SRLabs: initialize fuzzing harness (polkadot-evm#1677)

* SRLabs: initialize fuzzer

* update license

* fmt

* fmt

* lint

* auth list

* clippy

* allow uppercase acronyms

* clippy

* clippy

Author: R9295

Cargo.toml

@@ -52,6 +52,7 @@ members = [
 	"precompiles",
 	"precompiles/macro",
 	"precompiles/tests-external",
+	"template/fuzz",
 ]
 resolver = "2"
 

template/fuzz/.gitignore

@@ -0,0 +1,2 @@
+output
+target

template/fuzz/Cargo.toml

@@ -0,0 +1,31 @@
+[package]
+name = "fuzz"
+version = "0.1.0"
+authors.workspace = true
+edition.workspace = true
+repository.workspace = true
+
+[dependencies]
+arbitrary = { version = "1.4.1", features = ["derive"] }
+evm = { workspace = true }
+frame-system = { workspace = true }
+fuzzed_runtime = { path = "../runtime", package = "frontier-template-runtime" }
+hex.workspace = true
+pallet-balances = { workspace = true }
+pallet-evm = { workspace = true }
+sp-consensus-aura = { workspace = true }
+sp-core = { workspace = true }
+sp-runtime = { workspace = true }
+sp-state-machine = { workspace = true }
+ziggy = { version = "1.3.2", default-features = false }
+[features]
+fuzzing = []
+default = ["std"]
+std = [
+	"fuzzed_runtime/std",
+	"sp-runtime/std",
+	"sp-state-machine/std",
+	"sp-consensus-aura/std",
+	"sp-core/std",
+	"pallet-evm/std",
+]

template/fuzz/README.md

@@ -0,0 +1,23 @@
+## Approach to fuzzing
+This fuzzing harness uses a "structure-aware" approach by using [arbitrary](https://github.com/rust-fuzz/arbitrary) to fuzz the Runtime.
+
+The harness has multiple substrate invariants, but two frontier specific ones:
+1. The proof size must never exceed the supplied max proof size
+4. The execution time MUST be within a reasonable thresold.
+
+Important notes:
+1. Since the fuzzing happens in ``debug`` mode, the EVM execution will be notably slower. Set a reasonably high timeout, five or six seconds is a good starter.
+2. You will need to use ``SKIP_WASM_BUILD=1`` to fuzz due to some polkadot-sdk wasm conflicts.
+
+## Orchestrating the campaign
+Fuzzing is orchestrated by [ziggy](https://github.com/srlabs/ziggy/).
+
+It uses [AFL++](https://github.com/AFLplusplus/AFLplusplus/) and [honggfuzz](https://github.com/google/honggfuzz) under the hood.
+
+Please refer to its documentation for details.
+
+Quickstart command to fuzz:
+
+``` bash
+SKIP_WASM_BUILD=1 cargo ziggy fuzz -j$(nproc) -t5
+```