v0.1.3

This marks a minor release of medusa. Version 0.1.3 brings fixes to a variety of critical and minor bugs, improvements in shrinking performance, improved logging, exit code standardization, and other quality-of-life improvements.

What's Changed

• Added a ShrinkLimit configuration parameter that bounds the number of iterations that the call sequence and value shrinking process executes for. This limits worker exhaustion on heavy-processing call sequences.
• Standardized medusa exit codes. 0 means the fuzzer exited successfully. 1 means medusa encountered an unexpected error. 7 means that medusa encountered a failing test case.
• Renamed DeploymentOrder to TargetContracts and renamed AssertionModesConfig to PanicCodeConfig.
• Added a TargetContractBalances configuration parameter to allow target contracts to have starting ETH balances.
• Enabled all testing modes (assertion, property, and optimization) by default. The --assertion-mode and --optimization-mode flags were removed from the CLI. Testing modes can now be disabled only through the configuration file.
• Renamed the --target CLI flag to --compilation-target.
• Improved logging during fuzzer startup.
• Updated the behavior of TestAllContracts to only invoke functions within contracts specified in TargetContracts.
• Updated coverage reports to have any files that have non-zero coverage to be opened by default.
• Added a NoColor configuration parameter to disable colored CLI output.

Bug Fixes

• Fixed a memory leak in the test chain object that caused medusa to crash after a given period of time.
• Fixed a panic in the coverage tracer.
• Fixed an array out-of-bounds panic in coverage maps.
• Fixed a non-deterministic copy-length-based panic in the parseBytes32 cheatcode.
• Fixed the warp cheatcode to accept uint256 arguments.
• Fixed the CI to support Python 3.12.
• Fixed a bug within corpus call method resolution.

New Contributors

• Thank you to @Exca-DK for their first contribution (#222)

Full Changelog: v0.1.2...v0.1.3

v0.1.2

This marks a minor release of medusa. Version 0.1.2 brings updates to the EVM, support for console.log cheat codes, AST literal extraction, logging, and error handling.

What's Changed

• Added support for console.log cheat codes, enabling users to log on-chain information into medusa execution traces shown when a test failure occurs.
• Updated the underlying medusa-geth fork to target go-ethereum 1.12.0, enabling the Shanghai fork and use of Solidity 0.8.20, which leverages the newer PUSH0 opcode.
• Improved AST literal extraction and added denomination parsing. Constants such as 1e9, 1 ether, or 3 hours are now properly extracted, enabling better value generation.
• Updated the logger to improve upon error logging. Errors are now presented in a more intuitive manner to end users.
• Fixed a nil dereference when calling SetTarget, which would cause a crash if an invalid platform was set in the project config file and --target was provided.

Full Changelog: v0.1.1...v0.1.2

v0.1.1

This marks the second release of medusa. Version 0.1.1 introduces coverage report generation, initial value shrinking logic, improved logging, and various fixes.

What's Changed

• Introduced initial coverage report generation. This produces a report showing coverage across a fuzzer run. Note: view/pure methods in Solidity are currently not called by the fuzzer and it does not capture property test call coverage.
• Added support for optimization mode: Similar to echidna's optimization mode, this mode returns a call sequence which maximizes a given value returned by a function call.
• Added extensions to the assertion testing mode. Users can now configure different panic codes that will trigger an assertion failure (e.g. arithmetic overflow).
• Introduced initial value shrinking. This will attempt to find more human-readable values to trigger a failure, after one has been discovered. This is currently used for a minimal number of iterations and will be further iterated on in a later release.
• Added colorized output to the CLI, with support for structured JSON logging (to be integrated in a later release).
• Added support for CLI autocompletion.
• Fixed an issue where the addr and sign cheatcodes may error.
• Fixed a panic that would occur when changing Solidity function input arguments between runs, by ensuring corpus validation on startup disables any outdated corpus items.
• Fixes an issue where some event defined outside of the immediate contract (e.g. through inheritance) would not be resolved in execution traces.
• Fixed a bug where arrays/slices would not properly copy during mutations.

Full Changelog: v0.1.0...v0.1.1

v0.1.0

This marks the first initial public release of medusa. medusa is a cross-platform go-ethereum-based smart contract fuzzer. It provides parallelized fuzz testing of smart contracts through CLI, or its Go API that allows custom user-extended testing methodology.

This release includes many of our desired core features: parallelized coverage guided mutational fuzzing, assertion and property testing, EVM cheatcodes, testing of dynamically deployed smart contracts, execution traces for failed tests, and more.

Note: As the README states, medusa is still noted to be in an experimental phase, is subject to future breaking changes, and should not be used in production test environments.

To learn more about how to use medusa, check out our README or Wiki pages!