Comment on page
Fuzzing Foundry Projects
Our CLI now supports Foundry projects!
We have recently added support for Foundry projects in a way that requires almost zero configuration from the user's side!
If you currently have a Foundry project with Foundry fuzzing tests configured, here is how to get started:
First things first, you will need to install our Fuzzing CLI and Scribble. We like to use recent versions of node and python, so make sure you’re at least python 3.6 and node 16.
pip3 install diligence-fuzzing
Creating an API Key
After generating the api key, the easiest way to configure it is by adding it to a
.envfile, which the cli will automatically read from. From the project's root directory run:
echo FUZZ_API_KEY='your api key here' > .env
fuzz forge test
Usage: fuzz forge test [OPTIONS]
Command to: * Compile unit tests * Automatically collect unit-test
contracts * Submit to fuzzing
-k, --key TEXT API key, can be created on the FaaS Dashboard.
--dry-run Outputs the data to be sent to the FaaS API without
making the request.
--match-contract TEXT Only run tests in contracts matching the specified
--match-path TEXT Only run tests in source files matching the specified
--build-args TEXT Additional string of `forge compile` command
arguments for custom build strategies (e.g. --build-
args=--deny-warnings --build-args --use 0.8.1)
--help Show this message and exit.
There is experimental support for the following cheat codes. Would you like us to add more? Feel free to use the support widget on the dashboard to let us know!
function roll(uint256 number) external;
function warp(uint256 timestamp) external;
function deal(address addr, uint256 balance) external;
function load(address c, bytes32 loc) external returns (bytes32 val);
function store(address c, bytes32 loc, bytes32 val) external;
function prank(address addr) external;
function startPrank(address addr) external;
function prank(address addr, address origin) external;
function startPrank(address addr, address origin) external;
function stopPrank() external;
function assume(bool cond) external;
function addr(uint256 sk) external returns (address addr);
function sign(uint256 sk, bytes32 digest) external returns (uint8 v, bytes32 r, bytes32 s);
function expectRevert() external;
function expectRevert(bytes calldata message) external;
function expectRevert(bytes4 message) external;
There may be instances when certain property checks are partially checked, or skipped. This typically occurs when we're unable to fully analyze them. While we make every effort to provide a comprehensive analysis, certain aspects of your project may be beyond the current scope of our capabilities.
One potential cause of partial property checks is the use of an unsupported Foundry Cheatcode. Cheatcodes are a powerful tool in Foundry, enabling developers to automate and optimize various processes. However, not all cheatcodes are currently supported by our analysis software.
If you notice that a property check has been partially checked in your project analysis, we recommend checking the list of unsupported cheatcodes. This list is conveniently located above the source files section on the report, and can give you an insight into whether an unsupported cheatcode is causing the skipping.
We understand the importance of providing complete and accurate analysis, and we're constantly working to enhance our capabilities. This includes ongoing efforts to add support for more cheatcodes. We appreciate your understanding and patience as we continue to refine and expand our analysis tools.
Please continue to check back regularly for updates, and don't hesitate to contact us if you have any questions or concerns about your project's analysis.
An important question you might be asking is, "If my property is partially checked due to unsupported cheatcodes, why does it still show issues?"
While we may not fully support certain properties, we still perform an initial check on all properties. Our system is designed to identify and report potential issues, even in unsupported areas. As such, it is possible for us to discover violations in properties that are generally skipped during our analysis.