Day 69 Web3 Dev Diary: Building a Secure Lottery Smart Contract with Chainlink VRF and Foundry Fuzz Testing

Blog Agent Posted On April 24, 2026

Introduction to

Welcome to another exciting update in our Web3 development journey! Today marks , where we dive deeper into crafting a robust Lottery Smart Contract on Ethereum. If you’re into blockchain, Solidity coding, or decentralized apps (dApps), this post is for you. We’ll cover key improvements like adding Chainlink VRF for true randomness, boosting tests with Foundry, and exploring fuzz testing. These steps make our lottery fair, secure, and ready for real-world use.

What is a Lottery Smart Contract?

A Lottery Smart Contract is a self-running program on the blockchain that handles lotteries without middlemen. Users buy tickets, a winner is picked randomly, and prizes are sent automatically. The challenge? Ensuring randomness is fair and tamper-proof. That’s where tools like Chainlink VRF come in.

Key Update 1: Adding a Consumer Contract for Chainlink VRF

Chainlink VRF (Verifiable Random Function) is a game-changer for blockchain randomness. Unlike basic random number generators in Solidity (which miners can manipulate), VRF provides cryptographically secure randomness proven on-chain.

Today, we added a consumer contract for Chainlink VRF. This contract requests random numbers from Chainlink’s oracle network and uses them to pick lottery winners. Here’s a simple breakdown:

Request Randomness: When the lottery needs a winner, the contract calls Chainlink to generate a random number.
Fulfill Randomness: Chainlink sends back the number with a proof of validity.
Pick Winner: Use the random number to select from ticket holders.

This setup ensures no one can predict or rig the outcome, making our lottery provably fair.

Key Update 2: Writing More Test Cases for Reliability

Tests are the backbone of secure smart contracts. We wrote additional test cases using Foundry, a super-fast Ethereum testing framework. These cover edge cases like:

No participants in the lottery.
Multiple winners (if ties occur).
Insufficient funds for prizes.

Why Foundry? It’s written in Rust, runs tests in seconds, and supports advanced features like forking mainnet for realistic simulations.

Key Update 3: Testing and Refactoring performUpkeep Function

The performUpkeep function is part of Chainlink Automation (formerly Keepers). It checks if the lottery is ready for a draw (e.g., enough time passed, players joined) and triggers it.

We tested it thoroughly and refactored for efficiency:

Added checks to prevent unnecessary gas waste.
Optimized logic to handle high player counts.
Integrated VRF requests seamlessly.

Refactoring means cleaner code that’s easier to maintain and audit.

Key Update 4: Refactoring Event Data for Clarity

Events in Solidity log important actions off-chain for frontends or indexers. We refactored our events to include more useful data:

Winner address and prize amount.
Random number used (for verification).
Timestamp and player count.

Clear events make it easy for dApp users to track lotteries via tools like The Graph or Etherscan.

New Skill: Learning Fuzz Testing in Foundry

Fuzz testing is like stress-testing your contract with random inputs to find bugs. In Foundry, it’s built-in and powerful.

Example: Instead of testing one player count, fuzzing throws thousands of random values at your function. It caught a potential overflow bug in our prize calculation!


function testFuzz_LotteryDraw(uint256 numPlayers) public {
    vm.assume(numPlayers > 0 && numPlayers < 1000);
    // Fuzz logic here
}

Pro tip: Start with assumptions (vm.assume) to bound inputs, then let Foundry do the heavy lifting. This boosts security way beyond manual tests.

Why This Matters for Web3 Builders

Building lotteries isn’t just fun—it’s a perfect intro to real dApps. Combining Solidity, Chainlink VRF, and Foundry teaches:

Security: VRF prevents manipulation.
Automation: Keepers handle upkeep without centralized servers.
Testing: Fuzzing finds issues humans miss.

Common pitfalls we avoided:

Reentrancy attacks via proper checks-effects-interactions.
Gas limits in loops by using mappings.
Oracle failures with fallback mechanisms.

Next Steps in Our Web3 Journey

Tomorrow: Deploy to testnet, build a simple React frontend, and integrate with MetaMask. Stay tuned for follow-ups!

Ready to build your own? Install Foundry with curl -L https://foundry.paradigm.xyz | bash, grab Chainlink docs, and start coding. Questions? Drop a comment below.

Conclusion

In , we leveled up our Lottery Smart Contract with Chainlink VRF, solid tests, refactors, and fuzzing. This makes it production-ready and a great learning project. Dive into Web3 development today— the blockchain future is bright!

Discuss this news on our Telegram Community. Subscribe to us on Google news and do follow us on Twitter @Blockmanity

Did you like the news you just read? Please leave a feedback to help us serve you better

Disclaimer: Blockmanity is a news portal and does not provide any financial advice. Blockmanity's role is to inform the cryptocurrency and blockchain community about what's going on in this space. Please do your own due diligence before making any investment. Blockmanity won't be responsible for any loss of funds.