search
Ctrlk
Hosted ItyFuzz on Blaz
githubEdit

Writing Invariants

ItyFuzz, by default, supports finding Echidnaarrow-up-right and Scribblearrow-up-right invariant violations. You do not need to change the code if it works for Echidna, Mythril, Harvey, etc. ItyFuzz also supports bug(), which indicates the current code shall not be reached.

hashtag
Echidna Support

Any contracts bearing functions starting with echidna_ will be treated as invariants and will be tested by ItyFuzz. If it returns false, the fuzzer will report a bug.

function echidna_test() public {
    assert(false);
}

hashtag
Scribble Support

Scribble is a tool for writing specifications for Solidity contracts. ItyFuzz supports Scribble annotations after it is compiled by scribble.

For example, the following contract has a Scribble annotation that specifies the return value of inc:

contract Foo {
    /// #if_succeeds {:msg "P1"} y == x + 2;
    function inc(uint x) public pure returns (uint y) {
        return x+1;
    }
}

You need to compile the contract using scribble and pass the compiled contract to ItyFuzz

Note that you must add --no-assert to the scribble command. Otherwise, ItyFuzz will not detect any bugs.

Then compile with solc and run ItyFuzz:

hashtag
bug() Support

You can insert bug() or typed_bug(string message) in your contract to report a condition when the bug is found.

For instance, a simple case can be written as follows:

The implementation of bug() is as follows:

You can either paste the code above into your contract or import it from solidity_utils/lib.solarrow-up-right, if you are using bug or typed_bug.

PreviousConstructor for Offchain FuzzingNextDetecting Common Vulns

Last updated