Closed plotchy closed 1 month ago
Found: 0
Project Name | Vulnerability Found | Time Taken | Log |
---|---|---|---|
BIGFI_exp.txt | ❌‼️ Crashed | -1 | Log File |
Shadowfi_exp.txt | ❌‼️ Crashed | -1 | Log File |
SEAMAN_exp.txt | ❌‼️ Crashed | -1 | Log File |
BEGO_exp.txt | ❌‼️ Crashed | -1 | Log File |
cftoken_exp.txt | ❌‼️ Crashed | -1 | Log File |
Carrot_exp.txt | ❌‼️ Crashed | -1 | Log File |
MBC_ZZSH_exp.txt | ❌‼️ Crashed | -1 | Log File |
AUR_exp.txt | ❌‼️ Crashed | -1 | Log File |
SellToken_exp.txt | ❌‼️ Crashed | -1 | Log File |
ROI_exp.txt | ❌‼️ Crashed | -1 | Log File |
GPT_exp.txt | ❌‼️ Crashed | -1 | Log File |
OLIFE_exp.txt | ❌‼️ Crashed | -1 | Log File |
THB_exp.txt | ❌‼️ Crashed | -1 | Log File |
VerilogCTF.txt | ❌‼️ Crashed | -1 | Log File |
CS_exp.txt | ❌‼️ Crashed | -1 | Log File |
MintoFinance_exp.txt | ❌‼️ Crashed | -1 | Log File |
Novo_exp.txt | ❌‼️ Crashed | -1 | Log File |
SELLC03_exp.txt | ❌‼️ Crashed | -1 | Log File |
Yyds_exp.txt | ❌‼️ Crashed | -1 | Log File |
DYNA_exp.txt | ❌‼️ Crashed | -1 | Log File |
EAC_exp.txt | ❌‼️ Crashed | -1 | Log File |
Annex_exp.txt | ❌‼️ Crashed | -1 | Log File |
PLTD_exp.txt | ❌‼️ Crashed | -1 | Log File |
ApeDAO_exp.txt | ❌‼️ Crashed | -1 | Log File |
GSS_exp.txt | ❌‼️ Crashed | -1 | Log File |
Axioma_exp.txt | ❌‼️ Crashed | -1 | Log File |
RFB_exp.txt | ❌‼️ Crashed | -1 | Log File |
HEALTH_exp.txt | ❌‼️ Crashed | -1 | Log File |
Found: 19
Project Name | Vulnerability Found | Time Taken | Log |
---|---|---|---|
BIGFI_exp.txt | ✅ Price Manipulation | 0h-1m-26s | Log File |
Shadowfi_exp.txt | ✅ Price Manipulation | 0h-3m-5s | Log File |
SEAMAN_exp.txt | ✅ Fund Loss | 0h-2m-11s | Log File |
BEGO_exp.txt | ✅ Fund Loss | 0h-0m-22s | Log File |
cftoken_exp.txt | ✅ Price Manipulation | 0h-0m-25s | Log File |
Carrot_exp.txt | ❌ | -1 | Log File |
MBC_ZZSH_exp.txt | ✅ Fund Loss | 0h-2m-45s | Log File |
AUR_exp.txt | ❌ | -1 | Log File |
SellToken_exp.txt | ✅ Fund Loss | 0h-0m-30s | Log File |
ROI_exp.txt | ✅ Fund Loss | 0h-0m-33s | Log File |
GPT_exp.txt | ❌ | -1 | Log File |
OLIFE_exp.txt | ❌ | -1 | Log File |
THB_exp.txt | ❌ | -1 | Log File |
VerilogCTF.txt | ❌‼️ Crashed | -1 | Log File |
CS_exp.txt | ✅ Price Manipulation | 0h-0m-21s | Log File |
MintoFinance_exp.txt | ✅ Fund Loss | 0h-0m-56s | Log File |
Novo_exp.txt | ✅ Price Manipulation | 0h-2m-30s | Log File |
SELLC03_exp.txt | ✅ Fund Loss | 0h-1m-27s | Log File |
Yyds_exp.txt | ✅ Fund Loss | 0h-1m-15s | Log File |
DYNA_exp.txt | ❌ | -1 | Log File |
EAC_exp.txt | ❌ | -1 | Log File |
Annex_exp.txt | ❌ | -1 | Log File |
PLTD_exp.txt | ✅ Price Manipulation | 0h-0m-45s | Log File |
ApeDAO_exp.txt | ✅ Price Manipulation | 0h-0m-46s | Log File |
GSS_exp.txt | ✅ Fund Loss | 0h-1m-4s | Log File |
Axioma_exp.txt | ✅ Fund Loss | 0h-0m-52s | Log File |
RFB_exp.txt | ✅ Fund Loss | 0h-2m-18s | Log File |
HEALTH_exp.txt | ✅ Price Manipulation | 0h-0m-16s | Log File |
Ityfuzz uses these standard mutations from libafl
But using a more evm-specific mutator for incrementing or decrementing inputs directly allows faster finding of control flow.
Take this contract
The values of 2097151 and 4194306 and 2 are push values that will be used by
ConstantHintedMutator
. However, copying inputs to these values directly will fail to get past<
and>
flows. Since<
and>
are such common operations on push'd values, I think adding mutators to help pass that is helpful.The
BitFlipMutator
after the ConstantHint is the best chance it has to get past the<
and>
, but it isn't as good as just trying to add or subtract one since the bitflips can be anywhere in the bit space, not just at the end.IncDecMutator
just takes the input and does a wrapping addition or subtractionResults
I ran on this example with debug target mode. Without the pr it takes ~12s and 40k executions. With the pr it's basically instant
WITHOUT
WITH