https://github.com/crytic/medusa - v1.3.1

This marks a bug release of medusa. This version has bug fixes for issues related to automated library linking and event management.

What's Changed

• Filter coverage report using the coverageExclusions configuration option by @elopez in https://github.com/crytic/medusa/pull/663

Bug Fixes

• Fix issue with capturing events while tracing by @elopez in https://github.com/crytic/medusa/pull/675
• Fix deployment order when predeploys and auto-linking are both used by @samalws-tob in https://github.com/crytic/medusa/pull/658
• Fix library linking issue in the HTML coverage report by @anishnaik in https://github.com/crytic/medusa/pull/671

New Contributors

• @GalloDaSballo made their first contribution in https://github.com/crytic/medusa/pull/672

Full Changelog: https://github.com/crytic/medusa/compare/v1.3.0...v1.3.1

- Go
Published by anishnaik 6 months ago

https://github.com/crytic/medusa - v1.3.0

This marks a minor release of medusa. This version brings significant performance improvements, support for go-ethereum@v1.15.5, pruning of corpus elements, and rich support for external libraries.

We have improved the coverage tracking mechanism and reduced the number of state writes required, which brings a marked improvement in medusa's speed.

We now support the ability to prune corpus elements using the PruneFrequency configuration option. Pruning corpus elements aids in managing the overall corpus size and improves the likelihood that each element in the corpus aids in improving the coverage of the system.

Finally, since external libraries are now fully supported, users no longer have to use the PredeployedContracts configuration option or pass the --compile-libraries flag to crytic-compile.

What's Changed

• Reduce coverage tracking bloat for dynamically created contracts by @samalws-tob in https://github.com/crytic/medusa/pull/627
• Reduce the number of state writes by @samalws-tob in https://github.com/crytic/medusa/pull/629
• Add external library support by @priyankabose in https://github.com/crytic/medusa/pull/630
• Prune unnecessary transaction sequences from corpus by @samalws-tob in https://github.com/crytic/medusa/pull/625
• Upgrade to go-ethereum v1.15.5 by @anishnaik in https://github.com/crytic/medusa/pull/615

Bug Fixes

• Synchronize writes while running commands to avoid data race by @samalws-tob in https://github.com/crytic/medusa/pull/624

Full Changelog: https://github.com/crytic/medusa/compare/v1.2.1...v1.3.0

- Go
Published by anishnaik 7 months ago

https://github.com/crytic/medusa - v1.2.1

This marks a minor release of medusa. Version 1.2.1 brings a patch that allows users to install medusa using go install.

Bug Fixes

• Fix go install installation by @elopez in https://github.com/crytic/medusa/pull/609

Full Changelog: https://github.com/crytic/medusa/compare/v1.2.0...v1.2.1

- Go
Published by anishnaik 11 months ago

https://github.com/crytic/medusa - v1.2.0

This marks a minor release of medusa. Version 1.2.0 has a variety of new features, including the introduction of some very needed cheatcodes (startPrank, stopPrank, and getCode), verbosity levels for execution traces, and revert reports. Additionally, we have made significant improvements to the HTML coverage reports to improve user experience. Finally, we have migrated to branch coverage-guided fuzzing which, according to our internal benchmarking results, significantly outperforms PC coverage-guided fuzzing.

The installation process is now simpler than ever. Users across all operating systems can now run go install github.com/crytic/medusa@latest to download medusa!

What's Changed

• Support for startPrank and stopPrank cheatcodes by @Xenomega in https://github.com/crytic/medusa/pull/594
• Support for getCode cheatcode by @0xZRA in https://github.com/crytic/medusa/pull/593
• Add verbosity levels to execution traces by @priyankabose in https://github.com/crytic/medusa/pull/601
• Migrate from PC-based coverage to branch-based coverage by @samalws-tob in https://github.com/crytic/medusa/pull/585
• Introduction of revert reports for easier harness debugging by @bsamuels453 in https://github.com/crytic/medusa/pull/466
• Add file explorer and search capabilities to HTML coverage reports by @anishnaik in https://github.com/crytic/medusa/pull/588
• Support specifying target contract balances using hex, base-10, and scientific notation by @0xZRA in https://github.com/crytic/medusa/pull/580
• medusa-geth module path refactor by @Xenomega in https://github.com/crytic/medusa/pull/584

New Contributors

• @0xZRA made their first contribution in https://github.com/crytic/medusa/pull/580
• @laterlaugh made their first contribution in https://github.com/crytic/medusa/pull/589
• @MiloTruck made their first contribution in https://github.com/crytic/medusa/pull/597
• @growfrow made their first contribution in https://github.com/crytic/medusa/pull/596
• @MKVEERENDRA made their first contribution in https://github.com/crytic/medusa/pull/587

Full Changelog: https://github.com/crytic/medusa/compare/v1.1.1...v1.2.0

- Go
Published by anishnaik 11 months ago

https://github.com/crytic/medusa - v1.1.1

This marks a minor release of medusa. Version 1.1.1 fixes two critical bugs: an out-of-memory leak that occurs during corpus initialization and a race condition due to concurrent reads and writes on coverage maps.

