ityfuzz icon indicating copy to clipboard operation
ityfuzz copied to clipboard

Published 20 hours ago verified publisher icon fuzzland

code coverage tracking during onchain fuzzing

Open elizabethdinella opened this issue 2 years ago • 2 comments

Hi, is it possible to track the code coverage percentage during onchain fuzzing as it progresses?

elizabethdinella avatar Apr 27 '23 17:04 elizabethdinella

Unfortunately, there is not any elegant way to do this. We will implement a test coverage evaluator based on testcase before next Wednesday.

shouc avatar Apr 27 '23 18:04 shouc

Nevertheless, coverage is not a good representation of the completeness of fuzzing for smart contracts, esp. for DeFi. During our research, we observe that most of the sequences of exploit (e.g., https://github.com/SunWeb3Sec/DeFiHackLabs/blob/main/src/test/AES_exp.sol#L45-L47 needs 37x same txns to increase one-side liquidity) do not end up increasing path/branch/instruction coverage over time. Likely due to path/branch/instruction coverage can not encode stateful transitions.

shouc avatar Apr 27 '23 18:04 shouc