Could this be used to find bugs in already published contracts? It brings to min... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

deegles on June 6, 2020 | parent | context | favorite | on: Breaking the Solidity compiler with a fuzzer

Could this be used to find bugs in already published contracts? It brings to mind the 2013 PRNG issue [0] that led to a bunch of wallets being drained. Something that is perfectly valid today might have a vulnerability in the future.

[0] https://android-developers.googleblog.com/2013/08/some-secur...

albntomat0 on June 6, 2020 | [–]

Theoretically, I think so.

Looking through their code examples though, the compiler failures look to be in obscure/unlikely to be used areas. Additionally, they state that some are dependent on particular compiler flags

AlexCoventry on June 6, 2020 | [–]

There's another fuzzer specifically for solidity smart contracts.

https://github.com/crytic/echidna

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact