You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Besides Long time fetching slots reported here, for unknown reason it took extraordinary time to run onchain fuzzing on the even simpler test contract. Essentially there is only one uint256[] memory function and optimization function. The calls/s is always 0. I'm uncertain if zero calls per second is related to larger than normal number of slots fetched for this contract. As I have no control over number of slots fetched, it is best for you to investigate.
I didn't see similar issue on other contracts with uint256[] memory function. Hopefully you could shed some light on what's going on in the fuzzer for this simple contract.
// SPDX-License-Identifier: Unlicensepragma solidity^0.8.0;
interfaceIHevm {
// Set block.timestamp to newTimestampfunction warp(uint256newTimestamp) external;
// Set block.number to newNumberfunction roll(uint256newNumber) external;
// Loads a storage slot from an addressfunction load(addresswhere, bytes32slot) externalreturns (bytes32);
// Stores a value to an address' storage slotfunction store(addresswhere, bytes32slot, bytes32value) external;
// Signs data (privateKey, digest) => (r, v, s)function sign(
uint256privateKey,
bytes32digest
) externalreturns (uint8r, bytes32v, bytes32s);
// Gets address for a given private keyfunction addr(uint256privateKey) externalreturns (addressaddr);
// Performs a foreign function call via terminalfunction ffi(
string[] calldatainputs
) externalreturns (bytesmemoryresult);
// Performs the next smart contract call with specified `msg.sender`function prank(addressnewSender) external;
}
IHevm constant cheats =IHevm(0x7109709ECfa91a80626fF3989D68f67F5b1DD12D);
test.sol
pragma solidity^0.8.0;
// Shared libraryimport"./Hevm.sol";
contractDSTest {
event log (string);
event logs (bytes);
event log_address (address);
event log_bytes32 (bytes32);
event log_int (int);
event log_uint (uint);
event log_bytes (bytes);
event log_string (string);
event log_named_address (stringkey, addressval);
event log_named_bytes32 (stringkey, bytes32val);
event log_named_decimal_int (stringkey, intval, uintdecimals);
event log_named_decimal_uint (stringkey, uintval, uintdecimals);
event log_named_int (stringkey, intval);
event log_named_uint (stringkey, uintval);
event log_named_bytes (stringkey, bytesval);
event log_named_string (stringkey, stringval);
boolpublic IS_TEST =true;
boolprivate _failed;
addressconstant HEVM_ADDRESS =address(bytes20(uint160(uint256(keccak256('hevm cheat code')))));
modifier mayRevert() { _; }
modifier testopts(stringmemory) { _; }
function failed() publicreturns (bool) {
if (_failed) {
return _failed;
} else {
bool globalFailed =false;
if (hasHEVMContext()) {
(, bytesmemoryretdata) = HEVM_ADDRESS.call(
abi.encodePacked(
bytes4(keccak256("load(address,bytes32)")),
abi.encode(HEVM_ADDRESS, bytes32("failed"))
)
);
globalFailed =abi.decode(retdata, (bool));
}
return globalFailed;
}
}
function fail() internalvirtual {
if (hasHEVMContext()) {
(boolstatus, ) = HEVM_ADDRESS.call(
abi.encodePacked(
bytes4(keccak256("store(address,bytes32,bytes32)")),
abi.encode(HEVM_ADDRESS, bytes32("failed"), bytes32(uint256(0x01)))
)
);
status; // Silence compiler warnings
}
_failed =true;
}
function hasHEVMContext() internalviewreturns (bool) {
uint256 hevmCodeSize =0;
assembly {
hevmCodeSize :=extcodesize(0x7109709ECfa91a80626fF3989D68f67F5b1DD12D)
}
return hevmCodeSize >0;
}
modifier logs_gas() {
uint startGas =gasleft();
_;uint endGas =gasleft();
emitlog_named_uint("gas", startGas - endGas);
}
}
interfaceIGebUniswapV3KeeperFlashProxyETH {
receive() externalpayable;
function bid(uint256auctionId, uint256amount) external;
function liquidateAndSettleSAFE(addresssafe) externalreturns (uint256auction);
function multipleBid(uint256[] memoryauctionIds, uint256[] memoryamounts) external;
function settleAuction(uint256auctionId) external;
function settleAuction(uint256[] memoryauctionIds) external;
function uniswapV3SwapCallback(int256_amount0, int256_amount1, bytesmemory_data) external;
function ONE() externalviewreturns (uint256unknown_ret_var_1);
function ZERO() externalviewreturns (uint256unknown_ret_var_1);
function auctionHouse() externalviewreturns (addressunknown_ret_var_1);
function caller() externalviewreturns (addressunknown_ret_var_1);
function coin() externalviewreturns (addressunknown_ret_var_1);
function coinJoin() externalviewreturns (addressunknown_ret_var_1);
function collateralType() externalviewreturns (bytes32unknown_ret_var_1);
function ethJoin() externalviewreturns (addressunknown_ret_var_1);
function liquidationEngine() externalviewreturns (addressunknown_ret_var_1);
function safeEngine() externalviewreturns (addressunknown_ret_var_1);
function uniswapPair() externalviewreturns (addressunknown_ret_var_1);
function weth() externalviewreturns (addressunknown_ret_var_1);
}
contracttestisDSTest {
IGebUniswapV3KeeperFlashProxyETH constant GebUniswapv3KeeperFlashProxyETH =IGebUniswapV3KeeperFlashProxyETH(payable(0xcDCE3aF4ef75bC89601A2E785172c6B9f65a0aAc));
IGebUniswapV3KeeperFlashProxyETH victim_contract_object = GebUniswapv3KeeperFlashProxyETH;
addresspublic initial_victim_auctionHouse_owner = victim_contract_object.auctionHouse();
constructor() payable {
// WARNING: Value must be in sync with echidna-config.yaml// Block Number
cheats.roll(19305256);
// Block Timestamp
cheats.warp(1708872023);
}
function victim_settleAuction(uint256[] memoryauctionIds) public {
victim_contract_object.settleAuction(auctionIds);
}
function echidna_optimize__victim_auctionHouse_owner() publicreturns (bool) {
// Condition of vulnerabilityreturn initial_victim_auctionHouse_owner != victim_contract_object.auctionHouse();
}
}
Command:
echidna test.sol --contract test --config echidna-config.yaml
Version:
Echidna 2.2.2
0.10.1
Relevant log output:
Observation: While the Calls/s remains at 0, the number of Fetched Slots are keep increasing as time passing by.
The text was updated successfully, but these errors were encountered:
Describe the issue:
Hi admin,
Besides Long time fetching slots reported here, for unknown reason it took extraordinary time to run onchain fuzzing on the even simpler
test
contract. Essentially there is only oneuint256[] memory
function and optimization function. The calls/s is always 0. I'm uncertain if zero calls per second is related to larger than normal number of slots fetched for this contract. As I have no control over number of slots fetched, it is best for you to investigate.I didn't see similar issue on other contracts with
uint256[] memory
function. Hopefully you could shed some light on what's going on in the fuzzer for this simple contract.Code example to reproduce the issue:
echidna-config.yaml
Hevm.sol
test.sol
Command:
echidna test.sol --contract test --config echidna-config.yaml
Version:
Echidna 2.2.2
0.10.1
Relevant log output:
Observation: While the Calls/s remains at 0, the number of Fetched Slots are keep increasing as time passing by.
The text was updated successfully, but these errors were encountered: