Home

Awesome

🍦 ItyFuzz

Demo

[Docs] / [Research Paper] / [Twitter] / [Discord] / [Telegram]

ItyFuzz is a blazing-fast EVM and MoveVM smart contract hybrid fuzzer that combines symbolic execution and fuzzing to find bugs in smart contracts offchain and onchain.

Install

curl -L https://ity.fuzz.land/ | bash
ityfuzzup

Example

Fuzzing Deployed Smart Contract

Generating full exploit to steal funds from a contract with flashloan + read-only reentrancy vulnerability on Polygon.

# Fork Polygon at block 35718198 and fuzz the contract
ETH_RPC_URL=https://polygon-rpc.com ityfuzz evm\
    -t 0xbcf6e9d27bf95f3f5eddb93c38656d684317d5b4,0x5d6c48f05ad0fde3f64bab50628637d73b1eb0bb\
    -c polygon\
    --flashloan\
    --onchain-block-number 35718198\
    --onchain-etherscan-api-key TR24XDQF35QCNK9PZBV8XEH2XRSWTPWFWT # <-- Get your own API key at https://polygonscan.com/apis if this one is rate limited 

Foundry Invariant Test

Run a Foundry invariant test defined in Invariant contract in test/Invariant.sol.

# Replaces: forge test --mc test/Invariant.sol:Invariant
ityfuzz evm -m test/Invariant.sol:Invariant -- forge test

For other examples and usages, check out the docs.

Performance

On large real-world smart contract projects, ItyFuzz finds 126 vulnerabilities while Echidna finds 0 and Mythril finds 9. For details, refer to backtesting, research paper, and new bugs discovered.

On small real-world smart contracts (ERC20, lottery, etc.), ItyFuzz gains 10% more test coverage than academia state-of-the-art fuzzer SMARTIAN using 1/30 of the time.

<p align="middle"> <img src="https://ityfuzz.assets.fuzz.land/ityfuzz3.png" width="49%"> <img src="https://ityfuzz.assets.fuzz.land/ityfuzz1.png" width="49%"> </p>

On Consensys's Daedaluzz benchmark, ItyFuzz without symbolic execution finds 44% more bugs than Echidna and 31% more bugs than Foundry. ItyFuzz is also 2.5x faster than Echidna and 1.5x faster than Foundry.

<p align="middle"> <img src="https://ityfuzz.assets.fuzz.land/daedaluzz-bar.jpeg" width="49%"> <img src="https://ityfuzz.assets.fuzz.land/FvRIuhfWwAEdBBz.jpg" width="49%"> </p>

Features

Bugs Found

Selected new vulnerabilities found:

ProjectVulnerabilityAssets at Risks
BSC $rats NFTInteger overflow leading to unlimited minting$79k
9419 TokenIncorrect logic leading to price manipulation$35k
BSC MevbotUnguarded DPPFlashLoanCall$19k
FreeCashIncorrect logic leading to price manipulation$12k
0xnoob TokenIncorrect logic leading to price manipulation$7k
Baby Wojak TokenIncorrect logic leading to price manipulation$4k
ArrowIncorrect position logic leading to fund lossFound During Audit

ItyFuzz can automatically generate exploits for >80% of previous hacks without any knowledge of the hack. Refer to backtesting for running previously hacked protocols.

Sponsors & Grants