Skip to content

fuzz.md

Latest commit

 

History

History
131 lines (92 loc) · 3.43 KB

fuzz.md

File metadata and controls

131 lines (92 loc) · 3.43 KB

fuzz

The fuzz command will initiate a fuzzing campaign:

medusa fuzz [flags]

Supported Flags

--config

The --config flag allows you to specify the path for your project configuration file. If the --config flag is not used, medusa will look for a medusa.json file in the current working directory.

# Set config file path
medusa fuzz --out myConfig.json

--compilation-target

The --compilation-target flag allows you to specify the compilation target. If you are using crytic-compile, please review the warning here about changing the compilation target.

# Set compilation target
medusa fuzz --target TestMyContract.sol

--workers

The --workers flag allows you to update the number of threads that will perform parallelized fuzzing (equivalent to fuzzing.workers)

# Set workers
medusa fuzz --workers 20

--timeout

The --timeout flag allows you to update the duration of the fuzzing campaign (equivalent to fuzzing.timeout)

# Set timeout
medusa fuzz --timeout 100

--test-limit

The --test-limit flag allows you to update the number of transactions to run before stopping the fuzzing campaign (equivalent to fuzzing.testLimit)

# Set test limit
medusa fuzz --test-limit 100000

--seq-len

The --seq-len flag allows you to update the length of a call sequence (equivalent to fuzzing.callSequenceLength)

# Set sequence length
medusa fuzz --seq-len 50

--target-contracts

The --target-contracts flag allows you to update the target contracts for fuzzing (equivalent to fuzzing.targetContracts)

# Set target contracts
medusa fuzz --target-contracts "TestMyContract, TestMyOtherContract"

--corpus-dir

The --corpus-dir flag allows you to set the path for the corpus directory (equivalent to fuzzing.corpusDirectory)

# Set corpus directory
medusa fuzz --corpus-dir corpus

--senders

The --senders flag allows you to update medusa's senders (equivalent to fuzzing.senderAddresses)

# Set sender addresses
medusa fuzz --senders "0x50000,0x60000,0x70000"

--deployer

The --deployer flag allows you to update medusa's contract deployer (equivalent to fuzzing.deployerAddress)

# Set deployer address
medusa fuzz --deployer "0x40000"

--trace-all

The --trace-all flag allows you to retrieve an execution trace for each element of a call sequence that triggered a test failure (equivalent to testing.traceAll

# Trace each call
medusa fuzz --trace-all

--no-color

The --no-color flag disables colored console output (equivalent to logging.NoColor)

# Disable colored output
medusa fuzz --no-color