Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong example in doc #449

Closed
jf-li00 opened this issue Apr 1, 2024 · 2 comments
Closed

Wrong example in doc #449

jf-li00 opened this issue Apr 1, 2024 · 2 comments

Comments

@jf-li00
Copy link
Contributor

jf-li00 commented Apr 1, 2024

In the example given in quickstart:

# -t [TARGET_ADDR]: specify the target contract
# --onchain-block-number [BLOCK]: fork the chain at block number [BLOCK]
# -c [CHAIN_TYPE]: specify the chain
# -f: (Optional) allow attack to get flashloan

ityfuzz evm\
    -o\
    -t 0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2\
    --onchain-block-number 0\
    -c ETH\
    --onchain-etherscan-api-key [Etherscan API Key]\
    -f

After I added my Etherscan API Key and run the command above, I got the following error message:

thread 'main' panicked at src/evm/mod.rs:600:13:
Please specify --deployment-script (The contract that deploys the project) or --offchain-config-file (JSON for deploying the project)

Since ityfuzzer should run in onchain mode with that command(with the --onchain-etherscan-api-key and --onchain-block-numbe argument), I think it behaved werid.
However, when I removed the -o argument, the program runs fine:

ityfuzz evm\
    -t 0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2\
    --onchain-block-number 0\
    -c ETH\
    --onchain-etherscan-api-key [Etherscan API Key]\
    -f
@jf-li00
Copy link
Contributor Author

jf-li00 commented Apr 1, 2024
edited

I printed the EvmArgs parsed from cli args in evm_main and there's an intresting phenomenon.
With the -o arg(the current version in the doc):

EvmArgs {
    target: "none",
    fetch_tx_data: false,
    proxy_address: "http://localhost:5001/data",
    constructor_args: "",
    target_type: None,
    chain_type: None,
    onchain_block_number: None,
    onchain_url: None,
    onchain_chain_id: None,
    onchain_explorer_url: None,
    onchain_chain_name: None,
    onchain_etherscan_api_key: None,
    onchain_storage_fetching: "onebyone",
    concolic: false,
    concolic_caller: false,
    concolic_timeout: 1000,
    concolic_num_threads: 0,
    flashloan: false,
    panic_on_bug: false,
    detectors: "high_confidence",
    replay_file: None,
    work_dir: "work_dir",
    write_relationship: false,
    run_forever: false,
    seed: 1667840158231589000,
    sha3_bypass: false,
    only_fuzz: "",
    base_path: "",
    spec_id: "Latest",
    onchain_builder: "",
    onchain_replacements_file: "",
    builder_artifacts_url: "",
    builder_artifacts_file: "",
    offchain_config_url: "",
    offchain_config_file: "",
    load_corpus: "",
    setup_file: "",
    deployment_script: "",
    force_abi: "",
    base_directory: "",
    build_command: [
        "-o",
        "-t",
        "0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2",
        "--onchain-block-number",
        "0",
        "-c",
        "ETH",
        "--onchain-etherscan-api-key",
        <Etherscan API Key>,
        "-f",
    ],
}

Without -o arg (The version I fixed):

EvmArgs {
    target: "0xc02aaa39b223fe8d0a0e5c4f27ead9083c756cc2",
    fetch_tx_data: false,
    proxy_address: "http://localhost:5001/data",
    constructor_args: "",
    target_type: None,
    chain_type: Some(
        "ETH",
    ),
    onchain_block_number: Some(
        0,
    ),
    onchain_url: None,
    onchain_chain_id: None,
    onchain_explorer_url: None,
    onchain_chain_name: None,
    onchain_etherscan_api_key: Some(
          <Etherscan API Key>,
    ),
    onchain_storage_fetching: "onebyone",
    concolic: false,
    concolic_caller: false,
    concolic_timeout: 1000,
    concolic_num_threads: 0,
    flashloan: true,
    panic_on_bug: false,
    detectors: "high_confidence",
    replay_file: None,
    work_dir: "work_dir",
    write_relationship: false,
    run_forever: false,
    seed: 1667840158231589000,
    sha3_bypass: false,
    only_fuzz: "",
    base_path: "",
    spec_id: "Latest",
    onchain_builder: "",
    onchain_replacements_file: "",
    builder_artifacts_url: "",
    builder_artifacts_file: "",
    offchain_config_url: "",
    offchain_config_file: "",
    load_corpus: "",
    setup_file: "",
    deployment_script: "",
    force_abi: "",
    base_directory: "",
    build_command: [],
}

It seems that all the args goes to the last build_command array.

Then I looked up the definition of EvmArgs, and foud build_command has a type of Vec<String>. So I guess the -o arg is not recognized by the EvmArgs struct and somehow it falls back to the build_command vector, which makes all other args placed in the build_command
image

@jf-li00
Copy link
Contributor Author

jf-li00 commented Apr 1, 2024
edited

And I found that in backtesting.md which stores several examples to launch ityfuzz have the same problem. I looked the commit(20c10b3) that introduced those example, and saw a member of EvmArgs called onchain:
image
I guess maybe the -o arg is onchain for short and that arg is now decrypted. When I try those commands in backtesting.md, I encountered the same problem I mentioned above, so I removed all the -o arg in backtesting.md to fix the problem. But I don't know if there's any further impact on the document due to the decryption of the onchain arg.

This was referenced Apr 1, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@publicqi @jf-li00