Liquid Stake with compassSOL for an 8.82% APY from staking, MEV + fees

Enjoy the freedom of liquid staking in Solana Defi while delegating your stake to the high performance Solana Compass validator. Stake or unstake at any time here, or with a Jupiter swap.

Benefit from our high staking returns and over 2 years experience operating a Solana validator, and receive additional yield from priority fees + MEV tips

Earn 7.1% APY staking with Solana Compass

Help decentralize and secure the Solana network delegating your stake to us and earn an impressive 7.1% APY yield on your SOL, while supporting us to create new guides and tools. Learn more

Stake your SOL

  1. Click to connect your wallet
  2. Enter the amount you wish to stake
  3. Kick back and enjoy your returns
  4. Unstake from your wallet or our staking dashboard

Earn 7.1% APY staking with Solana Compass

Help decentralize and secure the Solana network delegating your stake to us and earn an impressive 7.1% APY yield on your SOL, while supporting us to create new guides and tools.

Learn more

Breakpoint 2024: Technical Talk: Fuzzing Comes to Solana (Viktor Fischer)

By breakpoint-24

Published on 2024-09-20

Viktor Fischer introduces Trident, an open-source fuzzing tool for Solana, highlighting its importance in securing smart contracts and preventing hacks.

The notes below are AI generated and may not be 100% accurate. Watch the video to be sure!

In a groundbreaking presentation at Breakpoint 2024, Viktor Fischer unveiled Trident, the first open-source fuzzing tool for Solana. This innovative security measure is set to revolutionize smart contract development and fortify the Solana ecosystem against potential hacks.

Summary

Viktor Fischer, a long-standing member of the Solana ecosystem since 2018, introduced Trident, an open-source fuzzing tool developed by Aki, a company he co-founded. Fuzzing is a dynamic testing method that generates random inputs to identify vulnerabilities in code. While common in Web2 and Ethereum environments, Trident is the first of its kind for Solana.

The presentation highlighted the growing need for advanced security measures in the Solana ecosystem. With blockchain hacks becoming increasingly prevalent and Solana's expanding value proposition, tools like Trident are crucial for preemptive security testing. Fischer demonstrated how Trident works, emphasizing its user-friendly nature and the importance of incorporating fuzzing into the development process.

Fischer also shared insights about Aki, the company behind Trident. Aki not only develops security tools but also runs programming and auditing schools for Solana, contributing significantly to the ecosystem's growth and security. The presentation underscored the importance of good code quality, proper testing, and the use of fuzzing before seeking expensive audits.

Key Points:

Introduction to Fuzzing and Trident

Fuzzing is a dynamic testing method that compiles code and generates random inputs to test it over thousands or millions of iterations. Trident, developed by Aki, is the first open-source fuzzing tool specifically designed for Solana. This tool is crucial as the value locked in Solana's ecosystem grows, potentially attracting more hacking attempts.

Fuzzing is already widely used in Web2 and Ethereum environments, with tools like Echidna, Foundry, Medusa, and Wake. Trident brings this essential security practice to Solana, allowing developers to continuously test their smart contracts for vulnerabilities.

Aki: The Company Behind Trident

Aki was founded in 2021 by Viktor Fischer and his business partner, Tushan. The company emerged from a collaboration with professors at the Czech Technical University, leveraging the country's rich history in antivirus software development. Aki has since grown to a team of 20 people and focuses on three main areas: smart contract auditing, running programming and auditing schools for Solana, and developing open-source auditing tools like Trident.

Aki has conducted 134 audits for around 40 clients, including prominent projects in both Solana and EVM ecosystems. Their educational initiatives have seen significant success, with over 3,400 applicants to their programs and 150 graduates from their Solana programming schools.

Importance of Fuzzing in Blockchain Security

Fischer emphasized the growing importance of security measures like fuzzing in the blockchain space. While Ethereum-based chains have seen the majority of hacks (around $8 billion), Solana has also experienced significant losses (about $1 billion). As Solana's ecosystem continues to grow and provide more value, the risk of hacks is likely to increase.

Fuzzing provides a proactive approach to security, allowing developers to identify and fix vulnerabilities before they can be exploited. By integrating fuzzing into the development process, projects can significantly enhance their security posture and protect user funds.

Implementing Trident in Development Workflow

Fischer provided a step-by-step demonstration of how to use Trident in a development workflow. He emphasized that while fuzzing is a powerful tool, it works best when combined with other best practices. These include maintaining good code quality, using the Anchor framework, conducting peer reviews, writing well-documented and structured code, and implementing thorough unit and integration tests.

The presentation showed how to set up Trident, configure it, and run fuzz tests on a simple "Hello World" program. Fischer highlighted the tool's ability to identify issues and provide detailed feedback, allowing developers to quickly locate and fix vulnerabilities in their code.

