Configuring the CLI

Setting up a fuzzing configuration is simple! 
We've structured this part of the docs in two sections:
The first section contains a small sample configuration that will likely be enough to get you started. It'll also have a larger configuration with all the configuration options that are available to you!
The second section contains some tips and tricks that you can use to improve your fuzzing config and super-charge fuzzing. 
Don't worry about the configuration too much. The simple configuration will get you some awesome fuzzing results in no time!
Installing the CLI
The Diligence Fuzzing CLI runs on Python 3.6+, including 3.8 and pypy3. To install it, simply run:
1
pip3 install diligence-fuzzing
Copied!
Configuration
First, below is our base configuration, which you'll recognise from Fuzzing 1-2-3:
1
# .fuzz_token.yml
2
​
3
analyze:
4
    # We need to know where the dependencies live
5
    remappings:
6
      - "@openzeppelin=./node_modules/@openzeppelin"
7
fuzz:
8
    # Tell the CLI which development framework you are using
9
    # Currently, the supported values are: truffle, hardhat, brownie, dapptools
10
    ide: hardhat
11
    
12
    # A project name or previous campaign ID to be used as a starting point.
13
    corpus_target: myproject
14
    
15
    # Scribble no-assertion mode
16
    no_assert: True
17
    
18
    # Tell the CLI where to find the compiled contracts and compilation artifacts
19
    build_directory: artifacts
20
    
21
    # The following address is going to be the main target for the fuzzing campaign
22
    deployed_contract_address: "0x48b8050b4174f7871ce53AaF76BEAcA765037BFf"
23
    
24
    # We'll do fuzzing with 32 cores 🚀
25
    number_of_cores: 32
26
    
27
    # When the campaign is created it'll get a name <prefix>_<random_characters>
28
    campaign_name_prefix: "my-first-campaign"
29
    
30
    # Set the API key, which can be obtained from the Diligence Fuzzing Dashboard
31
    key: "bHd3...ddsds"
32
    
33
    # Point to your ganache node which holds the seed 🌱
34
    rpc_url: "http://localhost:8545"
35
    
36
    # Set a time limit, at the end of which the campaign is stopped, e.g. 10minutes , 2hours,  3days
37
    time_limit: 2hours
38
    
39
    # This is the contract that the campaign will show coverage for, map issues to, etc.
40
    # It's a list of all the relevant contracts (don't worry about dependencies, we'll get those automatically 🙌)
41
    targets:
42
        - "contracts/Token.sol"
Copied!
The following extends the configuration and sets all available configuration options:
1
# .fuzz_token_full.yml
2
​
3
analyze:
4
    # We need to know where the dependencies live
5
    remappings:
6
      - "@openzeppelin=./node_modules/@openzeppelin"
7
      - "@ozUpgradesV3=OpenZeppelin/[email protected]"
8
      
9
    # Sometimes you want to enforce a speecific solidity version
10
    solc_version: "0.6.12"
11
    
12
fuzz:
13
    # Tell the CLI where to find the compiled contracts and compilation artifacts
14
    build_directory: artifacts
15
    
16
    # The following address is going to be the main target for the fuzzing campaign
17
    deployed_contract_address: "0x48b8050b4174f7871ce53AaF76BEAcA765037BFf"
18
​
19
    # This parameter tells the fuzzer to also fuzz these contracts
20
    additional_contracts_addresses:
21
        - "0x0eb775F99A28cb591Fa449ca74eF8E7cEd3A609a"
22
        - "0x21C62e9c9Fcb6622602eBae83b41abb6b28d7256"
23
​
24
    # We'll do fuzzing with 32 cores 🚀
25
    number_of_cores: 32
26
    
27
    # When the campaign is created it'll get a name <prefix>_<random_characters>
28
    campaign_name_prefix: "my-first-campaign"
29
    
30
    # Set a default project to which your campaigns will be attached to
31
    project: "my project name"
32
    
33
    # Set the API key, which can be obtained from the Diligence Fuzzing Dashboard
34
    key: "bHd3...ddsds"
35
    
36
    # Point to your ganache node which holds the seed 🌱
37
    rpc_url: "http://localhost:8545"
38
    
39
    # Set a time limit, at the end of which the campaign is stopped, e.g. 10minutes , 2hours,  3days
40
    time_limit: 2hours
41
    
42
    # This is the contract that the campaign will show coverage for, map issues to, etc.
43
    # It's a list of all the relevant contracts (don't worry about dependencies, we'll get those automatically 🙌)
44
    targets:
45
        - "contracts/Token.sol"
Copied!
Tips and Tricks
Make sure you have the right 'other_contract_addresses'
If you forget to add a crucial component to your other_contract addresses then the fuzzer will ignore that contract. Unfortunately, that can result in parts of your system becoming unreachable. To avoid that make sure to add the addresses of all relevant components!
Getting Started - Previous
Seed Deployment
Next - Getting Started
FAQ
Last modified 21h ago
Copy link
Contents
Installing the CLI
Configuration
Tips and Tricks
Make sure you have the right 'other_contract_addresses'