🛠️ Fuzzing Foundry Projects

Our CLI now supports Foundry projects, although it's currently in beta, so we'd love to hear your feedback.
The good news is that we have recently added support for Foundry projects. The even better news is that this required almost zero configuration from the user's side!
Using this feature requires an active subscription and API key. See how to get these, here: Subscriptions and API Key
If you currently have a Foundry project with Foundry fuzzing tests configured, here is how to get started:

Install the Fuzzing CLI

pip3 install diligence-fuzzing

Run the Fuzzing CLI

fuzz forge test -k your_api_key

Targeting specific tests and contracts

Usage: fuzz forge test [OPTIONS]
Command to: * Compile unit tests * Automatically collect unit-test
contracts * Submit to fuzzing
-k, --key TEXT API key, can be created on the FaaS Dashboard.
--dry-run Outputs the data to be sent to the FaaS API without
making the request.
--match-contract TEXT Only run tests in contracts matching the specified
regex pattern
--match-path TEXT Only run tests in source files matching the specified
glob pattern
--build-args TEXT Additional string of `forge compile` command
arguments for custom build strategies (e.g. --build-
args=--deny-warnings --build-args --use 0.8.1)
--help Show this message and exit.

Cheatcode Support

There is experimental support for the following cheat codes. Would you like us to add more? Feel free to use the support widget on the dashboard to let us know!
function warp(uint256 timestamp) external;
function roll(uint256 number) external;
function load(address c, bytes32 loc) external returns (bytes32 val);
function store(address c, bytes32 loc, bytes32 val) external;
function sign(uint256 sk, bytes32 digest) external returns (uint8 v, bytes32 r, bytes32 s);
function addr(uint256 sk) external returns (address addr);
function prank(address addr) external;
function startPrank(address addr) external;
function prank(address addr,address origin) external;
function startPrank(address addr,address origin) external;
function stopPrank() external;
function deal(address addr, uint256 balance) external;
function assume(bool cond) external;

Partial Property Checks

There may be instances when certain property checks are partially checked. This typically occurs when we're unable to fully analyze them. While we make every effort to provide a comprehensive analysis, certain aspects of your project may be beyond the current scope of our capabilities.
One potential cause of partial property checks is the use of an unsupported Foundry Cheatcode. Cheatcodes are a powerful tool in Foundry, enabling developers to automate and optimize various processes. However, not all cheatcodes are currently supported by our analysis software.
If you notice that a property check has been partially skipped in your project analysis, we recommend checking the list of unsupported cheatcodes. This list is conveniently located above the source files section on the report, and can give you an insight into whether an unsupported cheatcode is causing the skipping.
We understand the importance of providing complete and accurate analysis, and we're constantly working to enhance our capabilities. This includes ongoing efforts to add support for more cheatcodes. We appreciate your understanding and patience as we continue to refine and expand our analysis tools.
Please continue to check back regularly for updates, and don't hesitate to contact us if you have any questions or concerns about your project's analysis.

If my property is partially checked, why is it showing issues?

An important question you might be asking is, "If my property is partially checked due to unsupported cheatcodes, why does it still show issues?"
While we may not fully support certain properties, we still perform an initial check on all properties. Our system is designed to identify and report potential issues, even in unsupported areas. As such, it is possible for us to discover violations in properties that are generally skipped during our analysis.