-
Notifications
You must be signed in to change notification settings - Fork 112
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Onchain fuzzing with custom setup #460
Comments
Onchain flashloan can be enabled by adding ‘—flashloan’ flag. ItyFuzz would then automatically flashloan and liquidate related tokens from Uniswap, etc. If the token has no LPs, you can use a Foundry fork test to set up (e.g., overwriting slots): https://github.com/fuzzland/ityfuzz/blob/master/tests/evm_manual/foundry1/test/Onchain.t.sol runs with ‘ityfuzz evm -m OnchainTest — forge test’ |
@shouc Not sure but it is not working. I am using the following setup: https://github.com/aviggiano/ityfuzz/pull/1/files
|
…stom-setup fix #460: onchain-fuzzing-with-custom-setup
@aviggiano The issue has been fixed, with a few points to note:
The complete steps are as follows: git pull
cd tests/evm_manual/foundry1
cargo run evm -k <YOUR-SCAN-API-KEY> -m StaxExploitTest -- forge build |
Thank you @jacob-chia @shouc, this worked. It would be nice to have some benchmarks for ityfuzz vs Echidna, which I believe are currently the only 2 fuzzers capable of fuzzing mainnet contracts. Please let me know if you want to work on this together. |
There is a regression bug making |
Is there a reason that these lines are added?
With them you just simply need to transfer to somewhere to break the invariant. Removing these line shall yield the intended exploit with PR #469 :
|
@shouc well, these lines were on the original implementation from @tuturu-tech, but I guess they are not necessary after all. Thanks for the fix in any case! |
Some attacks require the sender to have a previous balance of ERC20 tokens, for example. Usually, attackers get those through flash loans. A simpler way would be to just deal some tokens to the sender and see if it can extract value from a victim.
How can I test that with ityfuzz?
More specifically, I am trying to repro this with Ityfuzz:
https://blog.trailofbits.com/2023/07/21/fuzzing-on-chain-contracts-with-echidna/
The text was updated successfully, but these errors were encountered: