Closed albertolalanda closed 2 months ago
The command ityfuzz evm -m OnchainTest -k <SNOWTRACE_API_KEY> -- forge build
conducts Offchain tests, requiring the target contracts to be local. Here's a quick rundown of how this command operates:
-k <SNOWTRACE_API_KEY>
is optional, only necessary when Onchain flashloans are involved.forge build
is used to compile the targets, producing offchain_artifacts
.ityfuzz
picks up the offchain_artifacts
and deploys them on the local evm.Check out this example for reference: https://github.com/fuzzland/ityfuzz/blob/master/tests/evm_manual/foundry1/test/Counter.t.sol
I was trying to replicate how it was done for the StaxExploit test.
So what command would I use to fuzz onchain, if possible?
Shall be fixed with #469
After #469 ittyfuzz now picks up the target contracts abi and fuzzes as intended. Thank you @shouc
Hi, i am trying some onchain fuzzing with a custom test, and I think ityfuzz is not working as intended. My goal is to use ityFuzz to see if this Platypus exploit could have been found.
One of the contracts to fuzz,
PlatypusPool = 0x4658EA7e9960D6158a261104aAA160cC953bb6ba
is not getting fuzzed for some reason. However if i run it withityfuzz evm -t 0x4658EA7e9960D6158a261104aAA160cC953bb6ba,0xB31f66AA3C1e785363F0875A1B74E27b85FD66c7 -f -c AVALANCHE --onchain-block-number 36346397 --onchain-etherscan-api-key <SNOWTRACE_API_KEY>
the contract gets targeted and the correct functions are called, likeswap()
.Here is the test, I am running it with
ityfuzz evm -m OnchainTest -k <SNOWTRACE_API_KEY> -- forge build