fuzz - Building Secure Contracts (original) (raw)

Building Secure Contracts

fuzz

The fuzz command will initiate a fuzzing campaign:

medusa fuzz [flags]

Supported Flags

--config

The --config flag allows you to specify the path for your project configurationfile. If the --config flag is not used, medusa will look for a medusa.json file in the current working directory.

# Set config file path
medusa fuzz --config myConfig.json

--compilation-target

The --compilation-target flag allows you to specify the compilation target. If you are using crytic-compile, please review the warning here about changing the compilation target.

# Set compilation target
medusa fuzz --compilation-target TestMyContract.sol

--workers

The --workers flag allows you to update the number of threads that will perform parallelized fuzzing (equivalent tofuzzing.workers)

# Set workers
medusa fuzz --workers 20

--timeout

The --timeout flag allows you to update the duration of the fuzzing campaign (equivalent tofuzzing.timeout)

# Set timeout
medusa fuzz --timeout 100

--test-limit

The --test-limit flag allows you to update the number of transactions to run before stopping the fuzzing campaign (equivalent to fuzzing.testLimit)

# Set test limit
medusa fuzz --test-limit 100000

--seq-len

The --seq-len flag allows you to update the length of a call sequence (equivalent tofuzzing.callSequenceLength)

# Set sequence length
medusa fuzz --seq-len 50

--target-contracts

The --target-contracts flag allows you to update the target contracts for fuzzing (equivalent tofuzzing.targetContracts)

# Set target contracts
medusa fuzz --target-contracts "TestMyContract, TestMyOtherContract"

--corpus-dir

The --corpus-dir flag allows you to set the path for the corpus directory (equivalent tofuzzing.corpusDirectory)

# Set corpus directory
medusa fuzz --corpus-dir corpus

--senders

The --senders flag allows you to update medusa's senders (equivalent tofuzzing.senderAddresses)

# Set sender addresses
medusa fuzz --senders "0x50000,0x60000,0x70000"

--deployer

The --deployer flag allows you to update medusa's contract deployer (equivalent tofuzzing.deployerAddress)

# Set deployer address
medusa fuzz --deployer "0x40000"

--use-slither

The --use-slither flag allows you to run Slither on the codebase to extract valuable constants for mutation testing. Equivalent to slither.useSlither. Note that if there are cached results (via slither.CachePath) then the cache will be used.

# Run slither and attempt to use cache, if available
medusa fuzz --use-slither

--use-slither-force

The --use-slither-force flag is similar to --use-slither except the cache at slither.CachePath will be overwritten.

# Run slither and overwrite the cache
medusa fuzz --use-slither-force

--fail-fast

The --fail-fast flag enables fast failure (equivalent totesting.StopOnFailedTest)

# Enable fast failure
medusa fuzz --fail-fast

-v, -vv, -vvv

The verbosity flags control the level of detail shown in execution traces (equivalent to testing.verbosity):

• -v: Shows only top-level transactions in the execution trace. Only events in the top-level call frame and return data are included (Verbose level).
• -vv: Shows nested calls with standard detail - this is the default behavior (VeryVerbose level).
• -vvv: Shows all call sequence elements with maximum detail, attaching traces to every call in the sequence (VeryVeryVerbose level).

# Set verbosity to top-level only
medusa fuzz -v

# Set verbosity to nested calls (default)
medusa fuzz -vv

# Set verbosity to maximum detail
medusa fuzz -vvv

--no-color

The --no-color flag disables colored console output (equivalent tologging.NoColor)

# Disable colored output
medusa fuzz --no-color

--explore

The --explore flag enables exploration mode. This sets the StopOnFailedTest and StopOnNoTestsfields to false and turns off assertion, property, and optimization testing.

# Enable exploration mode
medusa fuzz --explore