Dialogue Fuzzland: The Future of Web3 Needs On-Chain "Firewalls" That Everyone Can Deploy

Interviewee: Chaofan Shou, Co-founder of Fuzzland

Interviewer: kit, flowie, ChainCatcher

Despite the presence of established players like ConsenSys, OpenZeppelin, and Certik in the Web3 security service sector, new entrants continue to emerge. According to statistics from the crypto data platform RootData, approximately 15 Web3 security service providers have secured funding since the beginning of 2024.

Among them, Fuzzland, which focuses on automated auditing and on-chain real-time auditing, recently announced the completion of a $3 million seed round led by 1kx, with participation from HashKey Capital, SNZ, and Panga Capital.

The Fuzzland team has a strong background in security research. Its co-founder, Chaofan Shou, at just 23 years old, already holds a Bachelor's degree in Computer Science from the University of California, Santa Barbara, and has worked as a security engineer at the blockchain security startup Veridise and the Salesforce CRM SaaS company. He is currently pursuing a Ph.D. at the University of California, Berkeley, focusing on program analysis, distributed systems, and blockchain security.

In Chaofan Shou's view, there are still many market pain points in the Web3 security field. First, most audits rely on manual processes, which are inefficient and costly.

Second, there is almost a complete lack of real-time auditing on-chain. "Most on-chain security monitoring resembles a game of cat and mouse; when an attack occurs, it is difficult to quickly halt protocol risks and user fund losses."

Fuzzland aims to reduce the reliance on human intervention in security audits through a model combining AI, fuzz testing, and formal verification, providing on-chain real-time firewalls for protocols or end-users.

Two Major Blue Oceans in Web3 Security: Automated Auditing and On-Chain Firewalls

1. ChainCatcher: What is the current team size of Fuzzland? What are the backgrounds of the core team members?

Chaofan Shou: Fuzzland currently has 15 engineers and some product managers. Among them, there are senior developers of MEV bots who have earned millions of dollars through MEV bots.

Additionally, we have security researchers with experience in security research on systems like Windows, Chrome, and MacOS, as well as individuals from prestigious institutions like Stanford University who study security and program analysis.

2. ChainCatcher: The blockchain security product space is quite competitive. What is your view on the current state of the blockchain security industry? What market gaps and pain points is Fuzzland aiming to address?

Chaofan Shou: Although security companies in the blockchain space have slightly different auditing styles, most still rely on manual audits.

For instance, while ConsenSys employs automated auditing through dynamic analysis or formal verification, it still requires manual intervention, which is prone to errors. Moreover, due to the reliance on human auditors, there is a severe backlog in blockchain security audits.

Furthermore, since all audits are conducted in local environments rather than on-chain, many vulnerabilities go unaddressed once projects are deployed on-chain. For example, one project suffered millions of dollars in losses because it only reviewed local code and failed to audit its cross-chain bridge.

While some companies provide real-time monitoring on-chain, offering immediate intelligence when a protocol is attacked, most of the time, it resembles a game of cat and mouse. Attackers evolve their tactics, knowing what these companies are doing and finding ways to counteract them.

In contrast, Fuzzland attempts to conduct real-time security audits on-chain in addition to local static analysis to alleviate these issues.

Specifically, Fuzzland first manually identifies the security attributes that a project should always maintain. For instance, whether a project should have significant mobile losses or whether a slight price discrepancy could lead to massive liquidations. We perform formal verification and dynamic analysis locally to ensure the project does not violate these security attributes.

Once the protocol is deployed, Fuzzland executes the same process again to ensure there are no issues with the deployment. When the project has users and transactions occur, we conduct real-time dynamic analysis and formal verification to perform real-time security reviews of the protocol.

Additionally, by analyzing each transaction that has occurred, we can predict whether violations will happen in future transactions.

