Perimeter's mission is to deliver the highest quality fuzzing services to protocols by uniting the world's foremost fuzzing specialists. We possess extensive expertise in fuzzing a diverse range of protocols, from smaller, niche protocols to some of the largest and most complex in DeFi.

We will work with you every step of the way to ensure you have the most comprehensive solution possible, ensuring you receive a end product that serves your long-term needs.

In order to deliver on our mission, we have developed the most advanced scaffolding and libraries, enabling us to create highly sophisticated fuzzing suites tailored to meet the unique challenges of each protocol. Additionally, we have enterprise hardware and cloud infrastructure with Recon to support the demands of these sophisticated fuzzing suites.

Team

Meet our world-class team:

• 0xScourgedev - Serving as the CEO and a Lead Fuzzing Specialist, 0xScourgedev has been engaged in fuzzing engagements with some of the world’s largest protocols, including Pendle and various other protocols.
• Rappie - Serving as the CTO and a Lead Fuzzing Specialist, Rappie is an OG of fuzzing. He consistently delivers top-quality results in his engagements and actively builds open-source libraries and resources for the fuzzing community.
• Antonio Viggiano - Serving as an advisor and Lead Fuzzing Specialist, Antonio is a pioneer in the fuzzing space, renowned for his excellence and active contributions to numerous fuzzing education initiatives.
• nican0r - Serving as a Junior Fuzzing Specialist, nican0r is meticulous in his work, creates exceptional technical articles about fuzzing, and is a rising star in the fuzzing space.

What is Fuzzing?

Fuzzing is an automated testing technique that executes random actions with random inputs to uncover unwanted or unexpected behavior in a protocol. It is especially effective in identifying errors in complex code, such as mathematical functions, rounding errors, or intricate business logic, that manual security reviews might miss.

• Stateless Fuzzing: Generates random values without considering the system’s internal state between tests, similar to running numerous unit tests with different initial conditions.

• Stateful Fuzzing: Generates random values and sequences of actions while remembering previous actions, ensuring the protocol’s integrity through a variety of actions. This approach is like conducting countless unit tests with various action combinations.

Use Cases of Fuzzing

1. Preventing Exploits: A well-implemented fuzzing suite can uncover vulnerabilities and logical errors in the code that are extremely difficult for manual reviewers to find due to its random transaction sequences.
2. Assisting Manual Reviews/Audits: Running a fuzzing suite before an audit improves audit quality by validating protocol invariants, allowing manual reviewers to focus on deeper issues that may otherwise been overlooked.
3. Improving Code Quality: Thinking in invariants helps establish truths that should hold during the lifetime of a protocol. Guarding these with fuzzing prevents small changes from accidentally breaking them, saving costs in refactors and security reviews in the long term.
4. Continuous Integration: Fuzzing can be integrated into CI/CD pipelines to maintain continuous code quality, saving engineering time on manual verification.
5. Maintaining Protocol Integrity: Fuzzing ensures protocol invariants are upheld through DAO proposals, migrations and live upgrades, preventing exploits.

Challenges of Fuzzing

Developing an effective fuzzing suite requires deep knowledge of both the fuzzing framework and the protocol. Without sufficient experience with either will lead to missing vulnerabilities, the following are some common challenges when creating a fuzzing suite:

1. Interpreting Broken Invariants: Identifying the root cause of broken invariants can be complex, as it could involve bugs in the fuzzing suite, incorrectly implemented invariants, unexpected behavior, or critical bugs.
2. Identifying and Formalizing Invariants: Requires a deep understanding of protocols to identify and define the correct invariants, often needing custom data structures and scaffolding.
3. Balancing Efficiency and Accuracy: Differentiating useful sequences from useless ones is crucial to avoid missing vulnerabilities while managing the randomness effectively.
4. Insufficient Infrastructure: Running sophisticated fuzzing suites requires numerous runs, demanding enterprise hardware, cloud infrastructure, or significant time, along with experience to balance thoroughness with time and cost.

At Perimeter, we possess extensive expertise in fuzzing a diverse range of protocols, from smaller, niche protocols to some of the largest and most complex in DeFi.

We have developed the most advanced scaffolding and libraries, enabling us to create highly sophisticated fuzzing suites tailored to meet the unique challenges of each protocol. Additionally, we have enterprise hardware and cloud infrastructure with Recon to support the demands of these sophisticated fuzzing suites.

What to Expect in an Engagement

1. Tailor-Made Fuzzing Suite: We will design and implement stateful and stateless fuzzing suites using Echidna and Medusa. This suite will be tailor-made to the protocol and scope of the contracts, and can be integrated within your testing infrastructure.
2. Findings Reporting: We will provide thorough documentation and reporting of all findings identified throughout the engagement period.
3. Proof-of-Concept Development: For each finding and assertion/property counterexample identified, we will create a corresponding Proof-of-Concept (PoC) to demonstrate potential vulnerabilities and their implications.
4. Invariant Testing Assurance: We guarantee that each implemented invariant will be tested in at least 50,000,000 instances, ensuring thorough validation and reliability.
5. Comprehensive Final Report: We will create a detailed final report that includes all findings, along with their corresponding PoCs. It will also detail the invariants tested, their run status, and the number of runs, providing a comprehensive overview of the engagement's outcomes.
6. CI/CD Integration: An optional service where we seamlessly incorporate our specialized fuzzing suite to automatically run with each new code push through Recon, ensuring that changes do not compromise system integrity.
7. Testing Reinforcement: An optional service where we create or expand on the unit testing suite to provide greater coverage and deeper branching, effectively catching all low-hanging issues.
8. Post-launch Protection: An optional service in which we adapt the fuzzing suite to accommodate live deployed contracts. This includes using on-chain fuzzing through Recon to ensure that no invariants can be broken given the latest blockchain state.

We will collaborate with you throughout the entire process to deliver the most comprehensive solution, ensuring the final product meets your long-term needs.

If you require any deliverables or services not listed above, we will work with you to create a custom solution that meets your needs and surpass your expectations.

Testimonials

Below are some testimonials of our prior work.

I engaged 0xScourgedev for fuzz testing on behalf of Pendle, and I was impressed with his dedication and willingness to go above and beyond. He was very responsive and committed to delivering quality results, consistently addressing any queries or concerns promptly. Overall, 0xScourgedev did a great job ensuring the robustness of the contract. We look forward to working with him again in the future.

• Long Vuong, Pendle, Link to testimonial

Rappie found some extremely subtle behaviors in our code that many others missed. He not only uses the cutting edge of multiple fuzzing engines, but also helps shape how these fuzzers are built. We've been delighted to use his mastery to make our contracts more secure.

• DanielVF, Origin Protocol

Rappie went above and beyond to deeply understand our protocol and cover all the edge cases. His experience and knowledge about the art of fuzzing is unparalleled. Overall he is an incredible security expert, we certainly will be returning to him with our future smart contracts.

• Igor Zuk, Drips Network

Portfolio

Protocol	Engagement Type	Completed	Report	Code
Tapioca DAO	Testing Reinforcement	2024-06
Tapioca DAO	Testing Reinforcement	2024-05
Origin Protocol	Fuzzing Suite	2024-05	Report	Code
Private	Fuzzing Suite	2024-04
Drips Network	Fuzzing Suite	2024-01		Code
Private	Fuzzing Suite	2023-11

Individual Portolios

• 0xScourgedev
• Rappie
• Antonio Viggiano
• nican0r