This is a version of Recon-Fuzz create-chimera-app I personalized for myself. It is free to use as is, and make sure to check out the original linked below.
This is a work in progress and subject to change.
A few of the changes I made:
- Removed the counter contracts
- Replaced with a singleton contract to delegate call into implementations: Idea from https://www.youtube.com/watch?v=ZM6479HeI5U
- Added foundry.toml settings I typically use
- verbosity 3
- ignored_error_codes
- localhost endpoint
- fuzz, invariant, fmt profiles
- Added Makefile with some basic actions
- Removed remappings
- My setup does not work with remappings and I prefer absolute imports
- Usage
- Build
- Foundry Testing
- Echidna Property Testing
- Medusa Property Testing
- Uploading Fuzz Job To Recon
This Foundry template allows you to bootstrap a fuzz testing suite using a scaffolding provided by the Recon tool.
It extends the default Foundry template used when running forge init
to include example property tests using assertion tests and boolean property tests supported by Echidna and Medusa.
Broken properties can be turned into unit tests for easier debugging with Recon (for Echidna/for Medusa) and added to the CryticToFoundry
contract.
To initialize a new Foundry repo using this template run the following command in the terminal.
forge init --template https://github.com/Recon-Fuzz/create-chimera-app
forge build
forge test
This will run all unit, fuzz and invariant tests in the CounterTest
and CryticToFoundry
contracts.
echidna . --contract CryticTester --config echidna.yaml
Assertion mode is enabled by default in the echidna.yaml config file meaning the fuzzer will check assertion and property tests.
To test only in property mode enable testMode: "property"
in echidna.yaml).
medusa fuzz
Assertion mode is enabled by default in the medusa.json config file meaning the fuzzer will check assertion and property tests.
To test only in property mode disable assertion mode using:
"assertionTesting": {
"enabled": true
}
in medusa.json.
You can offload your fuzzing job to Recon to run long duration jobs and share test results with collaborators using the jobs page on Recon:
- Select Medusa as the job type using the radio buttons at the top of the page.
- Add the link for this repo in the Enter GitHub Repo URL form field (this will prefill the remaining form fields)
- Specify the
medusa.json
config file in the Medusa config filename field.
- Optional: to override the
timeout
value in the Medusa config file for longer duration runs enter a value (in seconds) into the Test Time Limit field.
-
Select Echidna as the job type using the radio buttons at the top of the page.
-
Add the link for this repo in the Enter GitHub Repo URL form field (this will prefill the remaining form fields)
- Add the following path to the test contract, config filename and test contract name to the corresponding form fields. Optional: to override the
timeout
andtestLimit
from the config file use the corresponding form fields.
- Clicking the Run Job button will upload the job to Recon's cloud fuzz runner service. You'll see info about your job in the Job Details section and you'll be able to view your job in the All Jobs section.
- Clicking View Details button for a job lets you see the fuzzer logs and coverage report (only generated after the run is complete). You can share a fuzz run with any collaborators using the Share Job Results button.