jjjutla
commented
2 months ago Update @Hero-Gamer
All deliverables can be found in the property-testing branch. Instructions to run locally are in the README.
Milestone 1 Property based fuzzer has been implemented on a basic counter contract with a buggy function showing the testing finds the bug. I have also added another contract based on the bonding-curve contract used in STX.CITY to show real world use.
Testing on counter contract (adding, decrementing): https://github.com/user-attachments/assets/467be34f-dbf2-4c40-90dc-3608bd2e0584
Testing on bonding curve DEX (buying/selling): https://github.com/user-attachments/assets/f1b23488-cd60-4efb-803d-7cad430e6cec
Milestone 2 How to use has been documented, and a database of common security vulnerabilities in Clarity has been added with examples from real contracts.
1) Total Grant Amount: $1,787.16
2) Project Description: Gecko: Automated security testing of Clarity smart contracts, using a property based fuzzer overcoming the limitations of static analysis and unit tests allowing developers to have more coverage of testing in their smart contracts and find vulnerabilities that otherwise would have been missed.
3) Impact: Gecko will reduce pre-deployment security barriers, helping developers understand attack surfaces and focus audits, thereby lowering costs and improving coverage. It will contain a database of vulnerabilities and remediations, offering real-life examples to guide developers in best practices for Clarity smart contract development.
4) Project Timelines, Milestones, and Deliverables: Kick-off payment: 0% - $0
Milestone 1: 44% - $787.16 - August 16th 2024
Milestone 2: 56% - $1000 - August 30th 2024
5) Is / will this project be open-sourced?
Yes, all parts will be open-sourced and included in the repo.
6) ZeroAuthorityDAO profile link: https://zeroauthority.xyz/profiles/SP3BK6FP3KM52GX4K9YPBB1J9S7K0R9WCZRX3NHCY