Fuzzing
Search…
⌃K
💻

Configuring the CLI

Fine tuning everything for optimal fuzzing
Setting up a fuzzing configuration is simple!
We've structured this part of the docs in two sections:
The first section contains a small sample configuration that will likely be enough to get you started. It also includes a larger configuration with all the configuration options that are available to you!
The second section contains some tips and tricks that you can use to improve your fuzzing configuration and super-charge your fuzzing setup.
Don't worry about the configuration too much. The simple configuration will get you some awesome fuzzing results in no time!

Installing the CLI

The Diligence Fuzzing CLI runs on Python 3.6+, including 3.8 and pypy3. To install it, simply run:
pip3 install diligence-fuzzing

Configuration

First, below is our base configuration, which you'll recognise from Fuzzing 1-2-3:
# .fuzz_token.yml
analyze:
# We need to know where the dependencies live
remappings:
- "@openzeppelin=./node_modules/@openzeppelin"
fuzz:
# Tell the CLI which development framework you are using.
# Currently, the supported values are: truffle, hardhat, brownie, and dapptools
ide: hardhat
# A project name or previous campaign ID to be used as a starting point.
corpus_target: myproject
# Scribble no-assertion mode
no_assert: True
# Tell the CLI where to find the compiled contracts and compilation artifacts
build_directory: artifacts
# The following address is going to be the main target for the fuzzing campaign
deployed_contract_address: "0x48b8050b4174f7871ce53AaF76BEAcA765037BFf"
# We'll do fuzzing with 32 cores 🚀
number_of_cores: 32
# When the campaign is created it'll get a name <prefix>_<random_characters>
campaign_name_prefix: "my-first-campaign"
# Set the API key, which can be obtained from the Diligence Fuzzing Dashboard
key: "bHd3...ddsds"
# Point to your Ethereum node which holds the seed deployment 🌱
rpc_url: "http://localhost:8545"
# Set a time limit, at the end of which the campaign is stopped, e.g., 10minutes , 2hours, 3days
time_limit: 2hours
# This is the contract that the campaign will show coverage for, map issues to, etc.
# It's a list of all the relevant contracts (don't worry about dependencies, we'll get those automatically 🙌)
targets:
- "contracts/Token.sol"
The following extends the configuration and sets all available configuration options:
# .fuzz_token_full.yml
analyze:
# We need to know where the dependencies live
remappings:
- "@openzeppelin=./node_modules/@openzeppelin"
- "@ozUpgradesV3=OpenZeppelin/[email protected]"
# Sometimes you want to enforce a speecific Solidity version
solc_version: "0.6.12"
fuzz:
# Tell the CLI where to find the compiled contracts and compilation artifacts
build_directory: artifacts
# The following address is going to be the main target for the fuzzing campaign
deployed_contract_address: "0x48b8050b4174f7871ce53AaF76BEAcA765037BFf"
# This parameter tells the fuzzer to also fuzz these contracts
additional_contracts_addresses:
- "0x0eb775F99A28cb591Fa449ca74eF8E7cEd3A609a"
- "0x21C62e9c9Fcb6622602eBae83b41abb6b28d7256"
# We'll do fuzzing with 32 cores 🚀
number_of_cores: 32
# When the campaign is created it'll get a name <prefix>_<random_characters>
campaign_name_prefix: "my-first-campaign"
# Set a default project to which your campaigns will be attached to
project: "my project name"
# Set the API key, which can be obtained from the Diligence Fuzzing Dashboard
key: "bHd3...ddsds"
# Point to your Ethereum node which holds the seed deployment 🌱
rpc_url: "http://localhost:8545"
# Set a time limit, at the end of which the campaign is stopped, e.g., 10minutes , 2hours, 3days
time_limit: 2hours
# This is the contract that the campaign will show coverage for, map issues to, etc.
# It's a list of all the relevant contracts (don't worry about dependencies, we'll get those automatically 🙌)
targets:
- "contracts/Token.sol"

Tips and Tricks

Make sure you have the right additional_contracts_addresses

If you forget to add a crucial component to your additional_contracts_addresses then the fuzzer will ignore that contract. Unfortunately, that can result in parts of your system not being explored by the fuzzer. To avoid this, make sure to add the addresses of all relevant components!