Facts + Figures

  • Aki has conducted 134 audits for around 40 clients in both Solana and EVM ecosystems
  • Aki's educational programs have had over 3,400 applicants
  • 150 students have graduated from Aki's Solana programming schools
  • The current auditor's bootcamp has 750 students enrolled
  • Approximately $10 billion worth of crypto has been hacked across all blockchains
  • Solana accounts for about $1 billion (13%) of all blockchain hacks
  • Trident has been in development for three years and was launched in May 2024
  • Wake, Aki's fuzzing tool for EVM, already protects around $30 billion of Total Value Locked (TVL)
  • Wake discovered a medium severity bug in Lido, a protocol with $10 billion TVL

Top quotes

  1. "Fuzzing is basically a software tool which is dynamically testing your code."
  2. "We think as we provide more value on Solana, this [hacking risk] will increase."
  3. "Fuzzing is actually useful. Lido, XLR, safe, they use fuzzing constantly."
  4. "You cannot just fuzz your code if it's not very well written."
  5. "Please do the fuzzing before the hackers do of your code."

Questions Answered

What is fuzzing and why is it important for Solana?

Fuzzing is a dynamic testing method that generates random inputs to test code for vulnerabilities. It's important for Solana because as the ecosystem grows and provides more value, it becomes a more attractive target for hackers. Fuzzing allows developers to proactively identify and fix potential security issues before they can be exploited, thereby enhancing the overall security of Solana-based projects.

What is Trident and who developed it?

Trident is the first open-source fuzzing tool specifically designed for Solana. It was developed by Aki, a company co-founded by Viktor Fischer and his partner Tushan. Aki is a smart contract auditing firm that also runs programming and auditing schools for Solana. Trident is the result of three years of development and was launched in May 2024.

How does Trident compare to fuzzing tools for other blockchains?

Trident is unique in that it's the first open-source fuzzing tool specifically for Solana. Other blockchains, particularly Ethereum-based ones, have several fuzzing tools available such as Echidna, Foundry, Medusa, and Wake. Trident brings this essential security practice to the Solana ecosystem, allowing developers to perform thorough security testing that was previously only available for other blockchain environments.

How can developers start using Trident?

Developers can start using Trident by following a few steps: First, they should watch instructional videos and read the documentation available on the Aki GitHub repository. They can then download Trident and start experimenting with it in their development environment. Fischer recommends joining the dedicated Telegram group "Aki Breakpoint Fuzzing with Trident" for support and to ask questions. The tool is designed to be user-friendly and can be integrated into existing development workflows.

What are the best practices for using fuzzing in smart contract development?

While fuzzing is a powerful tool, it's most effective when combined with other best practices. Developers should maintain good code quality, use frameworks like Anchor, conduct peer reviews, write well-documented and structured code, and implement thorough unit and integration tests. Fuzzing should be used as part of this comprehensive approach to security, ideally before seeking expensive external audits.


Related Content

Breakpoint 2024: Product Keynote: In the Blink of an Eye

Chris Osborn introduces Blinks, a revolutionary technology changing how we interact with the internet

BP 2024: Technical Talk: Open Source X-Ray: Solana Smart Contract Static Analysis

Chris Wang announces the open-source release of X-ray, a static analyzer for Solana smart contracts

Breakpoint 2024: Introducing Radar: Extensible Static Analysis for Solana Programs

Joe Van Loon introduces Radar, an open-source static analysis tool for Solana programs, offering extensibility and ease of use for developers and auditors.

Breakpoint 2024: Technical Talk: WTF Is the SVM? (Jarry Xiao)

Jarry Xiao explains the Solana Virtual Machine (SVM) and introduces Alysses Labs' new blockchain, Alice.

Breakpoint 2023: Critical Security Considerations for Web3 Builders

An in-depth look at how Fireblocks is shaping private key security and smart contract management for Web3 builders.

Breakpoint 2023: Fuzzing, Formal Methods, and the State of Solana Security

An exploration of how fuzzing and formal verification techniques contribute to the security of the Solana blockchain.

Breakpoint 2023: Security in Web3: Ensuring User Protection in a Decentralized World

Exploring the importance of security in Web3 and strategies for user protection by leveraging hardware solutions.

Breakpoint 2023: Open Source Endeavors on Solana

Explore the significance of open-source development and its impact on the Solana blockchain ecosystem, as discussed by Rex from Magic Eden.

Breakpoint 2023: Ensuring the Safety of SBF Programs Through Formal Verification

A deep dive into making Solana contracts safer with Sertora's formal verification tool.

Breakpoint 2024: Technical Talk: Security and Risk Monitoring for Solana (Andres Monty)

Rains announces integration with Solana, offering advanced security and monitoring solutions for the ecosystem

Breakpoint 2023: Leveraging AI To Bolster Smart Contract Security

Discover how a security research firm is utilizing AI to enhance the security of smart contracts in blockchain.

Breakpoint 2023: Solang: Running Solidity Natively on Solana

An introduction to Solang, a tool that compiles Solidity code to run natively on the Solana blockchain.

Breakpoint 2023: Reviving DeFi on Solana with Composability and Asset Backed Perpetuals

Zoheb Shahzan of Flash Trade delves into how asset-backed perpetuals and composability are reviving DeFi on Solana.

Breakpoint 2024: Product Keynote: Tensor (Richard Wu)

Tensor announces full open-sourcing of their NFT marketplace protocols and launches a new grant program for developers

Breakpoint 2024: Product Keynote: Huma (Erbil Karaman)

Huma Finance introduces Pay-Fi, a revolutionary payment financing network on Solana, set to transform the financial landscape.