Security

Hacken Introduces A Code Coverage Generation Tool for WebAssembly-based Protocols

Hacken, a leading cybersecurity provider, introduces the code coverage generating tool for WebAssembly (Wasm)-based protocols. It helps to ensure that the whole codebase gets tested, ultimately fortifying its security and reliability. For context, Wasm is the second most popular option for smart contracts after the Ethereum Virtual Machine (EVM), but it doesn’t offer native code coverage utility.

Automatic testing is a cornerstone of software development. However, this assurance is only complete when complemented by robust Code Coverage utilities such as Istanbul.js, LLVM-cov, or Solidity-Coverage. Software testing without code coverage analysis fails to ascertain the thoroughness of code examination. This lack of assurance regarding the extent of code execution can leave critical components untested, heightening the risk of undetected defects. While it is available for Ethereum-based projects, Wasm-based protocols don`t have an option to check test coverage. It may lead to critical security gaps even after all the security best practices are followed.

The solution developed by Hacken’s top researchers Noah Jelich and Bartosz Barwikowski is an open-source Rust library called Wasmcov that leverages low-level LLVM functionality, overcoming limitations in current coverage support for Wasm compilation. The result is a powerful tool that allows coverage measurement directly on the target system, eliminating discrepancies between host and target environments.

The solution is already integrated into the Radix ecosystem, which enables all Radix-built projects to utilize code coverage measurement. The next protocol to get Wasmcov integrated will be NEAR. Projects that are built on other Wasm-based protocols can set up Wasmcov manually following the documentation. The libraries and set-up guidelines are available on Hacken`s Github repository.

“In the current industry landscape, WASM code coverage is limited to typical compilation targets, rather than encompassing the specific execution environments. You could run tests on the real runtime, but it took manual cumbersome work to check their coverage, and could potentially lead to missing vulnerabilities. But now, things are shifting. We’re introducing more robust tooling for Wasm, aiming to streamline and secure the process”
– Noah Jelich, Wasmcov Co-Creator, and Hacken Security Researcher

Hacken’s solution is poised to transform the landscape of code testing for WebAssembly-based projects, enabling developers to automate test coverage, ensure code quality, and guarantee compatibility with specific target configurations.

Source

Click to rate this post!
[Total: 0 Average: 0]
Show More