fuzz
The fuzz command will initiate a fuzzing campaign:
medusa fuzz [flags]
Supported Flags
--config
The --config flag allows you to specify the path for your project configuration
file. If the --config flag is not used, medusa will look for a medusa.json file in the
current working directory.
# Set config file path
medusa fuzz --config myConfig.json
--compilation-target
The --compilation-target flag allows you to specify the compilation target. If you are using crytic-compile, please review the
warning here about changing the compilation target.
# Set compilation target
medusa fuzz --compilation-target TestMyContract.sol
--workers
The --workers flag allows you to update the number of threads that will perform parallelized fuzzing (equivalent to
fuzzing.workers)
# Set workers
medusa fuzz --workers 20
--timeout
The --timeout flag allows you to update the duration of the fuzzing campaign (equivalent to
fuzzing.timeout)
# Set timeout
medusa fuzz --timeout 100
--test-limit
The --test-limit flag allows you to update the number of transactions to run before stopping the fuzzing campaign
(equivalent to fuzzing.testLimit)
# Set test limit
medusa fuzz --test-limit 100000
--seq-len
The --seq-len flag allows you to update the length of a call sequence (equivalent to
fuzzing.callSequenceLength)
# Set sequence length
medusa fuzz --seq-len 50
--target-contracts
The --target-contracts flag allows you to update the target contracts for fuzzing (equivalent to
fuzzing.targetContracts)
# Set target contracts
medusa fuzz --target-contracts "TestMyContract, TestMyOtherContract"
--corpus-dir
The --corpus-dir flag allows you to set the path for the corpus directory (equivalent to
fuzzing.corpusDirectory)
# Set corpus directory
medusa fuzz --corpus-dir corpus
--senders
The --senders flag allows you to update medusa's senders (equivalent to
fuzzing.senderAddresses)
# Set sender addresses
medusa fuzz --senders "0x50000,0x60000,0x70000"
--deployer
The --deployer flag allows you to update medusa's contract deployer (equivalent to
fuzzing.deployerAddress)
# Set deployer address
medusa fuzz --deployer "0x40000"
--use-slither
The --use-slither flag allows you to run Slither on the codebase to extract valuable constants for mutation testing.
Equivalent to slither.useSlither. Note
that if there are cached results (via slither.CachePath) then
the cache will be used.
# Run slither and attempt to use cache, if available
medusa fuzz --use-slither
--use-slither-force
The --use-slither-force flag is similar to --use-slither except the cache at slither.CachePath will be
overwritten.
# Run slither and overwrite the cache
medusa fuzz --use-slither-force
--fail-fast
The --fail-fast flag enables fast failure (equivalent to
testing.StopOnFailedTest)
# Enable fast failure
medusa fuzz --fail-fast
-v, -vv, -vvv
The verbosity flags control the level of detail shown in execution traces (equivalent to testing.verbosity):
-v: Shows only top-level transactions in the execution trace. Only events in the top-level call frame and return data are included (Verbose level).-vv: Shows nested calls with standard detail - this is the default behavior (VeryVerbose level).-vvv: Shows all call sequence elements with maximum detail, attaching traces to every call in the sequence (VeryVeryVerbose level).
# Set verbosity to top-level only
medusa fuzz -v
# Set verbosity to nested calls (default)
medusa fuzz -vv
# Set verbosity to maximum detail
medusa fuzz -vvv
--no-color
The --no-color flag disables colored console output (equivalent to
logging.NoColor)
# Disable colored output
medusa fuzz --no-color
--explore
The --explore flag enables exploration mode. This sets the StopOnFailedTest and StopOnNoTests
fields to false and turns off assertion, property, and optimization testing.
# Enable exploration mode
medusa fuzz --explore