05-31, 16:30–17:25 (Europe/Prague), Hacker House
Learn how to fuzz your solidity code in Python using open-source dev tooling eth-wake, which helps uncover edge cases developers overlook, like in Lido and Axelar smart contracts.
For the workshop, we will explore the real-life protocol called “Stonks,” created and deployed by Lido. In the beginning, we will learn the code architecture and understand all the important parts required to create a fuzz test. Next, we will go through a pre-made implementation of a fuzz test written using the Foundry framework. In this example, we will show the difficulties that a developer may encounter while writing tests in Solidity. Next, we will interactively recreate the same fuzz test in Python using the Wake framework. We will show how fuzzing helped Ackee Blockchain find the actual bug in the Stonks code, which we will fix. Finally, we will compare Foundry and Wake and show the advantages and disadvantages of both approaches.
We expect attendees to have a basic knowledge of Solidity. Knowledge of Foundry and Wake is not required, as we will provide full guidance on the code.
A security auditor at Ackee Blockchain, Andrey has always been passionate about cybersecurity and modern technologies. This led him to a degree in Artificial Intelligence and Cybersecurity and a career in AI Research and AppSec. Eventually, he took a course on blockchain tech held by Ackee Blockchain. Very soon, web3 became an integral part of his life, and so began his journey as an auditor. Since then, he has secured many protocols, including those by Axelar, Lido, or Squid.