What's Changed

• Enable calling view methods by default by @anishnaik in https://github.com/crytic/medusa/pull/569
• Use address labels while logging call sequences by @smonicas in https://github.com/crytic/medusa/pull/572

Bug Fixes

• Fix memory leak during corpus initialization by @anishnaik in https://github.com/crytic/medusa/pull/581
• Acquire lock before calculating the unique program counter value by @anishnaik in https://github.com/crytic/medusa/pull/575
• Fix bug with the traceAll feature by @anishnaik in https://github.com/crytic/medusa/pull/573
• Trim whitespace around FFI output by @anishnaik in https://github.com/crytic/medusa/pull/578

Full Changelog: https://github.com/crytic/medusa/compare/v1.1.0...v1.1.1

- Go
Published by anishnaik about 1 year ago

https://github.com/crytic/medusa - v1.1.0

This marks a minor release of medusa. Version 1.1.0 introduces a few critical bug fixes and some minor feature additions.

What's Changed

• Allow users to specify additional arguments while running slither @anishnaik in https://github.com/crytic/medusa/pull/554
• Add --rpc-url and --rpc-block flags by @anishnaik in https://github.com/crytic/medusa/pull/557
• Add "Collapse all" and "Expand all" buttons to the HTML coverage report by @Xenomega in https://github.com/crytic/medusa/pull/302
• Deprecation of the difficulty cheatcode which is now a no-op by @anishnaik in https://github.com/crytic/medusa/pull/564
• Introduction of the prevrandao cheatcode by @anishnaik in https://github.com/crytic/medusa/pull/564
• Improvements to logging during call sequence shrinking by @anishnaik in https://github.com/crytic/medusa/pull/564

Bug Fixes

• Hotfix for a non-deterministic panic that was triggered with the introduction of on-chain fuzzing by @bsamuels453 in https://github.com/crytic/medusa/pull/560
• Fix issues related to using VM cheatcodes by @anishnaik in https://github.com/crytic/medusa/pull/564
• Fix panic that occurred in optimization mode by @anishnaik in https://github.com/crytic/medusa/pull/564
• Fix issues related to context management and cancellations by @anishnaik in https://github.com/crytic/medusa/pull/564

Full Changelog: https://github.com/crytic/medusa/compare/v1.0.0...v1.1.0

- Go
Published by anishnaik about 1 year ago

https://github.com/crytic/medusa - v1.0.0

This is medusa's first major release. It includes many powerful features and important bug fixes. The biggest update is the introduction of on-chain fuzzing! medusa can now run starting with an existing state provided by an external RPC service (Infura, Alchemy, local node, etc). This enables users to speed up the fuzzing setup when using already deployed contracts. Please note that the on-chain fuzzing capability is in "experimental mode" and will continue to improve over the next few releases.

Additional features include integration with Slither for improved value generation, capturing transaction return values for improved value generation, efficient shrinking during optimization mode, and support for the label cheatcode.

What's Changed

• Support for on-chain fuzzing via external RPC by @bsamuels453 in https://github.com/crytic/medusa/pull/513
• Integrate Slither for improved value generation by @anishnaik in https://github.com/crytic/medusa/pull/530
• Capture transaction return values for improved value generation by @anishnaik in https://github.com/crytic/medusa/pull/533
• Add support for the vm.label cheatcode by @priyankabose in https://github.com/crytic/medusa/pull/545
• Improve runtime performance and shrinking during optimization mode by @anishnaik in https://github.com/crytic/medusa/pull/548
• Add Docker support by @elopez in https://github.com/crytic/medusa/pull/522
• Add Nix support by @bohendo in https://github.com/crytic/medusa/pull/143
• Add support for exploration mode through the CLI by @tuturu-tech in https://github.com/crytic/medusa/pull/526

