How to get from zero to fuzzing hero 💪
There are going to be three main steps to set up fuzzing:
2. Deploy annotated contracts to a local Ethereum node
3. Start a fuzzing campaign!
The first step is where you’ll be using Scribble to write properties that the fuzzer should check. Without such custom properties, fuzzing can only find generic vulnerabilities and assertion violations.
There are tons of ways that you can write properties and property checks. We recommend Scribble! It was designed from the ground up to work well for fuzzing and property based testing!
You can learn everything you need about writing properties here:
In the second step, you’ll deploy Scribble-instrumented smart contracts to a local Ethereum node. Why? We will copy over this deployment into our fuzzer and use it as a seed to initialize our fuzzing campaign. This way, fuzzing starts on an actual deployment of the components in your system, and we’re able to test how the system components interact.
💡 You can often repurpose existing test fixtures or deployment scripts for creating your fuzzing seeds!
Browse over to the following page for more information about how to set up seed deployments:
The last step is where the fun is at! We’ll start fuzzing!
# We need to know where the dependencies live
# Tell the CLI where to find the compiled contracts and compilation artifacts
# The following address is going to be the main target for the fuzzing campaign
# We'll do fuzzing with 4 cores 🚀
# When the campaign is created it'll get a name <prefix>_<random_characters>
# Enable the following option if you're fuzzing Scribble-annotated code.
# It will visualise all the results for the original source code,
# instead of the instrumentation code.
# Point to your Ethereum node which holds the seed deployment 🌱
# This is the contract that the campaign will show coverage for, map issues to, etc.
# It's a list of all the relevant contracts (don't worry about dependencies, we'll get those automatically 🙌)
Want to learn more about the configuration options?
You can now start a fuzzing campaign!
$ fuzz -c .fuzz_token.yml run
You can find your report at: <report_url>
Let's hope we don't find any bugs in your contracts! 🤞
For more information on the campaign reports check out this page: