Thomas Pani
Dr. Thomas Pani is a Web3 Security Researcher at blltprf.xyz with experience in the Ethereum, Cosmos, and Stellar ecosystems. He holds a PhD in Computer Science from TU Wien and has collaborated on notable security projects, including grants for consensus protocol verification from the Ethereum Foundation, the development of runtime monitoring tools for the Stellar Development Foundation, and work on the Quint specification language and the Apalache model checker for TLA+. He enjoys turning rigorous academic insights into practical solutions that actually help secure today's blockchain ecosystems.
Session
Fuzzing and Formal Methods are often seen as competing approaches to smart contract security. In this hands-on workshop, we combine insights from both, allowing participants to build a minimal EVM/Solidity smart contract fuzzer in Python within 25 minutes. We also explore critical questions such as:
- How can we measure the success of our fuzzing campaign?
- Is the number of runs a reliable coverage metric?
- What alternative metrics could provide deeper insights?
- Why is naive input generation insufficient for smart contracts?
- How can we improve input generation to achieve better coverage?
Participants will gain practical experience building a fuzzer while learning key concepts in smart contract fuzzing, guided by a Formal Methods-informed approach.