Kuyfi, a black-box security scanner for Soroban smart contracts, launches its first phase. It analyzes contract bytecode without requiring source code, addressing a critical gap in DeFi security for protocols like Soroswap and Blend.
Kuyfi is a native Soroban security scanner that performs black-box analysis on smart contracts by extracting and decoding WASM bytecode directly from the blockchain, eliminating the need for source code access. The project completed Phase 1 with an OSINT scanner capable of validating contract IDs, fetching compiled bytecode, mapping function endpoints and signatures, and providing a terminal interface. Phase 2 will introduce active attack capabilities including mathematical fuzzing for overflow detection and access control fuzzing to test unauthorized function execution. Built by Tellus Cooperative as open-core software, Kuyfi aims to democratize security auditing for emerging DeFi protocols in Latin America and globally.
