GithubHelp home page GithubHelp logo

Support msg.sender fuzzing about medusa HOT 2 CLOSED

Xenomega avatar Xenomega commented on August 16, 2024
Support msg.sender fuzzing

from medusa.

Comments (2)

Xenomega avatar Xenomega commented on August 16, 2024 1

Not exactly, we wouldn't want to add that anything to the config except a boolean (and maybe probability) for this at most, the "hardcoded/magic addresses" part of my post referred to using address literals in the codebase as msg.sender. I imagine for now it would have to be echidna-slither-printer-provided addresses extracted at runtime so we don't use too many unrelated values as addresses (currently our built-in AST literal extraction just takes every int and converts it to an address to handle address(0x123) for instance). But this would require a larger change with funding at genesis in this mode, so I'm also not sure we'd want to tackle it now. Anish has a PR for the echidna slither printer we should probably merge in before this.

Note: we'll probably want to make whatever change we have for funding at runtime here flexible enough that later we can use the same code paths to fund addresses used as deployers in "complex contract deployments" (etheno layer) we'll add after cheat codes and another PR or two.

Basically:

  • Fuzzer compiles targets
  • Address literals in BaseValueSet are added to Fuzzer.Senders prior to funding
  • They are all then used

Or if you wanted to make it weighted differently (not sure if we'd want this), you'd fund all addresses in the BaseValueSet and periodically pull from there directly (not changing Fuzzer.Senders)

from medusa.

ahpaleus avatar ahpaleus commented on August 16, 2024

I implemented it to use hardcoded/magic addresses from the configuration file with appropriate probability:

		"magicAddresses": {
			"enabled": true,
			"hardcodedAddresses": [
				"0x0000000000000000000000000000000000000000",
				"0xffffffffffffffffffffffffffffffffffffffff"
			],
			"probability": 0.5
		},

and based on this probobability, the selectedSender is chosen in the generateFuzzedCall between one of the "senderAddreses" or "hardcodedAddresses".

@Xenomega - Is this the assumption that you had in mind? Also, should I implement fuzzing the msg.sender address itself if it comes from the "hardcodedAddresses" pool??

from medusa.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.