Simple example program on Solana using the Trident fuzzer testing framework
- Anchor 0.30.0
- Solana
- Rust
- Trident
- Build the contracts
anchor build- Run the fuzzer until a crash (unnecessary, .fuzz file is already in repo)
trident fuzz run fuzz_0- Run Debugger
trident fuzz run-debug fuzz_0 PATH-TO-FUZZ.fuzz
## example:
trident fuzz run-debug fuzz_0 trident-tests/fuzz_tests/fuzzing/hfuzz_workspace/fuzz_0/SIGABRT.PC.7ffff7c7100b.STACK.1bd25de105.CODE.-6.ADDR.0.INSTR.mov____0x108(%rsp),%rax.fuzzIn lib.rs, we have initialize and update which stores a u64 inside of User. update should require the verify parameter to be divisible by 4, but instead it has a "typo" and checks if it is divisible by 5.
Now, looking at fuzz_instructions.rs, we are checking whether the call was valid through of the check() function, where we make sure that whatever verify passed in is divisible by 4 (which it will catch an error for).
The verify that was passed in is divisible by 5, which was caught by the check() function (which is run after every call of update) and then threw the DataMismatch error since it's not divisible by 4.
- This cannot be run on macOS on Apple Silicon; I used a GitHub Codepsace to run it and would recommend the same
- Refer to Trident documentation HERE