3. ChainCatcher: What are Fuzzland's current products and solutions? Who are the main target customers?

Chaofan Shou: Fuzzland currently has two products. One is the pre-deployment analysis platform Blaz. Users can provide a smart contract or just some addresses, and we will perform static analysis to identify false positives and missed vulnerabilities. The primary target audience for this platform includes developers, end-users of DeFi projects, or traders, helping them identify potential security issues with contracts being deployed or interacted with.

Fuzzland's other solution is called Blaz+, which primarily conducts real-time security audits on-chain. Specifically, when each transaction enters the user protocol, we analyze it. If it triggers any violations or leads to potential violations, as long as the user agrees to grant us the authority to pause the protocol, we will use an MEV-based approach to prevent such attacks.

Alternatively, we take a non-invasive approach; whenever we detect a potential attack, we attempt to perform a white-hat attack on the protocol to rescue funds.

We also have additional measures to mitigate risks. When an attack occurs, we promptly rescue any remaining funds in the protocol or funds deployed on other chains to minimize losses. The target audience for this platform mainly includes infrastructure and chains that want to ensure their TVL is not stolen by attackers.

More intuitively, users of our platform are notified of risks immediately if an attack occurs while interacting with smart contracts, allowing them to withdraw funds from the protocol in a timely manner.

Through our static and dynamic analysis platform, whenever users interact with contracts, we can immediately inform them whether the contract has vulnerabilities or what the centralization and interaction risks of the smart contract are, helping them decide whether to engage in transactions or stake funds.

Using AI to Reduce Human Dependency in Web3 Security Audits

4. ChainCatcher: What role does AI play in your products? How do you utilize AI?**

Chaofan Shou: We utilize LLMs (Large Language Models) to help save time in security audits. LLMs are responsible for selecting which parts of the code should undergo formal verification and which should be dynamically analyzed to expedite the auditing process.

Since LLMs can generate a lot of errors, we do not use them directly to output security audit results; instead, we use LLMs to provide prompts for human auditors, allowing them to spend less time on repetitive tasks.

5. ChainCatcher: How long has Fuzzland's product been operational, and to what extent can it enhance the efficiency of auditors and traders? Are there any noteworthy data to share?

Chaofan Shou: First, we have open-sourced our dynamic analysis and core software content, allowing everyone to use it.

Our integrated smart contract testing platform Blaz has been running for 2 months, with over 500 users registered and thousands of analyses conducted, helping users discover tens of thousands of vulnerabilities.

The on-chain real-time security analysis platform Blaz+ currently has only 5 projects or chains onboard, but in 2 months, it has helped users avoid losses of $500,000.

Our security platform can perform hundreds of analyses per second, while most other security audit solutions may take hours or even days to complete tens of thousands of analyses. We are the only platform capable of conducting real-time on-chain security audits.

6. ChainCatcher: What aspects of your current product do you think need optimization, and what are your future plans or goals for the product?

Chaofan Shou: First, the entire security audit still requires manual human involvement, and we hope to minimize this to the lowest extent, allowing humans to only confirm the results. We are currently trying different AI-based methods or traditional code generation methods to alleviate this issue.

Second, the entire security audit process uses formal verification and dynamic analysis, which consumes a lot of computational power; our platform has nearly 2,000 modules in constant use.

Therefore, we are trying to optimize algorithms to reduce computational overhead. For example, we are exploring whether we can cross-force publicly available computing power to directly use these cross-sourced resources to lower analysis costs.

7. ChainCatcher: Regarding saving computing power, do the currently popular AI GPUs help you?

Chaofan Shou: In fact, we only need to use CPUs. However, we are indeed exploring similar methods to achieve easier access to computing power.

For instance, we are considering running the entire process in the browser, where the browser is the site that inserts our script. Whenever users visit the site, they will automatically contribute computing power, and we can provide rewards to users or site owners.

8. ChainCatcher: How does Fuzzland educate developers on utilizing existing tools and auditing services to minimize user risks?

