Introducing Trident: The First Open Source Fuzzer for Solana Programs

Trident is a Rust-based framework designed to allow developers to fuzz test Solana programs written in Anchor. Developed by Ackee Blockchain and supported by Solana Foundation, Trident simplifies the testing process and helps developers discover edge case vulnerabilities to deliver secure code.

Trident’s development began two and a half years ago, in 2021, and was originally named Trdelník. Trident won the Marinade Finance Community Award at the 2022 Solana Riptide Hackathon and received a development grant from the Solana Foundation in 2023.

characteristic

1. Create automated fuzz tests: Reduce setup time and effort by simplifying the creation of test templates for anchor programs.
2. Adaptive Input: Generate dynamic and adaptive inputs to improve test coverage and uncover hidden vulnerabilities.
3. Guided training sequence: Use customizable instruction sequences for faster, more effective test results.
4. Invariant check: Developers can implement custom checks to find vulnerabilities and unwanted behavior.

installation

Trident is distributed through Rust’s cargo package manager. To install Trident and its dependencies, follow these steps:

1. Install Trident CLI and honggfuzz.
2. Initialize Trident in your project:

   This command sets up Trident for your project, generating the necessary files and configuration.

Fuzz testing is an automated technique that provides a program with generated random, invalid, or unexpected input data. This can help you discover unknown bugs and vulnerabilities and potentially prevent zero-day attacks. Trident integrates the well-known fuzzer honggfuzz developed by Google to facilitate fuzz testing of Solana programs.

Example: Setting up a new anchor project

1. 1. Initialize project:
   2. Create a buggy program:
      Create a program called unchecked_arithmetic_0 There are intentional bugs for testing purposes.
      
   3. Reset Trident:
      
   4. Write a fuzz test:
      Modify the fuzz test template in ‘trident-tests/fuzz_tests/fuzz_0/fuzz_instructions.rs’ and complete the implementation. get_data and get_accounts method and FuzzAccounts Structure:
      
      Modify the fuzz test template in ‘trident-tests/fuzz_tests/fuzz_0/test_fuzz.rs’.
      
   5. Run a fuzz test.
   6. Debugging with conflict files:Use conflict files to debug and check for problems.
      

Trident also supports integration testing, allowing developers to test their Solana programs in a simulated environment that closely reflects the real Solana blockchain. This allows the program to interact properly with the blockchain and other programs.

read documentationstar sign GitHub repository Follow Trident on Twitter/X. @Trident Solana For updates. To get developer support Discord #Trident-Chat And on and on Warpcast/Trident Channel.