search

crytic / medusa

Parallelized, coverage-guided, mutational Solidity smart contract fuzzing, powered by go-ethereum
https://secure-contracts.com/program-analysis/medusa/docs/src/
GNU Affero General Public License v3.0
304 stars 40 forks source link

panic: runtime error: invalid memory address or nil pointer dereference on executiontracer.(*ExecutionTracer).OnTxEnd(...) #489

Closed haraslub closed 1 month ago

haraslub commented 1 month ago

Hi,

I keep getting this runtime error when I try to run my test:

> medusa fuzz --target-contracts "Fuzz"
⇾ Reading the configuration file at: /path/to/medusa.json
⇾ Compiling targets with crytic-compile
⇾ Initializing corpus
⇾ Setting up base chain
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xca7b3b]

goroutine 1 [running]:
github.com/crytic/medusa/fuzzing/executiontracer.(*ExecutionTracer).OnTxEnd(...)
        github.com/crytic/medusa/fuzzing/executiontracer/execution_tracer.go:113
github.com/crytic/medusa/chain.(*TestChainTracerRouter).OnTxEnd(...)
        github.com/crytic/medusa/chain/test_chain_tracer.go:91
github.com/crytic/medusa/chain/vendored.EVMApplyTransaction.func1()
        github.com/crytic/medusa/chain/vendored/apply_transaction.go:45 +0x35
github.com/crytic/medusa/chain/vendored.EVMApplyTransaction(0xc005f8e000, 0xc0009ff5f0, 0xc0001c4f78, 0x1?, 0xc00601c060, 0xc0009e81a0, 0xc0060240a0, {0xcf, 0x4, 0x1d, ...}, ...)
        github.com/crytic/medusa/chain/vendored/apply_transaction.go:56 +0x823
github.com/crytic/medusa/chain.(*TestChain).PendingBlockAddTx(0xc006401540, 0xc005f8e000, {0xc00057b128, 0x1, 0x100808?})
        github.com/crytic/medusa/chain/test_chain.go:777 +0x8f9
github.com/crytic/medusa/fuzzing/calls.ExecuteCallSequenceIteratively(0xc006401540, 0xc00057b0f8, 0x0, {0xc00057b128, 0x1, 0x1})
        github.com/crytic/medusa/fuzzing/calls/call_sequence_execution.go:91 +0x40d
github.com/crytic/medusa/fuzzing/calls.ExecuteCallSequenceWithExecutionTracer(0xc006401540, {0xc003775208, 0x78, 0x8f}, {0xc00057b310, 0x1, 0x1}, 0x1)
        github.com/crytic/medusa/fuzzing/calls/call_sequence_execution.go:187 +0x55d
github.com/crytic/medusa/fuzzing.chainSetupFromCompilations(0xc0001c4e08, 0xc006401540)
        github.com/crytic/medusa/fuzzing/fuzzer.go:505 +0xa65
github.com/crytic/medusa/fuzzing.(*Fuzzer).Start(0xc0001c4e08)
        github.com/crytic/medusa/fuzzing/fuzzer.go:748 +0x60c
github.com/crytic/medusa/cmd.cmdRunFuzz(0x17ec6a0, {0xc000550210?, 0x4?, 0xf86561?})
        github.com/crytic/medusa/cmd/fuzz.go:168 +0x98c
github.com/spf13/cobra.(*Command).execute(0x17ec6a0, {0xc000550180, 0x3, 0x3})
        github.com/spf13/cobra@v1.8.1/command.go:985 +0xaca
github.com/spf13/cobra.(*Command).ExecuteC(0x17ec0e0)
        github.com/spf13/cobra@v1.8.1/command.go:1117 +0x3ff
github.com/spf13/cobra.(*Command).Execute(...)
        github.com/spf13/cobra@v1.8.1/command.go:1041
github.com/crytic/medusa/cmd.Execute()
        github.com/crytic/medusa/cmd/root.go:29 +0x54
main.main()
        github.com/crytic/medusa/main.go:12 +0x17

Unfortunately, I can't publicly share the repo. Based on previous issues (410, 439 or 389) could this be a bug stemming from the same origin? Or any idea why it might crashing?

Thank you very much in advance.

medusa version: 0.1.6

smonicas commented 1 month ago

Could you try building medusa from master branch? I believe this issue is fixed by #457 which is merged in master but not in a released version.

haraslub commented 1 month ago

@smonicas it did fix the issue, thank you very much!