Data

Tools

Indexes

Applications

Experiments

Open Source Science

https://github.com/crytic/medusa

Parallelized, coverage-guided, mutational Solidity smart contract fuzzing, powered by go-ethereum

https://github.com/crytic/medusa

Science Score: 26.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Committers with academic emails
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (12.4%) to scientific vocabulary

Keywords from Contributors

solidity static-analysis vyper academic-papers conference-presentations security-reviews evm smart-contracts symbolic-execution fuzzer
Last synced: 6 months ago · JSON representation

Repository

Parallelized, coverage-guided, mutational Solidity smart contract fuzzing, powered by go-ethereum

Basic Info
Statistics
  • Stars: 415
  • Watchers: 20
  • Forks: 70
  • Open Issues: 125
  • Releases: 17
Created over 4 years ago · Last pushed 6 months ago
Metadata Files
Readme Contributing License Codeowners

README.md

medusa

medusa is a cross-platform go-ethereum-based smart contract fuzzer inspired by Echidna. It provides parallelized fuzz testing of smart contracts through CLI, or its Go API that allows custom user-extended testing methodology.

Disclaimer: The Go-level testing API is still under development and is subject to breaking changes.

Features

medusa provides support for:

  • ✔️Parallel fuzzing and testing methodologies across multiple workers (threads)
  • ✔️Assertion and property testing: built-in support for writing basic Solidity property tests and assertion tests
  • ✔️Mutational value generation: fed by compilation and runtime values.
  • ✔️Coverage collecting: Coverage increasing call sequences are stored in the corpus
  • ✔️Coverage guided fuzzing: Coverage increasing call sequences from the corpus are mutated to further guide the fuzzing campaign
  • ✔️Extensible low-level testing API through events and hooks provided throughout the fuzzer, workers, and test chains.
  • Extensible high-level testing API allowing for the addition of per-contract or global post call/event property tests with minimal effort.

Documentation

To learn more about how to install and use medusa, please refer to our documentation.

For a better viewing experience, we recommend you install mdbook and then running the following steps from medusa's source directory:

bash cd docs mdbook serve

Install

Run the following command to install the latest version of medusa:

```shell

go install github.com/crytic/medusa@latest ```

For more information on building from source, using package managers, or obtaining binaries for Windows and Linux, please refer to the installation guide.

Contributing

For information about how to contribute to this project, check out the CONTRIBUTING guidelines.

License

medusa is licensed and distributed under the AGPLv3.

Owner

  • Name: Crytic
  • Login: crytic
  • Kind: organization
  • Email: opensource@trailofbits.com
  • Location: New York, NY

Blockchain Security, by @trailofbits

GitHub Events

Total
  • Create event: 107
  • Issues event: 104
  • Release event: 7
  • Watch event: 110
  • Delete event: 97
  • Issue comment event: 247
  • Push event: 333
  • Gollum event: 1
  • Pull request review comment event: 69
  • Pull request review event: 88
  • Pull request event: 221
  • Fork event: 28
Last Year
  • Create event: 107
  • Issues event: 104
  • Release event: 7
  • Watch event: 110
  • Delete event: 97
  • Issue comment event: 247
  • Push event: 333
  • Gollum event: 1
  • Pull request review comment event: 69
  • Pull request review event: 88
  • Pull request event: 221
  • Fork event: 28

Committers

Last synced: 9 months ago

All Time
  • Total Commits: 271
  • Total Committers: 31
  • Avg Commits per committer: 8.742
  • Development Distribution Score (DDS): 0.668
Past Year
  • Commits: 112
  • Committers: 23
  • Avg Commits per committer: 4.87
  • Development Distribution Score (DDS): 0.598
Top Committers
Name Email Commits
anishnaik a****k@t****m 90
David Pokora d****a@g****m 61
alpharush 0****h@p****m 31
dependabot[bot] 4****] 31
Emilio López 2****z 8
samalws-tob 1****b 6
Benjamin Samuels 1****3 4
Gustavo Grieco 3****b 4
Maciej Domanski 3****s 3
Feist Josselin j****t@g****m 3
Damilola Edwards d****s@g****m 3
Priyanka Bose p****e@t****m 3
Tarun Bansal t****m@g****m 2
Simone 7****s 2
tuturu-tech e****j@t****m 2
0xZRA 8****A 2
bohendo b****n@t****m 2
bohendo b****o@s****m 1
Exca-DK d****o@g****m 1
Ezequiel Pérez 6****k 1
smichaels-tob 7****b 1
laterlaugh 1****h 1
highcloudwind h****d@a****m 1
growfrow g****w@o****m 1
VEERENDRA VAMSHI 1****A 1
Samuel Moelius 3****s 1
Mukul Kolpe m****5@g****m 1
MiloTruck 4****k 1
Jaime Iglesias 2****s 1
Igor Konnov i****r@k****d 1
and 1 more...
Committer Domains (Top 20 + Academic)
trailofbits.com: 4 konnov.phd: 1 aliyun.com: 1 skiff.com: 1

Issues and Pull Requests

Last synced: 6 months ago

All Time
  • Total issues: 245
  • Total pull requests: 558
  • Average time to close issues: 5 months
  • Average time to close pull requests: about 1 month
  • Total issue authors: 43
  • Total pull request authors: 41
  • Average comments per issue: 1.41
  • Average comments per pull request: 0.7
  • Merged pull requests: 275
  • Bot issues: 0
  • Bot pull requests: 193
Past Year
  • Issues: 59
  • Pull requests: 219
  • Average time to close issues: 23 days
  • Average time to close pull requests: 16 days
  • Issue authors: 21
  • Pull request authors: 28
  • Average comments per issue: 0.8
  • Average comments per pull request: 0.57
  • Merged pull requests: 112
  • Bot issues: 0
  • Bot pull requests: 67
View more stats
Top Authors
Issue Authors
  • anishnaik (55)
  • 0xalpharush (34)
  • ggrieco-tob (28)
  • Xenomega (18)
  • aviggiano (16)
  • rappie (13)
  • bsamuels453 (9)
  • 0xicingdeath (9)
  • montyly (7)
  • tuturu-tech (5)
  • damilolaedwards (4)
  • GalloDaSballo (4)
  • bohendo (3)
  • elopez (3)
  • Renzo1 (2)
Pull Request Authors
  • dependabot[bot] (193)
  • anishnaik (111)
  • 0xalpharush (66)
  • Xenomega (28)
  • damilolaedwards (20)
  • elopez (18)
  • samalws-tob (16)
  • bsamuels453 (9)
  • priyankabose (8)
  • s4nsec (7)
  • ggrieco-tob (7)
  • ahpaleus (6)
  • Leeyah-123 (6)
  • 0xZRA (6)
  • tuturu-tech (6)
Top Labels
Issue Labels
