In a recent tech talk by Martin Hloska and Valery Gantchev from Hydration (former HydraDX), the spotlight was on an advanced approach to fuzzing known as “Fuzzing on Steroids with Invariants.” This innovative technique is tailored to enhance the detection of edge cases and potential vulnerabilities within the substrate runtimes of blockchain applications, particularly those utilizing the Hydration (former HydraDX) protocol.
What is Fuzzing?
Fuzzing is an automated testing technique that involves generating streams of random inputs and applying them to an API to detect unexpected behaviors or crashes. In the context of blockchain, fuzzing is crucial for identifying potential vulnerabilities in the extrinsics, which are the public APIs that can be called by anyone.
HydraDX’s Approach to Fuzzing
HydraDX utilizes a specific fuzzer developed by SRLabs, known as the Substrate Runtime Fuzzer, which is built on top of Ziggy. This fuzzer employs coverage-guided fuzzing to systematically explore the code and detect areas that might cause crashes or unexpected behavior. The fuzzer’s ability to provide insights into the coverage of the code and help identify roadblocks makes it an invaluable tool in the development process.
Optimizing Fuzzing with Invariants
The core innovation presented by HydraDX involves the integration of invariants into the fuzzing process. Invariants are conditions that must hold true after certain operations are executed. For instance, in the context of Hydration’s Omni Pool implementation, invariants ensure that the value of the pool does not decrease after a trade. By embedding these invariants directly into the fuzzing process, developers can detect not just crashes but also logical errors in the business logic.
Practical Implementation
The implementation of this advanced fuzzing technique is straightforward. The fuzzer starts with a seed pool, which includes initial extrinsics and parameters. It then runs these through the substrate runtime, checking for crashes and logging any deviations from the expected behavior. By continuously mutating the input data and leveraging the feedback from coverage reports, the fuzzer can explore deeper into the code, identifying potential issues that might not be caught by traditional testing methods.
Live Demo Insights
During the live demo, Martin demonstrated how the fuzzer could detect a rounding issue within the Omni Pool implementation. By deliberately introducing an error in the rounding logic, the fuzzer was able to identify the issue within minutes, showcasing its efficiency and effectiveness. This real-time detection is crucial for maintaining the integrity and security of blockchain applications.
Conclusion
Fuzzing on Steroids with Invariants represents a significant advancement in automated testing for blockchain applications. By combining traditional fuzzing techniques with the power of invariants, HydraDX has developed a robust method for ensuring the reliability and security of their substrate runtimes. This approach not only helps in identifying crashes but also ensures that the business logic adheres to the defined constraints, providing a comprehensive testing solution.