Bug Fixes

• Fix warp to allow for the setting of a starting timestamp by @anishnaik in https://github.com/crytic/medusa/pull/499
• Fix duplication bug in program counter coverage by @0xalpharush in https://github.com/crytic/medusa/pull/485
• Fix execution tracing during failed contract deployments by @anishnaik in https://github.com/crytic/medusa/pull/538
• Fix weighting of corpus items to use timestamp to favor 'hardest-to-discover' inputs by @0xalpharush in https://github.com/crytic/medusa/pull/383
• Improve error logging for arithmetic overflows and underflows by @hexshire in https://github.com/crytic/medusa/pull/536
• Fix error handling during corpus initialization by @MukulKolpe in https://github.com/crytic/medusa/pull/537

New Contributors

• @tuturu-tech made their first contribution in https://github.com/crytic/medusa/pull/526
• @bohendo made their first contribution in https://github.com/crytic/medusa/pull/143
• @hexshire made their first contribution in https://github.com/crytic/medusa/pull/536
• @MukulKolpe made their first contribution in https://github.com/crytic/medusa/pull/537
• @priyankabose made their first contribution in https://github.com/crytic/medusa/pull/543
• @bsamuels453 made their first contribution in https://github.com/crytic/medusa/pull/513

Full Changelog: https://github.com/crytic/medusa/compare/v0.1.8...v1.0.0

- Go
Published by anishnaik about 1 year ago

https://github.com/crytic/medusa - v0.1.8

This marks a minor release of medusa. Note that this version has no new features or bug fixes from the previous version (v0.1.7). A new release had to be made due to a bug in the CI of medusa that prevented the CI artifacts for the release from being built correctly (#406).

- Go
Published by anishnaik over 1 year ago

https://github.com/crytic/medusa - v0.1.7

This marks a minor release of medusa. Version 0.1.7 brings a variety of critical bug fixes, adds support for LCOV reports, and has optimizations that improves coverage tracking.

What's Changed

• Display success and revert hit count in coverage report (#364 ) by @0xalpharush
• Add LCOV support (#442 ) by @0xalpharush
• Improve performance during coverage tracking (#472 ) by @samalws
• Update corpus format (#456 ) by @anishnaik
• Disable account checks to allow for non-EOA transaction origins (#468 ) by @0xalpharush
• Log unique PCs that have been encountered by medusa (#453 ) by @0xalpharush

Bug Fixes

• Fix a missing initcode size override (#483 ) by @anishnaik
• Fix panic during execution tracing (#457 ) by @anishnaik
• Fix bug related to initial contract balances when using predeployed contracts (#461 ) by @0xalpharush
• Fix bug that prevented deployed addresses from being added to the value set (#488 ) by @smonicas

New Contributors

• @highcloudwind made their first contribution in https://github.com/crytic/medusa/pull/430
• @samalws-tob made their first contribution in https://github.com/crytic/medusa/pull/472
• @smonicas made their first contribution in https://github.com/crytic/medusa/pull/488

Full Changelog: https://github.com/crytic/medusa/compare/v0.1.6...v0.1.7

- Go
Published by anishnaik over 1 year ago

https://github.com/crytic/medusa - v0.1.6

This marks a minor release of medusa. Version 0.1.6 brings a variety of critical bug fixes related to coverage tracking, coverage reporting, and execution tracing.

Bug Fixes

• Fix regression in coverage reports for constructors (https://github.com/crytic/medusa/pull/412)
• Fix panic while execution tracing cheatcode execution (https://github.com/crytic/medusa/pull/411)
• Fixed source unit Iookup and coverage reporting due to changes made to Foundry's compilation artifacts (https://github.com/crytic/medusa/pull/427)
• Reduce bias in weighted method selection that was omitting some methods (https://github.com/crytic/medusa/pull/427)

Full Changelog: https://github.com/crytic/medusa/compare/v0.1.5...v0.1.6

- Go
Published by anishnaik over 1 year ago

https://github.com/crytic/medusa - v0.1.5

This marks a minor release of Medusa. Note that this version has no new features or bug fixes from the previous version (v0.1.4). A new release had to be made due to an inconsistency in the version that was reported by the medusa binary (via medusa --version) versus the version tag on GitHub and package managers such as Homebrew.

- Go
Published by anishnaik over 1 year ago

https://github.com/crytic/medusa - v0.1.4

This marks a minor release of medusa. Version 0.1.4 brings support for the new Cancun fork of go-ethereum. We also added additional features such as the ability to test pure/view functions, deterministically deploy contracts to fixed address, filter functions, and support for new cheatcodes. Finally, other minor QoL improvements and bug fixes were made in this release.

