Fuzzing Solidity/Ethereum Smart Contract using Foundry/Forge
ฝัง
- เผยแพร่เมื่อ 29 ก.ย. 2024
- 📥 Download source code and materials: academy.fuzzin...
In this video, I will show how to run and customize Foundry/Forge to fuzz an Ethereum smart contract in Solidity. I will also mention what, in my opinion, is missing regarding Foundry fuzzing compare to Echidna.
#fuzzing #ethereum #solidity
links:
- fuzzinglabs.co...
- github.com/fou...
- book.getfoundr...
- book.getfoundr...
- hackmd.io/@xx8...
- github.com/luc...
- Pa...
- github.com/cla...
- academy.fuzzin...
==== 💻 FuzzingLabs Training ====
- C/C++ Whitebox Fuzzing: academy.fuzzin...
- Rust Security Audit and Fuzzing: academy.fuzzin...
- WebAssembly Reversing and Dynamic Analysis: academy.fuzzin...
- Go Security Audit and Fuzzing: academy.fuzzin...
==== 🦄 Join the community ====
academy.fuzzin...
==== 📡 Socials ====
- Twitter: / fuzzinglabs
- Telegram: t.me/fuzzinglabs
- TikTok: / fuzzinglabs
Keywords: Fuzzing, Fuzz Testing, Foundry, Forge, Fuzz, Invariant testing, Echidna, Harvey, Property testing
Link to this video: • Fuzzing Solidity/Ether...
![State of the Art of Ethereum Smart Contract Fuzzing in 2022 [EthCC5]](http://i.ytimg.com/vi/RrdrfdtWnSo/mqdefault.jpg)
📥 Download source code and materials: academy.fuzzinglabs.com/introduction-to-ethereum-security?coupon=TH-cam
Devs with the name 'Patrick' are very generous. Thanks for the content!
88th...Thanks. Great to know Foundry. Kindly please create a tutorial on how to deploy it in both the Ethereum testnet and mainnet please.
Thanks Patrick!
Thanks for the vid! Thoughts on fuzzing vs. FV for smart contracts?
Fuzzing will be faster to put in place, help to generate unit test inputs and allow progressive understanding of the targeted contract. FV is really powerful but it requires a lot of time and knowledge to create valid and interesting rules. Both should be used and I think the workflow should be fuzzing first and then adding property testing methods in the contract. Once it's good you can start with stuff like halmos for example and then do the heavy work of converting your properties into something like certora spec.
Just now getting into Web3/smart contract hacking bug bounties and fuzzing at the same time. You were the first person I thought of! :) I appreciate your help Patrick and these videos. Keep it up!
Glad I could help!
good video my man! very useful. out of curiosity, what OS do you use? is this arch + i3?
Ubuntu + awesome wm ;)
Hi , I am getting error when importing files having different versions (openzepplin files and forge-std ) How to deal with that ?
Thanks!
Which kind of errors?
This one "Discovered incompatible solidity versions in following" and it show me my files , forge-std and openzepplin contracts with their versions.
My contracts are 0.8.7
Openzeppelin files are 0.8.13 or 0.8.17
And the forge-std are 0.6.2
Just change the solidity pragma at the beginning of you files I think. And verify what is your solidity compiler version, update it if necessary using solc-select
Thanks! That works now :)
Just one last question, when I run "forge build"does it search for all .sol inside my current folder ? Also "forge test" search for .t.sol inside test ?
Good questions, I think yes for both but you should take a look at the documentation of foundry/forge