fuzzinglabs / cairo-fuzzer Goto Github PK
View Code? Open in Web Editor NEWCairo/Starknet smart contract fuzzer
License: GNU Affero General Public License v3.0
Cairo/Starknet smart contract fuzzer
License: GNU Affero General Public License v3.0
Create or use a mutator with those features:
Add custom seed to the mutator generation so we can reproduce the execution of a fuzzer.
needed for integration into cairo-foundry, protostar?
add --address command line that allows the user to fuzz a deployed contract by scrapping it localy
similar to echidna: https://github.com/crytic/echidna/releases/tag/v2.0.4
Add a comment to replay the corpus folder.
When using the fuzz_loop_for
function, the fuzzer freezes and does not iterate anymore
how does cairo-rs can handle transactions?
Is it possible to execute in the same context ?
Add support of cairo1.0 and deserialization of SIerra program.
Currently getting these errors when trying to build the project:
error[E0412]: cannot find type `Program` in module `starknet_api::state`
--> /home/amanusk/.cargo/git/checkouts/starknet_in_rust-5ed3fb606db6f862/87da5fb/src/services/api/contract_class.rs:204:36
|
204 | program: &starknet_api::state::Program,
| ^^^^^^^ not found in `starknet_api::state`
|
help: consider importing one of these items
|
1 + use cairo_rs::types::program::Program;
|
1 + use starknet_api::deprecated_contract_class::Program;
|
help: if you import `Program`, refer to it directly
|
204 - program: &starknet_api::state::Program,
204 + program: &Program,
|
error[E0609]: no field `program` on type `starknet_api::state::ContractClass`
--> /home/amanusk/.cargo/git/checkouts/starknet_in_rust-5ed3fb606db6f862/87da5fb/src/services/api/contract_class.rs:136:63
|
136 | ...m(&contract_class.program).unwrap();
| ^^^^^^^ unknown field
|
= note: available fields are: `sierra_program`, `entry_point_by_type`, `abi`
error[E0609]: no field `entry_points_by_type` on type `starknet_api::state::ContractClass`
--> /home/amanusk/.cargo/git/checkouts/starknet_in_rust-5ed3fb606db6f862/87da5fb/src/services/api/contract_class.rs:137:72
|
137 | ...contract_class.entry_points_by_type);
| ^^^^^^^^^^^^^^^^^^^^ help: a field with a similar name exists: `entry_point_by_type`
error[E0609]: no field `offset` on type `starknet_api::state::EntryPoint`
--> /home/amanusk/.cargo/git/checkouts/starknet_in_rust-5ed3fb606db6f862/87da5fb/src/services/api/contract_class.rs:192:32
|
192 | let offset = e.offset.0;
| ^^^^^^ unknown field
|
= note: available fields are: `function_idx`, `selector`
Some errors have detailed explanations: E0412, E0609.
For more information about an error, try `rustc --explain E0412`.
error: could not compile `starknet-rs` (lib) due to 4 previous errors
warning: build failed, waiting for other jobs to finish...
Maybe we should consider adding a lock file
How can we execute starknet contract
Refacto corpus format to a json format like the example bellow :
{
"function_name": "function_toto",
"function_args": [
"felt",
"felt",
"felt"
],
"inputs": [
[
"00",
"01",
"02"
],
[
"00",
"01",
"02"
],
[
"00",
"01",
"02"
]
]
}
We will also need to update te minimizer and the replayer.
Fuzzing starknet contract is kind of complex and not optimized yet.
Here is a description of the workflow with the essential links :
How to use starknet-devnet and interact with starknet-contract
STARKNET_DEVNET_CAIRO_VM=rust starknet-devnet
The fuzzer
Constraints
fix pub fn load_from_folder(foldername: &String, workspace: &String)
functions
halt
can we have?For now we handle only one implicit argument (output_ptr for example)
But what if we have multiple implicit args ?
Add a minimizer for the input folder.
A config object will simplify the usage of the fuzzer by other libraries and even internally it will make it more easy to extend, some idea of stuff that can be inside:
For the flags/options, we can take a look at libfuzzer options as inspirations.
JFYI: for example wasmtime is using this design with a config file: https://github.com/bytecodealliance/wasmtime/blob/2afaac5181f4b73e86fac39d095c84a9b8e59129/crates/fuzzing/src/generators/config.rs#L370
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.