Chaofan Shou: Our open-source tools come with detailed documentation and tutorials. Compared to other similar tools, we strive to make our products as user-friendly as possible; for example, users often only need to submit a contract address, and our tools will automatically provide all potential vulnerabilities associated with that address.

For advanced users, we also offer LLM-based tools to help simplify the entire process. They do not need to write their own security attributes; they can directly use LLMs to generate security attributes. For some very complex definitions, such as dynamic analysis, users can log into our platform and simply confirm whether the LLM-generated content is correct or invalid, making the operation very straightforward.

The Future of Web3 Needs Real-Time "Firewalls" That Everyone Can Deploy

9. ChainCatcher: What are the challenges in developing or operating automated blockchain security software like Fuzzland? How does it differ from traditional security automation software?

Chaofan Shou: Although smart contracts have relatively few lines of code, they are extremely complex and difficult to analyze compared to Web 2 software. Specifically, smart contracts have functionalities similar to external interactions, allowing them to interact directly or indirectly with hundreds of contracts, making the analysis of a single smart contract akin to analyzing hundreds of them.

Additionally, most smart contracts are stateful, requiring multiple inputs or transactions to trigger a function. One of the most complex hacker attacks today can cost around $5,000 to exploit a smart contract's state.

Therefore, traditional security automation methods find it challenging to handle these situations. We use formal verification, AI, and other methods to optimize traditional security automation practices to make them suitable for handling smart contracts while achieving the lowest false positive and false negative rates in the market.

10. ChainCatcher: Can you share your pricing model? Who are your main customers using your products?

Chaofan Shou: Most of our products are free to use or even open-sourced. If a product does not require manual operation, it will be free.

However, if manual intervention is involved, our pricing is similar to most other security audits, and even lower than prices from security companies like Certik. Our main customers include wallets, chains, and DeFi projects.

11. ChainCatcher: Recently, Fuzzland announced a $3 million funding round. What are your strategic plans moving forward? What goals do you aim to achieve in 2024?

Chaofan Shou: First, we plan to onboard over 1,000 DeFi projects onto the Blaze+ platform this year and strive to ensure that all projects on the platform do not suffer attack losses.

Second, we aim to expand our C-end user base. We are collaborating with wallets and security providers to explore how to directly offer dynamic and static analysis to C-end users, allowing them to conduct transactions or staking with greater security.

Additionally, we currently have several members researching how to use large language models to reduce the overall costs of launching projects or decrease the time required for analysis while optimizing algorithms to ensure our security measures stay ahead of hackers.

12. ChainCatcher: Compared to the traditional internet security sector, what stage has the blockchain security industry reached? What is the biggest challenge currently facing the blockchain security industry?

Chaofan Shou: In terms of manual audits, Web3 is actually more experienced and performs better than traditional internet security.

However, in terms of firewalls, such as on-chain real-time analysis and monitoring, I believe we are still in the early stages. Almost every Web 2 user has a firewall deployed on their computer. In Web3, very few projects have deployed security solutions against on-chain threats, and even fewer C-end users have done so.

A few months ago, KyberSwap was hacked, resulting in the theft of tens of millions of dollars, all of which were user-staked funds. In fact, during the attack, the project had a few minutes to react, and the attacker initially stole only around $200,000, with the remaining assets still intact.

If users had deployed some form of automated firewall solution at that time, they could have withdrawn their funds earlier upon noticing the initial attack, ultimately resulting in smaller losses.

Why are Web3 projects or C-end users currently unable to deploy real-time analysis firewalls like Web 2? The main reason is the lack of automation in Web3 security solutions, making dynamic analysis of smart contracts very challenging and hindering timely rescue of funds locked in protocols.

However, we believe that the future of Web3 should include a truly useful firewall that is easy to deploy for devices and users, allowing every user or stakeholder in the Web3 network to reduce risks and losses caused by security issues. This is also a continuous exploration topic for Fuzzland.