Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug-Candidate]: General Malfunction #1296

Closed
Renzo1 opened this issue Jul 24, 2024 · 2 comments
Closed

[Bug-Candidate]: General Malfunction #1296

Renzo1 opened this issue Jul 24, 2024 · 2 comments

Comments

@Renzo1
Copy link

Renzo1 commented Jul 24, 2024

Describe the issue:

I've noticed a couple of issues, with the main one being that the test contract doesn't deploy, as shown in the snippet below. The first image is from a campaign run with an older version.

CryticTester_Old
[Image 1: Screen shot of old fuzz campaign]

CryticTester_New
[Image 2: Screen shot with latest Medusa (version 0.1.5)]

Additionally, the corpus for the Target Functions is misleading. It indicates that the tested contract is called, but there is no real effect because even the simplest assertions that should break by calling the contract pass.

This issue initially appeared with Medusa, which gave this runtime error:

panic: runtime error: invalid memory address or nil pointer dereference

    panic: runtime error: invalid memory address or nil pointer dereference

[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xca727b]

The contract compiles and shows signs that it is about to start fuzzing, but it doesn't progress beyond zero sequences (breaks on 1 seq/s). Something like this: ⇾ fuzz: elapsed: 1m23s, calls: 135 (41/sec).

When I tried Echidna, it ran, but the corpus shows that the test contract constructor is never called. The targetFunctions still show as green, but there is no real effect, as mentioned earlier.

Initially, I suspected it might be an issue with my tested contract or setup, but after hours of reviewing my code and confirming that Foundry is working fine, I suspect it might be related to recent upgrades in the fuzzers. To verify, I fuzzed an old project, which confirmed the issue for me.

I tested this on several projects, and the problem persists. I even cloned and built the default Recon-Foundry project without making any changes, and the issue persisted -- test contract constructor is not hit.

You can try it yourself:

forge init --template https://github.com/Recon-Fuzz/create-chimera-app

I'd like to know if anyone else has experienced this issue and, if so, how you resolved it, or if there's a recommended stable version to downgrade to.

Code example to reproduce the issue:

forge init --template https://github.com/Recon-Fuzz/create-chimera-app

Version:

Echidna version: 2.2.4

Slither version: 0.10.3

Relevant log output:

panic: runtime error: invalid memory address or nil pointer dereference

    panic: runtime error: invalid memory address or nil pointer dereference

[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0xca727b]
@ggrieco-tob
Copy link
Member

Hi!,

Regarding echidna, the tool does not record coverage during deployment, so it will not be in the report, but it should work fine. This is a known issue (#539). Regarding the medusa crash, you will need to open a issue report in the medusa issue tracker so we can discuss it there.

Closing this, as a duplicate of an issue we already have.

@Renzo1
Copy link
Author

Renzo1 commented Jul 24, 2024

Opened the medusa issue: crytic/medusa#410

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants