My journey with the Stacks community began formally on June 3, 2022, when I initiated a conversation about fuzz testing for Clarity smart contracts via a GitHub issue in the hirosystems/clarinet repository. This endeavor not only led me to collaborate with influential individuals like Ludo Galabru, Brice Dobry, LNow, and Friedger Müffke, but it also paved the way for significant contributions to the Clarinet project itself, including the discovery and resolution of bugs and the development of new features (such as ::reload in REPL).
My commitment to improving the reliability and security of smart contracts extends far beyond this project. As a co-founder of the hedgehog property-based testing tool in early 2017, I have been at the forefront of advocating for the adoption of advanced testing methodologies. My vision is to integrate these practices – property-based testing, fuzzing, and invariant testing, which have already proven effective in ecosystems like Ethereum – into the Stacks platform. My goal is to elevate the testing standards in our community, not only through development but also by educating and guiding others in the implementation of these crucial testing strategies.
Objective: Develop an Advanced Fuzz Testing Tool for the stacks-node RPC interface
- Fuzz Testing and Stateful Property-Testing for the stacks-node RPC interface
- Integration with Clarinet for fuzzing the Clarity VM itself
- Ensuring robust security and promoting positive outcomes
Outcomes:
- Ensuring Robust Security: The tool will be designed to ensure that no negative scenarios occur within the system.
- Promoting Positive Outcomes: It will also ensure that positive outcomes are always possible, enhancing the reliability and effectiveness of the Stacks platform.
Innovative Approach: The tool will not just focus on identifying potential faults but also on validating the operational integrity and potential of the stacks-node through the RPC interface under various conditions.
Milestone 1: Research and Design
- Task 1.1: Conduct thorough research on the current stacks-node RPC interface to understand its functionalities and potential vulnerabilities (Completed 1/2024)
- Task 1.2: Design the initial framework for the fuzz testing tool, focusing on how it will interact with the stacks-node RPC interface (Completed 1/2024)
Milestone 2: Development of Core Fuzz Testing Features
- Task 2.1: Develop the basic fuzz testing functionalities targeted at the stacks-node RPC interface (Target Completion: 2/2024)
- Task 2.2: Implement stateful property-based testing elements into the tool (Target Completion: 2/2024)
Milestone 3: Integration with Clarinet
- Task 3.1: Develop integration protocols for seamlessly incorporating the fuzz testing tool with Clarinet (Target Completion: 3/2024)
- Task 3.2: Test the integration to ensure the smooth functioning of fuzzing the Clarity VM through Clarinet (Target Completion: 3/2024)
Milestone 4: Testing and Refinement
- Task 4.1: Conduct extensive testing of the tool in various scenarios to ensure its effectiveness and reliability (Target Completion: 4/2024)
- Task 4.2: Refine and optimize the tool based on test results and feedback (Target Completion: 4/2024)
Milestone 5: Documentation and Community Engagement
- Task 5.1: Create comprehensive documentation for the tool, enabling easy adoption and use by the community (Target Completion: 5/2024)
- Task 5.2: Engage with the Stacks community to gather feedback and further refine the tool (Target Completion: 5/2024)
Development Platform: GitHub will be the primary platform for all development work, ensuring transparency, collaboration, and version control.
Collaboration and Feedback:
- Regular Check-ins with Jesse Wiley: Engage in periodic discussions with Jesse Wiley for progress updates, feedback, and guidance.
- Engagement with Friedger Müffke and Ludo Galabru: Seek feedback and insights from Friedger Müffke and Ludo Galabru who both have followed this type of testing in our work and discussions on GitHub.
Workflow:
- Issue Tracking and Feature Request: Utilize GitHub's issue tracking for organizing tasks, bugs, and feature requests.
- Pull Requests for Collaboration: Encourage collaborative code reviews and contributions through pull requests.
Documentation and Community Interaction:
- Progress Documentation: Regularly update project documentation on GitHub to keep the community informed and engaged.
- Community Feedback Loop: Actively seek and incorporate community feedback into the development process to ensure the tool meets user needs and expectations.
Past Contributions:
- Educational Outreach: Conducted a property-based testing talk for the sBTC Engineering WG, enriching the community's educational resources. Also authored several blog posts on the subject, further contributing to knowledge sharing within the community.
- Enhancing PoX-4 Tests: Suggested the use of necessist, a tool from Tail of Bits, to improve bug identification in existing tests.
- Mutation Testing Initiative: I facilitated an important collaboration between Stacks Foundation and the cargo-mutants creator, enhancing the mutation testing process. My involvement aimed to secure professional development for cargo-mutants, optimizing its performance.
- Collaboration with the Nakamoto WG: Engaged with members to discuss and enhance their property-based testing efforts.
Future Commitment:
- Continued Knowledge Sharing: Eager to maintain an active role in knowledge sharing, through talks, workshops, or collaborative projects.
- Broadening Expertise: Open to contributing to tasks outside my immediate expertise, as a means to deepen my understanding of the Stacks ecosystem and its challenges.
- Community Collaboration: Ready to engage with community members on various projects, offering support, and learning from collective experiences.