Comment on page

Fuzzing Foundry Projects

Our CLI now supports Foundry projects!
Don't have an account? To start Fuzzing, an account is required. Don't miss out and create one in less than a minute!🚀
We have recently added support for Foundry projects in a way that requires almost zero configuration from the user's side!
If you currently have a Foundry project with Foundry fuzzing tests configured, here is how to get started:

Step 1: Install the CLI and Configure the API Key

First things first, you will need to install our Fuzzing CLI and Scribble. We like to use recent versions of node and python, so make sure you’re at least python 3.6 and node 16.
pip3 install diligence-fuzzing
With the tools installed, you will need to generate an API for the CLI. The API keys menu is accessible here.
Creating an API Key
After generating the api key, the easiest way to configure it is by adding it to a .env file, which the cli will automatically read from. From the project's root directory run:
echo FUZZ_API_KEY='your api key here' > .env

Step 2: Run the Fuzzing CLI

fuzz forge test

Targeting specific tests and contracts

Usage: fuzz forge test [OPTIONS]
Command to: * Compile unit tests * Automatically collect unit-test
contracts * Submit to fuzzing
-k, --key TEXT API key, can be created on the FaaS Dashboard.
--dry-run Outputs the data to be sent to the FaaS API without
making the request.
--match-contract TEXT Only run tests in contracts matching the specified
regex pattern
--match-path TEXT Only run tests in source files matching the specified
glob pattern
--build-args TEXT Additional string of `forge compile` command
arguments for custom build strategies (e.g. --build-
args=--deny-warnings --build-args --use 0.8.1)
--help Show this message and exit.

Cheatcode Support

There is experimental support for the following cheat codes. Would you like us to add more? Feel free to use the support widget on the dashboard to let us know!
function roll(uint256 number) external;
function warp(uint256 timestamp) external;
function deal(address addr, uint256 balance) external;
function load(address c, bytes32 loc) external returns (bytes32 val);
function store(address c, bytes32 loc, bytes32 val) external;
function prank(address addr) external;
function startPrank(address addr) external;
function prank(address addr, address origin) external;
function startPrank(address addr, address origin) external;
function stopPrank() external;
function assume(bool cond) external;
function addr(uint256 sk) external returns (address addr);
function sign(uint256 sk, bytes32 digest) external returns (uint8 v, bytes32 r, bytes32 s);
function expectRevert() external;
function expectRevert(bytes calldata message) external;
function expectRevert(bytes4 message) external;

Partial Property Checks

There may be instances when certain property checks are partially checked, or skipped. This typically occurs when we're unable to fully analyze them. While we make every effort to provide a comprehensive analysis, certain aspects of your project may be beyond the current scope of our capabilities.
One potential cause of partial property checks is the use of an unsupported Foundry Cheatcode. Cheatcodes are a powerful tool in Foundry, enabling developers to automate and optimize various processes. However, not all cheatcodes are currently supported by our analysis software.
If you notice that a property check has been partially checked in your project analysis, we recommend checking the list of unsupported cheatcodes. This list is conveniently located above the source files section on the report, and can give you an insight into whether an unsupported cheatcode is causing the skipping.
We understand the importance of providing complete and accurate analysis, and we're constantly working to enhance our capabilities. This includes ongoing efforts to add support for more cheatcodes. We appreciate your understanding and patience as we continue to refine and expand our analysis tools.
Please continue to check back regularly for updates, and don't hesitate to contact us if you have any questions or concerns about your project's analysis.

If my property is partially checked, why is it showing issues?

An important question you might be asking is, "If my property is partially checked due to unsupported cheatcodes, why does it still show issues?"
While we may not fully support certain properties, we still perform an initial check on all properties. Our system is designed to identify and report potential issues, even in unsupported areas. As such, it is possible for us to discover violations in properties that are generally skipped during our analysis.