What's Changed

• Support for the new Cancun fork. This includes new opcodes such as TLOAD or TSTORE (https://github.com/crytic/medusa/pull/397)
• Added the ability to call pure or view methods in assertion testing mode (https://github.com/crytic/medusa/pull/363)
• Support for deterministic deployment of contracts to predefined addresses (https://github.com/crytic/medusa/pull/353)
• Support for blacklisting and whitelisting function signatures (https://github.com/crytic/medusa/pull/400)
• Support for the snapshot and revertTo cheatcodes (https://github.com/crytic/medusa/pull/276)
• Attachment of execution traces for failed contract deployments (https://github.com/crytic/medusa/pull/337)
• Attachment of execution traces for reverting property tests (https://github.com/crytic/medusa/pull/335)
• Display test cases discovered by the fuzzer on startup (https://github.com/crytic/medusa/pull/382)
• Improved documentation (https://github.com/crytic/medusa/pull/348)
• Automated release builds in the CI (https://github.com/crytic/medusa/pull/342)

Bug Fixes

• Use of function signatures in execution traces to handle overloaded function names (https://github.com/crytic/medusa/pull/336)
• Mutate calldata in call sequence mutator (https://github.com/crytic/medusa/pull/380)
• Mutate calldata during shrinking (https://github.com/crytic/medusa/pull/374)
• Use default compilation platform during fuzzer initialization (https://github.com/crytic/medusa/pull/362)

New Contributors

• Thank you to @konnov for their first contribution (https://github.com/crytic/medusa/pull/347)

Full Changelog: https://github.com/crytic/medusa/compare/v0.1.3...v0.1.4

- Go
Published by anishnaik over 1 year ago

https://github.com/crytic/medusa - v0.1.4

This marks a minor release of medusa. Version 0.1.4 brings support for the new Cancun fork of go-ethereum. We also added additional features such as the ability to test pure/view functions, deterministically deploy contracts to fixed address, filter functions, and support for new cheatcodes. Finally, other minor QoL improvements and bug fixes were made in this release.

What's Changed

• Support for the new Cancun fork. This includes new opcodes such as TLOAD or TSTORE (https://github.com/crytic/medusa/pull/397)
• Added the ability to call pure or view methods in assertion testing mode (https://github.com/crytic/medusa/pull/363)
• Support for deterministic deployment of contracts to predefined addresses (https://github.com/crytic/medusa/pull/353)
• Support for blacklisting and whitelisting function signatures (https://github.com/crytic/medusa/pull/400)
• Support for the snapshot and revertTo cheatcodes (https://github.com/crytic/medusa/pull/276)
• Attachment of execution traces for failed contract deployments (https://github.com/crytic/medusa/pull/337)
• Attachment of execution traces for reverting property tests (https://github.com/crytic/medusa/pull/335)
• Display test cases discovered by the fuzzer on startup (https://github.com/crytic/medusa/pull/382)
• Improved documentation (https://github.com/crytic/medusa/pull/348)
• Automated release builds in the CI (https://github.com/crytic/medusa/pull/342)

Bug Fixes

• Use of function signatures in execution traces to handle overloaded function names (https://github.com/crytic/medusa/pull/336)
• Mutate calldata in call sequence mutator (https://github.com/crytic/medusa/pull/380)
• Mutate calldata during shrinking (https://github.com/crytic/medusa/pull/374)
• Use default compilation platform during fuzzer initialization (https://github.com/crytic/medusa/pull/362)

New Contributors

• Thank you to @konnov for their first contribution (https://github.com/crytic/medusa/pull/347)

Full Changelog: https://github.com/crytic/medusa/compare/v0.1.3...v0.1.4

- Go
Published by anishnaik over 1 year ago

https://github.com/crytic/medusa - v0.1.3

This marks a minor release of medusa. Version 0.1.3 brings fixes to a variety of critical and minor bugs, improvements in shrinking performance, improved logging, exit code standardization, and other quality-of-life improvements.

