Frequently Asked Questions

📄️ Can I cancel the subscription and get a full refund

Generally no. In our payment plans we focused on entry level users and created the ‘Individual’ tier which is a good amount to get a taste of the service. If it is not for you, the plan can be cancelled with one months notice.

📄️ Can I run multiple Fuzzing campaigns at the same time

Yes, theoretically you can run infinite Fuzzing campaigns at the same time. This will likely drain you hour budget so be careful

📄️ Can the Fuzzer simulate or fuzz multiple transactions

Yes, the Fuzzer simulates multiple transactions if necessary to achieve more code coverage. The number of transactions and also the theoretical time between transactions is irrelevant.

📄️ Can we add a badgereport to our website showing we used Diligence Fuzzing

Yes, you can publish your Fuzzing report on your website. Sample report is here: Diligence FaaS

📄️ Do I need to write Scribble properties before using Fuzzing

Yes! The first step is writing Scribble properties/annotations for your smart contracts. The fuzzer will try to cover the code to detect violations of the provided properties.

📄️ Do I need to write all intended properties before I start the Fuzzer

No, you can choose if you want to check for one property at a time or rather check multiple properties at the same time. You can run several Fuzzing campaigns.

📄️ Do you have an example of a contract with Scribble annotations

https://github.com/JoranHonig/uniswap-v2-core/blob/master/contracts/UniswapV2Pair.sol

📄️ Does Fuzzing work with nonlocal chains

No, any non-local chain (mainnet, testnet, forked chains) will have way to many blocks to fetch all the transactions.\

📄️ Does Scribble extend my code

Yes, Scribble translates the annotations into checks and inserts them in the code automatically. The result is instrumented code the Fuzzer can work with.

📄️ How does the Fuzzer check the code

The Fuzzer can be imagined as a user who tries different inputs on the code. It takes seed inputs and mutates them to come up with more input variations. Once it tries an input that leads to the coverage of a new path it adds that input to the input suite and focuses more on that.

📄️ How is Fuzzing different from propertybased testing like Quickcheck echidna foundry

1. There is a difference in philosophy and how the fuzzers integrate in the development workflow. Quickcheck-style fuzzers expect the user to write tests where some inputs are fuzzable. Think of it as unit tests on steroids. However, someone still needs to write all those tests (including mocks, etc.) since they typically only focus on one or two individual functions. While Diligence Fuzzing is also able to handle this use case, it promotes a more automated approach that is centered around specifications that are checked for large systems (very close to those deployed) with one or many contracts.

📄️ How long does a campaign take

A campaign does not have a fixed time. You can start and stop a campaign at any time. For every campaign it is more important to observe the parameters i.e. path coverage and residual risk to determine if the Fuzzer has exhausted most of the code already and the campaign can be stopped.

📄️ How should I configure the targets when fizzing against an upgradable proxy contract

Add both contracts under the targets and only the proxy contract under the deployedcontractaddress

📄️ Is Diligence Fuzzing a fully automated process

No, since it is property-based fuzzing, the user needs to provide properties that should be checked (for instance, expressed using Scribble specifications). In addition, there are also some manual steps involved to set up a fuzzing campaign which we will walk you through in our onboarding session.

📄️ Is Fuzzing a replacement for audits

No. We, at Diligence, think about security as layers. Fuzzing is a layer of security to protect your smart contracts from exploits. They are not a substitute for each other. You can learn more about the important of a multi-layered security strategy here: The Importance of a Multi-Layered Smart Contract Security Strategy | ConsenSys

📄️ Is Scribble framework dependent

Nope, Scribble works with all major smart contract development frameworks including Truffle, Hardhat, Dapptools, and Foundry.

📄️ Is there an example report

Yes, you can have a look here//fuzzing.diligence.tools/campaigns/cmp\_bbd93434543a438bb03a7aefcaced3a5

📄️ What are limitations of the Fuzzer

Since fuzzing is an automated process, it often detects violations that can easily be missed by human reviewers (one more reason to not exclusively rely on audits). However, like any property-based analysis, it fundamentally relies on humans to provide suitable properties. Occasionally, it may also require some additional guidance (for instance, additional seed inputs) to cover complex parts of your code base.

📄️ What are the optimisations that the Fuzzer uses to achieve higher or quicker coverage

The fuzzer incorporates many known techniques (for instance, using coverage feedback) and also incorporates many custom techniques (see our publications for more details). Here’s just one of many examples:

📄️ What is the difference between Certora Formal Verification and Diligence Fuzzing

Simply put, formal verification is a independent (and also important) analysis technique. However, formal verification is difficult and time consuming, even if the specifications are already written. In contrast, once you have some specifications and a fuzzing setup Diligence Fuzzing is fully automated. It’s ready to catch bugs in your code or issues with your specifications without slowing you down early on in your development lifecycle. Once your code and specifications are in good shape, you can still use verification for additional peace of mind. One big advantage of Scribble is that it is compatible with existing verifiers. You write the properties once and you can run fuzzing and verification on the same properties.

📄️ What is the difference between Diligence Fuzzing and Fluffy Fuzzer

The two main differences are:

📄️ What kind of vulnerability classes does Diligence Fuzzing detect

The Fuzzer does not look for specific classes. Since it is property-based, it detects the parts of your code for which the specified properties do not hold (property violation). Therefore, it uncovers property violations independent of vulnerability classes that are specific to your code and your expectations about its correctness.

📄️ Where is the Fuzzer hosted Is my code securely transmitted to the Fuzzer

Diligence Fuzzing is hosted on Azure. Your code is transmitted through an API and is secured by https protocol.

📄️ Which EVM implementation does the Fuzzer use

Diligence Fuzzing uses geth, an EVM implementation that is also used by Ethereum nodes.

📄️ Why should I use Fuzzing in addition to a manual auditing service

Fuzzing is a great addition to a manual audit. By using this technique early and often in your development process you gather iterative feedback of your code (continnuous fuzzing). That way you can improve your code on every step and avoid building security debt leading to costly code rewrites later in the process (shift left).