalable and distributed infrastructure for continuous fuzzing. This apporach makes fuzzing very attractive for developers and security auditors, who can focus on writing testcases. At the same time chances of finding vulnerabilities are orders of mangitudes better compared to current fuzzing activities in the blockchain space, which mostly rely on very short runs on single machines.
Fuzzied and its workflow are completely open source. Developers needs to create pull requests against the official repository, which is used as the baseline of the continuous fuzzing infrastructure and all fuzzing activities. Relevant stakeholders are informed once a vulnerabiliy is identified during fuzzing. Although echidna is currently the only integrated fuzzer, the platform is not limited to it, and as such, other fuzzing engines can be integrated in the future.
Continuously fuzzed targets can be found in the projects folder. In order to add your project to the distributed fuzzing procedures, you need to
- fork this repo
- copy/add a project (replace the contracts with yours and add test cases to be validated)
- test locally
- create a pull requests
- once merged, you will be notified if your harness has identified a vulnerability