On-chain activity
Web3 OSINT Platform
The Web3 OSINT Platform analyzes blockchain transactions to track and investigate cryptocurrency movements across multiple networks. The system implements forensic techniques for digital asset tracking, enabling investigators to identify patterns and relationships between wallets and transactions.
Fuzzing Labs
Fuzzing Labs is a Paris-based offensive cybersecurity firm founded in 2021 by Patrick Ventuzelo, a former French Ministry of Defense security researcher. The company employs approximately 18 specialists across firmware security, cryptography engineering, mobile security, and AI-assisted vulnerability research. Its work spans security assessments, applied tooling research, and hands-on training for organizations operating in firmware, embedded systems, IoT, automotive, telecom, and blockchain environments. Over its history, the team has identified more than 1,500 vulnerabilities, earned three Pwn2Own competition wins, and presented findings at Black Hat, OffensiveCon, REcon, and SSTIC.
The leadership team consists of Ventuzelo as CEO, Tanguy Duhamel as CTO, and Nabih Benazzouz as COO, who also leads audit engagements. The company's stated mission is to "uncover and mitigate vulnerabilities before they can be exploited at scale, continuously, and across the entire software and hardware stack."
The Problem Fuzzing Labs Addresses
Security research in emerging technology stacks — particularly blockchain virtual machines and proprietary firmware — suffers from a fragmented tooling landscape. Auditors must assemble separate tools for static code analysis, binary disassembly, and on-chain program retrieval. Regulatory standards such as the EU Cyber Resilience Act and ISO/SAE 21434 impose new compliance requirements on embedded and connected products. Fuzzing Labs positions itself as a research-driven firm that can bridge these gaps through bespoke tooling and direct engagement, operating across the full stack from hardware interfaces to smart contract runtimes.
Core Services
Security Assessments cover firmware audits, binary reverse engineering, hardware fuzzing, and vulnerability research aligned with compliance frameworks. Engagements span IoT and operational technology, automotive systems, AI/ML pipelines, 4G/5G telecoms infrastructure, cryptographic implementations, and blockchain protocols. Clients have included Meta, Google, Ethereum Foundation, Worldcoin, Fastly, Coinbase, Apple, Amazon, Cisco, Intel, CrowdStrike, Palo Alto Networks, Shopify, and Deloitte.
Software Security Engineering integrates offensive validation directly into client development pipelines, embedding security checks into CI/CD workflows with support for air-gapped and sovereign deployment environments.
Applied Research and Development produces custom fuzzers, binary translators, symbolic execution frameworks, and open-source tooling. Fuzzing Labs maintains 31 public GitHub repositories covering WebAssembly analysis, Cairo/Starknet security tooling, Solana program analysis, and AI-assisted vulnerability research benchmarking.
Training delivers technical courses on firmware security, embedded systems reverse engineering, and program analysis at events including RingZer0, OffensiveCon, and StarkNetCC.
FuzzForge: The Flagship Platform
Fuzzing Labs has developed FuzzForge, an AI agent orchestration platform for continuous offensive validation across firmware, binaries, and embedded systems. FuzzForge is designed to automate vulnerability discovery and to help organizations meet regulatory requirements without depending entirely on periodic manual assessments. The platform represents the company's push beyond consulting engagements into productized security infrastructure.
Solana Ecosystem Contributions
Fuzzing Labs has developed meaningful depth in Solana program security, building original tooling and publishing independent vulnerability research.
Sol-azy is the firm's primary Solana-specific contribution: an open-source, modular CLI toolchain for static analysis and reverse engineering of Solana sBPF (Scalable Berkeley Packet Filter) programs. Released in July 2025, sol-azy consolidates capabilities that previously required multiple separate tools. As the project documentation explains, "analyzing a Solana program meant juggling multiple tools, one for static code analysis, another for disassembling BPF binaries, plus manual steps to fetch program code from the blockchain." Its architecture consists of five modules:
- Static Analysis (SAST): Scans Rust source code using Abstract Syntax Tree patterns via Starlark scripting. Users write custom security rules evaluated against an enhanced AST structure that includes metadata, access paths, and parent-child node relationships. The engine uses the Starlark-rs virtual machine rather than Python, providing more structured AST access than a standard interpreter approach.
