This is my third attempt at a fuzzer for EVM contracts. Early days but hope to share more before EOY. Also @gndizzy is awesome to work with.

What became of IDL standardization? There is a forum discussion from 2023 and it looks like anchor’s latest format is not widely adopted.

Generate videos in just a few seconds. Try Grok Imagine, free for a limited time.

Please do not use mazes to benchmark fuzzers.

RT @tayvano_: @Cachorroexausto @deadrosesxyz No it’s not blurry. It doesn’t matter what other people do it matters what you do. If you cho….

I should not have to login to see issues on cantina or solodit.:man-standing:.

Any retrospective on why beaconfuzz did not find the pectra lighthouse issue?.

Has anyone built a proper solana dsl (not anchor).

Find out what compiler flag incantations are necessary to fuzz rust with LibAFL, and save yourself some pain.

The date is a coincidence but I am thinking about this again.

Contests are funnels for the audit firms attached to them and fellowships are inexpensive non-compete agreements for contractors. One of the cost levers was open-source development and public research which is now diverted into cheaper, content-mill marketing.

The solidity compiler continues to be a bottleneck to execution improvements in addition to stifling L2 experimentation as has been discussed in the past. For example, it’s still not possible to use eofcreate in the latest release.

This does suggest that large, future EVM changes should include integration testing at the app level as well IMO.

Seen a lot of exaggeration about the changes required to migrate code — which is opt-in. I think it’s fine to critique the upgrade as not worth the risk, lacking essential features, or solving issues at the wrong part of the stack, but at least rigorously engage with it.

RT @samlafer: There's been a lot of discussion around zk(E)VMs lately. Good moment with everyone VM nerd-snipped to discuss FPVMs (fault pr….

Noticing a lot of what looks like LLM GitHub bots lately. Or maybe people really do create superfluous rationales with headers for PRs….

The trade-off in the security space isn’t about how the persons are organized or compensated, it’s whether the orgs will compete to make themselves irrelevant by improving freely available tech and sharing research.

My intuition was it would have a lower memory footprint but also captures “more rare” entries.

This is an interesting result and demonstrates the value of effective benchmarking. Echidna has used PC coverage since its inception but edge coverage is a staple following AFL’s innovative approach. Sam Alws did a great job getting it over the line.