Replies: 2 comments 4 replies
-
// SPDX-License-Identifier: MIT
pragma solidity 0.8.20;
// INVARIANT: doMath should never return 0
contract StatelessFuzzCatches {
/*
* @dev Should never return 0
*/
function doMath(uint128 myNumber) public pure returns (uint256) {
if (myNumber == 10) {
return 0;
}
return 1;
}
} |
Beta Was this translation helpful? Give feedback.
-
// SPDX-License-Identifier: MIT
pragma solidity 0.8.20;
import {Test} from "forge-std/Test.sol";
import {StatelessFuzzCatches} from "../../src/invariant-break/StatelessFuzzCatches.sol";
contract StatelexxFuzzCatchesTest is Test {
StatelessFuzzCatches sfc;
function setUp() public {
sfc = new StatelessFuzzCatches();
}
function testFuzzCatchesBugStateless(uint128 randomNumber) public view {
assert(sfc.doMath(randomNumber) != 0);
}
} |
Beta Was this translation helpful? Give feedback.
-
[profile.default]
src = "src"
out = "out"
libs = ["lib"]
remappings = [
'@openzeppelin/contracts=lib/openzeppelin-contracts/contracts',
'kontrol-cheatcodes=lib/kontrol-cheatcodes/src',
]
[rpc_endpoints]
mainnet = "${RPC_URL_MAINNET}"
[fuzz]
runs = 1
seed = '0x2'
[invariant]
runs = 64
depth = 32
fail_on_revert = true |
Beta Was this translation helpful? Give feedback.
-
|
Hello @codexNature, I am not very sure why the test ran 3 times even when you had specify one run in the |
Beta Was this translation helpful? Give feedback.
-
|
Thank you @EngrPips |
Beta Was this translation helpful? Give feedback.
-
|
You are welcome. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
HI,
When I run the stateless fuzz test in SC Exploit minimized it caches the bug on 1 run that is if myNumber == 2 and when I change it to say 10 it catches it on the 3 run and I tried to do what Patrick did by reducing the amount of run on toml lesser than the runs it takes for the bug to be caught i.e 2 runs on toml it still does 3 runs how is this possible.
Foundy Toml
`[profile.default]
src = "src"
out = "out"
libs = ["lib"]
remappings = [
'@openzeppelin/contracts=lib/openzeppelin-contracts/contracts',
'kontrol-cheatcodes=lib/kontrol-cheatcodes/src',
]
[rpc_endpoints]
mainnet = "${RPC_URL_MAINNET}"
[fuzz]
runs = 1
seed = '0x2'
[invariant]
runs = 64
depth = 32
fail_on_revert = true`
Fuzz Break
`codexnature@iOlusola:~/Web3-Audits/Security-Course/sc-exploits-minimized$ forge test --mt testFuzzCatchesBugStateless
[⠒] Compiling...
No files changed, compilation skipped
Ran 1 test for test/invariant-break/StatelessFuzzCatchesTest.t.sol:StatelexxFuzzCatchesTest
[FAIL. Reason: panic: assertion failed (0x01); counterexample: calldata=0x7d833996000000000000000000000000000000000000000000000000000000000000000a args=[10]] testFuzzCatchesBugStateless(uint128) (runs: 3, μ: 5659, ~: 5659)
Suite result: FAILED. 0 passed; 1 failed; 0 skipped; finished in 893.70µs (540.60µs CPU time)
Ran 1 test suite in 10.79ms (893.70µs CPU time): 0 tests passed, 1 failed, 0 skipped (1 total tests)
Failing tests:
Encountered 1 failing test in test/invariant-break/StatelessFuzzCatchesTest.t.sol:StatelexxFuzzCatchesTest
[FAIL. Reason: panic: assertion failed (0x01); counterexample: calldata=0x7d833996000000000000000000000000000000000000000000000000000000000000000a args=[10]] testFuzzCatchesBugStateless(uint128) (runs: 3, μ: 5659, ~: 5659)
Encountered a total of 1 failing tests, 0 tests succeeded
codexnature@iOlusola:~/Web3-Audits/Security-Course/sc-exploits-minimized$
`
Contact
`// SPDX-License-Identifier: MIT
pragma solidity 0.8.20;
// INVARIANT: doMath should never return 0
contract StatelessFuzzCatches {
/*
* @dev Should never return 0
*/
function doMath(uint128 myNumber) public pure returns (uint256) {
if (myNumber == 10) {
return 0;
}
return 1;
}
}`
Test.sol
`// SPDX-License-Identifier: MIT
pragma solidity 0.8.20;
import {Test} from "forge-std/Test.sol";
import {StatelessFuzzCatches} from "../../src/invariant-break/StatelessFuzzCatches.sol";
contract StatelexxFuzzCatchesTest is Test {
StatelessFuzzCatches sfc;
}`
Beta Was this translation helpful? Give feedback.
All reactions