https://x.com/opensensepw
https://x.com/zokyo_io
Fuzzing is a key technique in smart contract security. Unlike unit tests, fuzzing runs thousands of random inputs to test your code, exposing hidden edge cases, logic errors, and vulnerabilities before attackers do.
In this video you will learn how fuzzing works in practice, why it is important for audits, how to set it up step by step, and see real examples of catching bugs with fuzzing.
Timestamps
00:00 Intro - Safe Contract
01:30 test_withdraw function
04:30 run test for withdraw function
06:40 when you use transfer you have only 2300 gas
08:20 what fuzzing should do for us?
09:27 number of runs
12:05 vm.assume()
13:42 adding more feature on the test_withdraw function
16:55 why fuzzing address is not very practical
21:30 when you dealing with addresses
23:46 how vm.assume() work
25:55 using bound() instead of vm.assume()
28:44 fixture
33:15 why I did 999/3 + 3 instead of 336
35:31 end of the first part
39:02 exercise
41:23 second part
43:56 how to generate coverage with fuzzing
45:45 genHTML
