ityfuzz
ityfuzz copied to clipboard
fuzzland
Blazing Fast Bytecode-Level Hybrid Fuzzer for Smart Contracts
Currently, for EVM program fuzzing, we use Uniswap V2 / Pancakeswap for borrowing flash loan. Specifically, we provide hacker ETHs and swap these ETHs into the desired token using Uniswap...
As I've been learning more about the fuzzer I've found it difficult to remember where to adjust these hyperparameters. I've kept the % chances the same, but standardized sampling sizes...
The idea is to modify inputs in a distribution like this 
This duplicates the CmpFeedback effort on the corpus. The idea being that adding values to the corpus when the input reverts can still be useful to overcome comparisons. ie: in...
Ityfuzz uses `ConstantHintedMutator` and `VMStateHintedMutator` which apply discovered values directly to the input bytes as a mutation. This is really nice, but has a flaw when it comes to producing...
Add back BytesRandInsertMutator to trigger arbitrary call again
Ityfuzz uses these standard mutations from libafl ```rust let mutations = tuple_list!( BitFlipMutator::new(), ByteInterestingMutator::new(), WordInterestingMutator::new(), DwordInterestingMutator::new(), ConstantHintedMutator::new(), ); ``` But using a more evm-specific mutator for incrementing or decrementing inputs...
While testing corpus additions on better comparisons I found that `CMP_MAP` is getting polluted by the contract deployers. Since `step` in the Host is used during contract setup and deployment,...
when I was fuzzing a contract I got an error: ``` INFO fetching pairs for 0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48 INFO fetching pairs for 0xa0b86991c6218b36c1d19d4a2e9eb0ce3606eb48 thread 'main' panicked at src/evm/tokens/uniswap.rs:233:10: Unexpected RPC error, consider...
