Deliverable 1: Integration of Gecko Fuzz with Soroban Contracts

Brief Description:

1. Integrate Capture-Based Fuzzing: Implement Gecko Fuzz’s capture-based approach in Soroban, focusing on capturing states and transactions rather than sequences.
2. Incorporate Dataflow and Comparison Waypoints: Utilise Gecko Fuzz’s dataflow and comparison waypoints to identify states with potential momentum and prune less relevant states.
3. Adapt for Soroban Types: Adapt GeckoFuzz to accommodate Soroban's unique type system, including types like u32, i32, Address, String, Symbol, Bytes, Vec, Map, and Structs.
4. Implement ‘Arbitrary’ Trait: Integrate the ‘Arbitrary’ trait from the Soroban SDK, which bridges the gap between Soroban types and the fuzzer driver. This involves creating prototype values using conversion traits like ‘FromVal’ or ‘IntoVal’.
5. Error Handling: A robust error-handling mechanism will be established for cases where fuzz tests panic or crash. 
6. Fuzz Target Macro Setup: Establish the ‘fuzz_target!’ macro as a special entry point, which accepts a Rust closure that handles the input, ensuring compatibility with the Arbitrary trait.

How to measure Completion:

Once the Soroban fuzzing capabilities are integrated in Gecko Fuzz, I will host the UI that is already developed in the video to allow for developers to upload their contracts and Gecko to Fuzz them. The backend will also be updated on the repo allowing for local fuzz testing.

Budget:

$30,000

Estimated Time of Completion:

7th Jan (5 Weeks)

Once Soroban fuzzing capabilities are added to Gecko Fuzz phase 2 will be fine-tuning the LLM to guide the waypoint mechanisms and integrate with the Soroban RPC for on-chain auditing as mentioned in the technical architecture document. These deliverables will be submitted to the next award as details may change as I am researching into fuzzing at LLVM bytecode level and using the XDR types as prototypes:

1. Local and On-Chain Testing: Conduct both local and on-chain testing via Soroban RPC interactions, assessing GeckoFuzz’s effectiveness in different environments.
2. Benchmarking: Benchmark Gecko Fuzz against cargo-fuzz, focusing on improvements in vulnerability detection and the simplification of the fuzzing process.
3. Select Examples for Demonstration: Choose specific Soroban smart contract examples that best showcase Gecko Fuzz capabilities.
4. Contract Crate Requirements: Ensure that the Soroban contract crate includes the necessary "testutils" feature for running fuzz tests, with the feature activated in both the contract and soroban-sdk crates.
5. Linking and Compilation: Address the requirement for Soroban contracts to be compiled as "cdylib" and ensure the fuzzing crate can link to the contract crate as an "rlib."

A similar budget to this award would be needed ($30K).

Gecko Fuzz: is a novel smart contract security tool that leverages formal verification (concolic execution) assisted fuzzing algorithms guided by dataflow patterns and LLM comparisons to audit smart contracts on-chain with no manual effort. You don't need to write invariants or manually specify the input generation strategy. Users supply smart contract addresses or native compiled contracts and Gecko autonomously generates the exploit when vulnerabilities are found. It can easily be integrated into CI/CD pipelines for a continuous innovation service and can test different aspects of the smart contracts. 

What Problems it Solves?

• High Costs of Manual Audits: Gecko Fuzz reduces reliance on expensive manual audits by automating the auditing process.  
• Low Occurrence in Audits: Increases the frequency and thoroughness of audits, allowing it to be integrated into the CI/CD for continuous auditing. This has proven to identify new types of attacks (see slides).  
• Lack of Transparency and Accountability: Gecko Fuzz provides clear, automated audit trails, showing the code location of the vulnerability, the exploit and attack trace.
• Slow and Expensive Formal Verification: Gecko Fuzz employs faster, more cost-effective methods using formal verification assisted fuzzing algorithms.  
• Inability to Fuzz On-Chain: Uses novel waypoint mechanisms to efficiently navigate on chain state space to facilitates on-chain fuzzing, a previously challenging task.  
• Complexity in Writing Invariant and Fuzz Tests: Simplifies and automates the process, making it accessible for those unfamiliar with fuzzing or formal verification to secure smart contracts.

How it solves them?

• Automated Security Tool: Gecko Fuzz leverages concolic execution and dataflow patterns to autonomously audit smart contracts, reducing manual effort and costs.
• Guided Fuzzing Algorithms: Utilises LLM comparisons for guided fuzzing.
• Autonomous Generation of Exploits: Identifies and generates exploits when vulnerabilities are found
• Integration into CI/CD Pipelines: Ensures continuous innovation and regular audits, enhancing transparency and accountability.
• Testing Multi-Contract Interactions: Capable of testing several contracts that interact together on-chain buy taking captures of the states space and using a state space and input corpus.

Audience It Solves Them For:

• Developers: Offers a straightforward, automated tool for developers who may not have expertise in writing complex tests.
• Fuzzing/Formal Verification Newcomers: Ideal for those new to fuzzing or formal verification, as it requires no specialised knowledge in test writing.
• Organisations with Multiple Contracts: Useful for entities that manage several interacting contracts and require comprehensive on-chain testing.

Jeevan Jutla is a security researcher with 5 years experiance in cybersecurity and software development. He has worked in Blockchain for the past 3 years focused in security where he has worked for R3 and Binance and won many hackathons across multiple ecosystems (Polkadot, BTC, vechain).

https://www.linkedin.com/in/jeevan-jutla/