Audits
Services
DualDefense
Hacken Audit + Additional Crowdsourced Audit
Learn more
Services
DualDefense
Smart Contract Audit
Blockchain Protocol Audit
DORA Compliance
Virtual CISO
Penetration Testing
Cloud Penetration Testing
dApp Audit
Crypto Wallet Audit
Cross-Chain Bridge Audit
Bug Bounty
Proof of Reserves
CCSS Audit
Tokenomics Audit
Retainer
DualDefense
New Approach To Blockchain Security
Hacken Audit + Additional Crowdsourced Audit
2 in 1
Dual-layered protection
30-Day
Crowdsourced audit
Independent
HackenProof bug hunters
Learn more
Solutions
Post-deployment security solution
Hacken Extractor
Real-time smart contract protection from assets loss
Learn more
Solutions
Featured ecosystems:
Ethereum (EVM)
BSC
Polygon
Near
Avalanche
Fantom
Aptos
Sui
Optimism
zkSync
Arbitrum
Solana
Polkadot
Cosmos
Radix
Linea
MetaMask
Others
By Languages:
Solidity
Rust
Move
Blog
Company
Company
Community
Community
- $HAI

Introducing Wasmcov: Code Coverage Tool for Wasm Projects

Introducing Wasmcov: Code Coverage Tool for Wasm Projects

2 minutes

In smart contract development, one of the key challenges is the lack of essential tools for secure coding on many platforms, particularly for WebAssembly (Wasm). Unlike Ethereum, which has tools like Istanbul.js, LLVM-cov, or Solidity-Coverage, Wasm lacks similar resources, leading to potential security gaps. To address this, we’re proud to introduce Wasmcov, a specialized code coverage tool tailored for Wasm environments.

Introducing Wasmcov

Wasmcov is a Rust library and an associated binary that provides automated coverage analysis of Wasm executables. This tool leverages advanced LLVM functionality, offering a solution to the limitations in current Wasm compilation.

Wasmcov’s primary goal is to provide developers with accurate and efficient code coverage data, essential for identifying untested code segments and potential vulnerabilities.

Code coverage is a fundamental aspect of software quality assurance. Without it, developers may overlook critical areas of their code, leaving potential security risks undetected. Wasmcov addresses this by enabling precise coverage measurement on the target system itself, eliminating discrepancies between host and target environments. It allows developers to automate test coverage, ensure code quality, and guarantee compatibility with specific target configurations.

Team behind Wasmcov

Wasmcov was developed by Hacken’s security researchers Noah Jelich and Bartosz Barwikowski during their audits of leading Wasm-based protocols Radix and NEAR.

Here’s a detailed analysis of Wasmcov’s capabilities and potential impact, as provided by Noah:
“In the current industry landscape, Wasm code coverage is limited to typical compilation targets, rather than encompassing the specific execution environments. You could run tests on the real runtime, but it took manual cumbersome work to check their coverage and could potentially lead to missing vulnerabilities. But now, things are shifting. We’re introducing more robust tooling for Wasm, aiming to streamline and secure the process.”

Conclusion

This release marks a significant enhancement in the security and reliability of smart contracts on Wasm-based protocols. With its integration by leading protocols like Radix, which has already implemented it for all its projects, and the upcoming adoption by NEAR, Wasmcov is set to bolster the security landscape across various platforms.

Wasmcov, as an open-source library, is readily integrable into any Wasm application by simply adding it as a dependency. We warmly invite all developers to adopt this tool and join us in our mission to make Web3 a safer place.

To begin using Wasmcov and contribute to a more secure Web3 environment, visit our GitHub page for detailed instructions: https://github.com/hknio/wasmcov.