[question] multi-contract support

[jyao15]

Does ConFuzzius support multiple contracts? For example, https://github.com/crytic/echidna/tree/master/examples/solidity/basic_multicontract/contracts. The two contracts Foo and Bar are deployed at two addresses. echidna_test() in Foo defines the desired invariant, and it is only broken after calling Bar. Can ConFuzzius find such vulnerability?

[christoftorres]

Hi @jyao15, that's a good question. It depends. You can provide an initial state to ConFuzzius, thus a JSON file where both Foo and Bar are deployed and Foo got initialized with the address of Bar during deployment. Then ConFuzzius should be able to make a call to Bar's function test and return 1. If Bar is not deployed, and your are fuzzing Foo, then ConFuzzius will simulate the call to Bar's test function and return values generated by the symbolic execution, thus probably 0 or 1, since these are required in order to trigger both branches of enchidna_test().

[jyao15]

@christoftorres Thanks for the answer. By JSON file do you mean something like https://github.com/christoftorres/ConFuzzius/blob/master/examples/RemiCoin/transactions.json? Is this file manually written or generated by some tool? Shall we use the "-b" argument?

[christoftorres]

@jyao15 Yes, exactly! If you provide a source code file then you can pass via -b the .json file with the transactions to execute which will initialize the state before starting to fuzz the source code. If you provide a contract address then you can pass via -b a block number from which the fuzzer will pull the blockchain state (e.g. storage values, etc) at that block number. Hope that helps.

[jyao15]

@christoftorres That's very helpful. The last question: how can we generate transaction.json? I assume it is not written by hand.

[christoftorres]

@jyao15 Sorry for the late reply! I have been a bit busy the past few weeks. Well the transaction.json file is simply a list of transactions that you want to be executed in order to initialize the state of the smart contract. I can't find the script anymore, but we basically wrote a script that would get all the transactions that were performed on a local Ganache node and dump them into this JSON file. Thus, we would use web3 to get the transaction information for each transaction and dump it to a JSON file.