Replace public testnets with flexible, collaborative development infrastructure. Get started with Virtual TestNets!

A Security Auditors’ Guide to Virtual TestNets

Security auditors lack on-chain context and complete observability during typical smart contract audits. With Virtual TestNets, they get complete on-chain data and built-in tools to run realistic tests and uncover potential vulnerabilities.

A Security Auditors’ Guide to Virtual TestNets

In this post

With some smart contracts containing thousands of lines of code, finding a potential bug can feel like searching for a needle in a haystack. With no previous context and limited time constraints, you’re forced to analyze code from every possible perspective, reading it line by line in a code editor or even printing it out on paper. 

However, lacking essential on-chain data during the initial stages of the auditing process, how can you even determine if everything executes as intended? Even with significant effort invested in uncovering unexpected smart contract behavior, reading the code provides a different perspective from reviewing actual transaction traces that show code execution step by step.

With Tenderly Virtual TestNets, you can recreate the realistic conditions of a production network from the moment you start auditing code. Virtual TestNets are virtually running network replicas synced with the latest mainnet state. You can use them to review code execution against the most recent on-chain data and simplify the auditing process. 

How to do a security audit with Virtual TestNets

During a typical audit, you need to comb through a codebase with limited on-chain context, recreate a code execution environment, and decipher illegible data. Additionally, as engn33r, a Web3 security researcher at yAcademy and yAudit points out, security auditors also encounter challenges related to: 

  1. Unrealistic contract integrations as protocol testing often relies on using “mock” contracts to test the underlying interactions. Ultimately, this results in differences between the tests written for the protocol and its real-world, on-chain operation. 
  2. Lack of visibility into constructor arguments that can cause inaccurate assumptions about actual, on-chain values of the live protocol. Without proper documentation, deployment scripts, and on-chain context, auditors cannot determine the on-chain behavior of such arguments with certainty.
  3. Inefficient and difficult debugging of the transactions executed during testing. Running tests solely using Hardhat or Foundry forces you to read the test code line by line and interpret everything on your own. 
When you run a set of tests with Hardhat or Foundry, you don't have Tenderly to help debug the transaction trace and understand what's going on. You're usually just reading the test code and piecing it together in your head. – engn33r, Web3 security researcher at yAcademy and yAudit.

On the other hand, Virtual TestNets give you a zero-setup network replica with built-in tools for running tests, analyzing code, and debugging issues. Synced with the latest state of a production network, they give you complete on-chain data so you can audit code execution under realistic conditions.

Plus, Virtual TestNets also come with an unlimited faucet for native and ERC-20 tokens, so you no longer have to waste time begging for test ETH. Instead, you can focus on the audit, ensuring that smart contracts execute as expected.

How to use Virtual TestNets for auditing

As auditors, you can deploy, verify, and stage smart contracts on a Virtual TestNet using industry-recognized frameworks such as Hardhat or Foundry. If protocol teams handle contract staging, they can share a link to a Virtual TestNet, saving you time and effort in recreating the execution environment. 

You can then speed up and simplify your entire auditing process in several ways: 

  • Run automated tests against complete on-chain data. Plug Virtual TestNets into your existing workflow and run unit, integration, and penetration tests. Since the code is executed against the latest mainnet state, you can test the contracts’ interoperability with other underlying contracts and protocols to identify potential vulnerabilities. 
Virtual TestNets offer a fast alternative to running quick tests compared to writing and editing Hardhat or Foundry tests, with the added benefit of storing the full history of previous test result outputs run in the past. – engn33r
  • Build Proof-of-Concept transactions. Use Virtual TestNets to build PoC transactions for potential attacks. You can do this by sending transactions either through the user-friendly dashboard or by writing Foundry scripts. Either way, you can create and send custom transactions to Virtual TestNets, demonstrating possible attacks.
  • Perform a line-by-line review with in-depth observability. Get complete visibility into transactions, stepping through their execution trace-by-trace. Analyze decoded balance and state changes, emitted events, and involved contracts in a human-readable format. This way, you can identify faulty logic, hidden vulnerabilities, or code inefficiencies. 
  • Test custom edge-case scenarios. After staging contracts, you can configure all the assets, creating a realistic expected state. You can also impersonate any account and manipulate the state of your Virtual TestNet by setting custom values to override storage, jump forward in time, or adjust balances.
  • Address issues and validate solutions instantly. If you come across unexpected behavior or a bug, dig deeper using the built-in Tenderly Debugger to pinpoint the exact location and cause of the issue. Plus, share links to transactions or even entire Virtual TestNet environments with your team to discuss PoCs and potential solutions. 
  • Publish the audit report with interactive examples. Once you complete your audit, you can include links to publicly available Virtual TestNets as examples in your audit report. This way, you can support the report findings with actual data, showcasing potential exploits in an easier-to-review dynamic format rather than sharing static PoC code. Others can even fork your Virtual TestNets to try out alternative scenarios.

How to stress-test protocol security

The most effective way to stress-test a protocol is to create it using Foundry scripts. Running your stress-tests is as simple as it gets:

forge script script/StressTest.s.sol:StressTest \
--rpc-url $VIRTUAL_TESTNET_RPC

Virtual TestNets also provide a shared isolated environment for collaboration on specific edge-case scenarios and protocol experimentation, such as simulated attacks. For instance, Security Alliance (SEAL) uses Virtual TestNets in their security drills for testing and ensuring protocol resiliency. 

After careful planning and analyzing a protocol from different perspectives, the team runs a simulated attack on a Virtual TestNet, playing out a custom scenario designed specifically for each protocol team. Additionally, thanks to the built-in explorer and tools, protocol teams have everything they need to analyze and mitigate the simulated attack.

Simplify & fortify security with Virtual TestNets

Security audits require significant time and effort, requiring you to inspect every line of code from every possible perspective. Why not make this process faster, easier, and generally more enjoyable? 

Use Virtual TestNets to audit smart contract code under realistic conditions that mimic a production chain while gaining complete observability into executed transactions. Replace unnecessary environment setups and lengthy code deciphering with human-readable insights in zero-setup testing environments. See for yourself how Virtual TestNets can improve your auditing process!