What's Changed

• Added a ShrinkLimit configuration parameter that bounds the number of iterations that the call sequence and value shrinking process executes for. This limits worker exhaustion on heavy-processing call sequences.
• Standardized medusa exit codes. 0 means the fuzzer exited successfully. 1 means medusa encountered an unexpected error. 7 means that medusa encountered a failing test case.
• Renamed DeploymentOrder to TargetContracts and renamed AssertionModesConfig to PanicCodeConfig.
• Added a TargetContractBalances configuration parameter to allow target contracts to have starting ETH balances.
• Enabled all testing modes (assertion, property, and optimization) by default. The --assertion-mode and --optimization-mode flags were removed from the CLI. Testing modes can now be disabled only through the configuration file.
• Renamed the --target CLI flag to --compilation-target.
• Improved logging during fuzzer startup.
• Updated the behavior of TestAllContracts to only invoke functions within contracts specified in TargetContracts.
• Updated coverage reports to have any files that have non-zero coverage to be opened by default.
• Added a NoColor configuration parameter to disable colored CLI output.

Bug Fixes

• Fixed a memory leak in the test chain object that caused medusa to crash after a given period of time.
• Fixed a panic in the coverage tracer.
• Fixed an array out-of-bounds panic in coverage maps.
• Fixed a non-deterministic copy-length-based panic in the parseBytes32 cheatcode.
• Fixed the warp cheatcode to accept uint256 arguments.
• Fixed the CI to support Python 3.12.
• Fixed a bug within corpus call method resolution.

New Contributors

• Thank you to @Exca-DK for their first contribution (https://github.com/crytic/medusa/pull/222)

Full Changelog: https://github.com/crytic/medusa/compare/v0.1.2...v0.1.3

- Go
Published by anishnaik almost 2 years ago

https://github.com/crytic/medusa - v0.1.2

This marks a minor release of medusa. Version 0.1.2 brings updates to the EVM, support for console.log cheat codes, AST literal extraction, logging, and error handling.

What's Changed

• Added support for console.log cheat codes, enabling users to log on-chain information into medusa execution traces shown when a test failure occurs.
• Updated the underlying medusa-geth fork to target go-ethereum 1.12.0, enabling the Shanghai fork and use of Solidity 0.8.20, which leverages the newer PUSH0 opcode.
• Improved AST literal extraction and added denomination parsing. Constants such as 1e9, 1 ether, or 3 hours are now properly extracted, enabling better value generation.
• Updated the logger to improve upon error logging. Errors are now presented in a more intuitive manner to end users.
• Fixed a nil dereference when calling SetTarget, which would cause a crash if an invalid platform was set in the project config file and --target was provided.

Full Changelog: https://github.com/crytic/medusa/compare/v0.1.1...v0.1.2

- Go
Published by Xenomega over 2 years ago

https://github.com/crytic/medusa - v0.1.1

This marks the second release of medusa. Version 0.1.1 introduces coverage report generation, initial value shrinking logic, improved logging, and various fixes.

What's Changed

• Introduced initial coverage report generation. This produces a report showing coverage across a fuzzer run. Note: view/pure methods in Solidity are currently not called by the fuzzer and it does not capture property test call coverage.
• Added support for optimization mode: Similar to echidna's optimization mode, this mode returns a call sequence which maximizes a given value returned by a function call.
• Added extensions to the assertion testing mode. Users can now configure different panic codes that will trigger an assertion failure (e.g. arithmetic overflow).
• Introduced initial value shrinking. This will attempt to find more human-readable values to trigger a failure, after one has been discovered. This is currently used for a minimal number of iterations and will be further iterated on in a later release.
• Added colorized output to the CLI, with support for structured JSON logging (to be integrated in a later release).
• Added support for CLI autocompletion.
• Fixed an issue where the addr and sign cheatcodes may error.
• Fixed a panic that would occur when changing Solidity function input arguments between runs, by ensuring corpus validation on startup disables any outdated corpus items.
• Fixes an issue where some event defined outside of the immediate contract (e.g. through inheritance) would not be resolved in execution traces.
• Fixed a bug where arrays/slices would not properly copy during mutations.

Full Changelog: https://github.com/crytic/medusa/compare/v0.1.0...v0.1.1

- Go
Published by Xenomega over 2 years ago

https://github.com/crytic/medusa - v0.1.0

This marks the first initial public release of medusa. medusa is a cross-platform go-ethereum-based smart contract fuzzer. It provides parallelized fuzz testing of smart contracts through CLI, or its Go API that allows custom user-extended testing methodology.

This release includes many of our desired core features: parallelized coverage guided mutational fuzzing, assertion and property testing, EVM cheatcodes, testing of dynamically deployed smart contracts, execution traces for failed tests, and more.

Note: As the README states, medusa is still noted to be in an experimental phase, is subject to future breaking changes, and should not be used in production test environments.

To learn more about how to use medusa, check out our README or Wiki pages!

- Go
Published by Xenomega almost 3 years ago