high-priority (32) help wanted (21) bug (19) good first issue (18) on hold (16) very-low-priority (16) low-priority (15) medium-priority (12) documentation (11) not-an-issue (9) planning (7) enhancement (5) milestone (2) feature-request (2) code-quality (1) dependencies (1)
Pull Request Labels
dependencies (193) go (150) github_actions (32)

Packages

  • Total packages: 2
  • Total downloads:
    • homebrew 122 last-month
  • Total dependent packages: 0
    (may contain duplicates)
  • Total dependent repositories: 0
    (may contain duplicates)
  • Total versions: 28
proxy.golang.org: github.com/crytic/medusa
  • Versions: 15
  • Dependent Packages: 0
  • Dependent Repositories: 0
Rankings
Dependent packages count: 7.7%
Average: 8.5%
Dependent repos count: 9.4%
Last synced: 6 months ago
formulae.brew.sh: medusa

Solidity smart contract fuzzer powered by go-ethereum

  • Versions: 13
  • Dependent Packages: 0
  • Dependent Repositories: 0
  • Downloads: 122 Last month
Rankings
Dependent packages count: 18.8%
Stargazers count: 31.6%
Forks count: 34.9%
Average: 36.5%
Downloads: 40.9%
Dependent repos count: 56.6%
Last synced: 6 months ago

Dependencies

.github/workflows/ci.yml actions
  • actions/checkout v3 composite
  • actions/setup-go v4 composite
  • actions/setup-go v3 composite
  • actions/setup-node v3 composite
  • actions/upload-artifact v3 composite
go.mod go
  • github.com/DataDog/zstd v1.5.2
  • github.com/Masterminds/semver v1.5.0
  • github.com/VictoriaMetrics/fastcache v1.12.0
  • github.com/beorn7/perks v1.0.1
  • github.com/btcsuite/btcd/btcec/v2 v2.3.2
  • github.com/cespare/xxhash/v2 v2.2.0
  • github.com/cockroachdb/errors v1.9.1
  • github.com/cockroachdb/logtags v0.0.0-20230118201751-21c54148d20b
  • github.com/cockroachdb/pebble v0.0.0-20230209160836-829675f94811
  • github.com/cockroachdb/redact v1.1.3
  • github.com/davecgh/go-spew v1.1.1
  • github.com/deckarep/golang-set/v2 v2.1.0
  • github.com/decred/dcrd/dcrec/secp256k1/v4 v4.1.0
  • github.com/ethereum/go-ethereum v1.11.1
  • github.com/fxamacker/cbor v1.5.1
  • github.com/getsentry/sentry-go v0.18.0
  • github.com/go-ole/go-ole v1.2.6
  • github.com/go-stack/stack v1.8.1
  • github.com/gogo/protobuf v1.3.2
  • github.com/golang/protobuf v1.5.2
  • github.com/golang/snappy v0.0.4
  • github.com/google/uuid v1.3.0
  • github.com/gorilla/websocket v1.5.0
  • github.com/holiman/big v0.0.0-20221017200358-a027dc42d04e
  • github.com/holiman/bloomfilter/v2 v2.0.3
  • github.com/holiman/uint256 v1.2.1
  • github.com/inconshreveable/mousetrap v1.1.0
  • github.com/klauspost/compress v1.15.15
  • github.com/kr/pretty v0.3.1
  • github.com/kr/text v0.2.0
  • github.com/mattn/go-runewidth v0.0.14
  • github.com/matttproud/golang_protobuf_extensions v1.0.4
  • github.com/olekukonko/tablewriter v0.0.5
  • github.com/pkg/errors v0.9.1
  • github.com/pmezard/go-difflib v1.0.0
  • github.com/prometheus/client_golang v1.14.0
  • github.com/prometheus/client_model v0.3.0
  • github.com/prometheus/common v0.39.0
  • github.com/prometheus/procfs v0.9.0
  • github.com/prometheus/tsdb v0.10.0
  • github.com/rivo/uniseg v0.4.3
  • github.com/rogpeppe/go-internal v1.9.0
  • github.com/shirou/gopsutil v3.21.11+incompatible
  • github.com/spf13/cobra v1.7.0
  • github.com/spf13/pflag v1.0.5
  • github.com/stretchr/testify v1.8.2
  • github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7
  • github.com/tklauser/go-sysconf v0.3.11
  • github.com/tklauser/numcpus v0.6.0
  • github.com/x448/float16 v0.8.4
  • github.com/yusufpapurcu/wmi v1.2.2
  • golang.org/x/crypto v0.8.0
  • golang.org/x/exp v0.0.0-20230206171751-46f607a40771
  • golang.org/x/net v0.9.0
  • golang.org/x/sys v0.7.0
  • golang.org/x/text v0.9.0
  • google.golang.org/protobuf v1.28.1
  • gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce
  • gopkg.in/yaml.v3 v3.0.1
go.sum go
  • 441 dependencies
compilation/platforms/testdata/hardhat/basic_project/package.json npm
  • @nomicfoundation/hardhat-toolbox ^1.0.2 development
  • hardhat ^2.10.2 development