layout
title description tableOfContents outline pagination
visible
true
visible
visible
true
visible
true
visible
true

Introduction

ItyFuzz is the current state-of-the-art fuzz testing tool for smart contracts. To start using ItyFuzz, please check installation-and-building.md and quickstart.md.

ItyFuzz requires no manual effort. You don't need to write invariants or manually specify the input generation strategy. Users supply contract addresses or bytecode, and ItyFuzz autonomously generates the exploit when vulnerabilities are found. It can be easily integrated into CI/CD pipelines. It is also highly configurable and can test different aspects of smart contracts.

Technically, it leverages formal verification (concolic execution) assisted fuzzing algorithms guided by dataflow patterns and comparisons. ItyFuzz can handle DeFi with complex states and interactions and can find over 100 bugs in real-world smart contracts.

Statistics and Comparisons

ItyFuzz in Real-world

Backtesting on 200 exploited projects, ItyFuzz can generate 109 exploits without manual effort or prior knowledge. More information can be found here.

ItyFuzz vs (Harvey / Echidna / Foundry)

On Daedaluzz Dataset, ItyFuzz can find a similar amount of bugs as Consensys Diligence's Harvey tool and 20-40% more bugs compared to Echidna and Foundry without formal verification enabled. In the meantime, ItyFuzz is also faster to uncover bugs at first.

ItyFuzz, Foundry, Echidna, and Harvey on Bug Finding Capability

More figures can be found here: https://twitter.com/vwuestholz/status/1654026298476441600

ItyFuzz vs SMARTIAN

Please refer to our research paper: https://arxiv.org/abs/2306.17135

Researches and Publications

Core Algorithm: https://arxiv.org/abs/2306.17135

LLM + Fuzzing: https://scf.so/llm4fuzz.pdf

Formal Verification (Concolic Testing): https://mir.cs.illinois.edu/marinov/publications/SenETAL05CUTE.pdf