Welcome to the world of ItyFuzz, a hybrid smart contract fuzzer that combines the power of symbolic execution and fuzzing to identify potential bugs both on-chain and off-chain. In this guide, we’ll walk you through the installation process, provide examples of how to fuzz deployed smart contracts, and share some performance insights along with troubleshooting tips. So, let’s dive in!

Installation

To install ItyFuzz, you will need to execute a simple command in your terminal:

curl -L https://ity.fuzz.land | bash

This command fetches the ItyFuzz installation script and runs it, setting everything up for you. It’s as easy as ordering a pizza!

Fuzzing a Deployed Smart Contract

Once you have ItyFuzz ready to go, you can start testing smart contracts. Here’s an example of how to fuzz a deployed contract on the Polygon network:

ETH_RPC_URL=https://polygon-rpc.com ityfuzz evm \
    -t 0xbcf6e9d27bf95f3f5eddb93c38656d684317d5b4,0x5d6c48f05ad0fde3f64bab50628637d73b1eb0bb \
    -c polygon \
    --flashloan \
    --onchain-block-number 35718198 \
    --onchain-etherscan-api-key TR24XDQF35QCNK9PZBV8XEH2XRSWTPWFWT

This command resembles asking a friend to help you uncover vulnerabilities in a maze. You specify the guide (ItyFuzz), the maze (the smart contract), and the exit points (the possible vulnerabilities). The command lines provide tools like flash loan capabilities and the ability to specify an exact block on the Ethereum blockchain for a reliable test.

Running Tests with Foundry Invariants

ItyFuzz can also run Foundry invariant tests defined in your Solidity contracts. Here’s how you can execute an invariant test using ItyFuzz:

ityfuzz evm -m testInvariant.sol:Invariant -- forge test

This command integrates seamlessly with your existing testing framework, allowing you to analyze the integrity of your contracts just like checking if all your lights in your house have their bulbs functioning!

Performance Insights

One of the standout features of ItyFuzz is its performance. In extensive tests, ItyFuzz has uncovered 126 vulnerabilities while other fuzzers like Echidna found 0 and Mythril identified just 9. Additionally, ItyFuzz performs significantly better than many other tools, capturing 10% more coverage on smaller contracts.

Features of ItyFuzz

• Chain Forking: Easily access and fuzz contracts on any blockchain at any given block number.
• Accurate Exploit Generation: Find vulnerabilities for precision loss, integer overflow, and more.
• Reentrancy Support: Test for potential reentrancy opportunities.
• Blazing Fast Power Scheduling: Prioritize fuzzing where bugs are likely to exist.
• Symbolic Execution: Efficiently explore more code paths.
• Flashloan and Liquidation Support: Simulate exploit capabilities during fuzzing.
• Decompilation Support: Work with contracts even without access to their source code.
• Initialization Support: Utilize Foundry setup scripts for complex contract setups.

Bugs Found

ItyFuzz has been productive in uncovering new vulnerabilities. Here are some examples:

• BSC $rats NFT – Integer overflow leading to unlimited minting worth $79k
• 9419 Token – Incorrect logic causing price manipulation worth $35k
• BSC Mevbot – Unguarded DPPFlashLoanCall worth $19k

In fact, ItyFuzz can autonomously generate exploits for 80% of previously hacked protocols, enhancing overall security.

Troubleshooting

If you encounter issues while using ItyFuzz, here are a few troubleshooting tips to guide you:

• Ensure your dependencies are all correctly installed and updated.
• If you hit any API rate limits, consider acquiring your own API key at Polygonscan.
• For more insights, updates, or to collaborate on AI development projects, stay connected with fxis.ai.

At fxis.ai, we believe that such advancements are crucial for the future of AI, as they enable more comprehensive and effective solutions. Our team is continually exploring new methodologies to push the envelope in artificial intelligence, ensuring that our clients benefit from the latest technological innovations.