View All Big Spender

DotFuzz - Hardening Polkadot through TryState invariants and CI-fuzzing

inBig Spender
2 days ago
Deciding

Proposal Overview

We propose to harden Polkadot and increase its hacking resilience by:

  1. Embedding TryState invariants across high-impact pallets, and
  2. Launching an OSS-Fuzz-style framework, DotFuzz, for continuous runtime fuzzing, leveraging the invariants to transparently find deep logic bugs in new feature requests.

During the 6-month effort, we will collaborate closely with Polkadot’s core developers and ecosystem stakeholders, with whom this proposal is closely aligned.

The effort’s first value contribution is embedding standardized TryState invariants into Polkadot SDK pallets (starting from prioritized high-impact logic), ensuring that critical code changes are systematically verified. This strengthens the network’s safety without slowing development.

The second pillar involves leveraging industry-leading fuzzing technologies, specifically: Adapting Google’s OSS-Fuzz approach into a Polkadot-specific DotFuzz. The project will reach near-complete coverage of the codebase logic, with robust reporting and a reproducible test corpus that fosters security assurance and continuous improvement at an early development stage.

Funding is sought to support the end-to-end development and deployment of these advanced security capabilities over the course of six months.

Full Proposal

Deliverables

  • Month 1: Technical specification of the fuzzing farmwork; documents outlining the prioritization of pallets for the next steps
  • By month 3: TryState invariants merged into polkadot-sdk
  • By month 6: Fully open-source pipeline for continuous fuzzing of substrate-based runtimes, and a public dashboard for polkadot-sdk fuzzing

About Us

Security Research Labs is a cybersecurity consultancy committed to making the world more secure. Discover more about us on our website.

We have created two projects through referenda in the past (942 and 1045), and have collaborated with Parity and other Polkadot ecosystem partners since 2019.

We Appreciate Your Feedback

How can we improve our proposal? Your input will help us refine our approach to better serve the Polkadot community.

Comments (0)

PleaseLogin to comment

Requested

USDC
495.80K USDC

Voting has Started

2

of 3

Decision Period

2 / 28 days

Confirmation Period

0 / 7 days

Summary

0%

Aye

AyeNay

0%

Nay

Aye (2)0.0 DOT

Support0.0 DOT

Nay (10)0.0 DOT