publicqi
commented
1 month ago If you comment that out or pass in --run-forever the fuzzer will not exit on finding new bugs. It will continue find violations. Do you expect to find another bug in your example?
e.g. TriggerOnce can only have one vulnerable path.
contract TriggerOnce {
function trigger() external {
bug();
}
}
contract TriggerMultitimes {
function trigger(uint256 a) {
if (a < 0x10) {
bug();
}
}
}
Dear Developer,
Hello! Recently, I have been using the ityfuzz tool you developed to find vulnerabilities in smart contracts. I noticed that the condition for program termination in the code is the part enclosed in the red box in the figure below. If I comment out the boxed code, I expected it to continue finding other ways to trigger bugs, but ityfuzz just keeps mutating and executing without finding any other bug-triggering outputs.
Could you explain why this is happening? And how can I implement my desired functionality (to continuously find other sequences of calls that trigger vulnerabilities)?
Best regards.