-
Reverse Engineering: Disassembles compiled
.sobytecode into annotated sBPF assembly, generates Graphviz-format control flow graphs, and performs rodata tracking — automatically resolving embedded string constants and numeric values back to their assembly locations for semantic context. - Fetcher Module: Retrieves deployed program bytecode directly from Solana mainnet by program ID, handling both executable programs with upgradeable loader resolution and raw account data including Anchor struct discriminators.
- CFG Editing: Allows selective reconstruction of control flow graphs, enabling auditors to focus on specific functions within large programs without navigating the full graph.
- Build Integration: Compiles Anchor and native SBF programs from source.
A November 2025 update added "audit-friendly overviews" — structured snapshots of each instruction in an Anchor project designed to accelerate the onboarding phase of security reviews. Sol-azy is written primarily in Python with Rust components and licensed under the Server Side Public License v1. It targets security auditors examining closed-source on-chain programs, Solana developers adding security validation to their workflows, and blockchain researchers performing vulnerability analysis at the bytecode level.
Revival Attacks Research: Fuzzing Labs has published original research on a vulnerability class specific to Solana programs. A revival attack occurs when an attacker prevents proper account closure by exploiting Solana's garbage collection timing: because accounts are only deleted after a transaction completes, an attacker can close an account by removing lamports and then refund it within the same transaction, leaving it rent-exempt and available for unauthorized reuse. In a staking context, this allows bundling a redemption instruction with a lamport refund to repeatedly drain staking rewards. Fuzzing Labs has identified this pattern through bug bounty engagements and recommends three mitigations: zeroing out account data, setting a closed account discriminator, and transferring all lamports. The research notes that Anchor v0.30.0 and later omit the discriminator step, requiring manual implementation.
Solana VM Syscall Research: In May 2026, Fuzzing Labs published research into a vulnerability in Solana's virtual machine crypto syscall, discovered through a CTF-inspired methodology — demonstrating that competitive security challenge techniques can surface real-world findings in production blockchain infrastructure.
Broader Blockchain Security Work
Beyond Solana, Fuzzing Labs has published four formal security audit reports through its public GitHub repository: Drand (February 2024), AlignedLayer (August 2024), AlignedLayer ERC20 (December 2024), and Story Foundation (December 2024), all led by Benazzouz and Mohammed Benhelli.
The firm's Cairo/Starknet tooling predates the Solana work and reflects earlier investment in zero-knowledge smart contract security. Thoth — a Cairo bytecode analyzer, disassembler, decompiler, and symbolic execution framework — has accumulated 273 GitHub stars. Cairo-fuzzer, a smart contract fuzzer for Starknet, has 131 stars.
In December 2025, Fuzzing Labs published research demonstrating how fuzzing the AlignedLayer batcher uncovered a critical denial-of-service vulnerability in a core Ethereum ZK library, combining fuzzing methodology with blockchain infrastructure security.
Conference Presence and Research Output
Fuzzing Labs researchers present regularly at major security venues. Recent talks include research on attacking and fuzzing Ethereum Virtual Machines at Zer0Con 2025 and Rust inlining recovery at HSR 2024. In June 2026, CEO Patrick Ventuzelo delivered a keynote at leHACK — France's largest hacking conference — titled "No Need to Be a Mythos to Do Offensive Security," addressing the democratization of AI-assisted offensive security tooling. The company has also benchmarked 12 large language models for vulnerability research effectiveness and developed mcp-security-hub, an open-source collection of MCP servers integrating offensive security tools including Nmap, Ghidra, Nuclei, SQLMap, and Hashcat into AI assistant workflows, which has accumulated 616 GitHub stars.
Solana Fit
Solana's sBPF runtime, Rust-based program architecture, and performance-focused design create security considerations that differ substantially from EVM chains. Fuzzing Labs approaches these through low-level tooling rather than generic smart contract auditing: sol-azy operates at the bytecode level, the revival attacks research targets Solana-specific account lifecycle behavior, and the VM syscall research probes the runtime itself. The firm's background in binary analysis and firmware reverse engineering transfers directly to the challenge of auditing compiled sBPF programs — particularly closed-source, production-deployed contracts where source code is not available.
Contents
- The Problem Fuzzing Labs Addresses
- Core Services
- FuzzForge: The Flagship Platform
- Solana Ecosystem Contributions
- Broader Blockchain Security Work
- Conference Presence and Research Output
- Solana Fit
Solana Token Markets
