Stateless vs Stateful fuzzing #153
-
|
Hi everyone, it seems like stateful fuzzing is more powerful than stateless fuzzing, so shouldn't we always prefer to do stateful fuzzing over stateless fuzzing, especially in audits? When would be a beneficial time to do a stateless fuzz test over a stateful fuzz test? Thanks for your time! |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
Awesome question i must say , actually you would do a stateless fuzzing when a particular function have an invariant that must hold after execution of everything in the function. so you throw random values at that particular function to break it but stateful fuzzing is needed when a contract have an invariant that must hold no matter how the function inside the contract interact with each other, so we throw random value and random function to that contract to test the invaraint. Bottom line is we use |
Beta Was this translation helpful? Give feedback.
-
|
TL;DR Yes - but it also is more effort. As you get better and better at testing, you'll see that there are some scenarios where stateless fuzzing is fine, for example on a contract that never touches state. But EngrPips gave a great answer too. |
Beta Was this translation helpful? Give feedback.
Awesome question i must say , actually you would do a stateless fuzzing when a particular function have an invariant that must hold after execution of everything in the function. so you throw random values at that particular function to break it but stateful fuzzing is needed when a contract have an invariant that must hold no matter how the function inside the contract interact with each other, so we throw random value and random function to that contract to test the invaraint.
Bottom line is we use
stateless fuzzingto test an invariant of a function and we usestateful fuzzingto test the invariant of a contract as a whole. I really hope i did well to explain in a way that you understa…