Deprecate flashloan v1 (#362)

* remove flashloan v1

* refactor token liquidation logic and evm executor

* remove useless tests

* add token config format

* bugfix

* clippy

* cargo fmt

* fix test

* fmt

* fix selling logic

* fmt

* revert token context changes

Cargo.toml

@@ -14,7 +14,6 @@ default = [
     "evm",
     "print_txn_corpus",
     "full_trace",
-    # "flashloan_v2",
 ]
 evm = []
 cmp = []

integration_test.py

@@ -56,20 +56,25 @@ def test_one(path):
     start_time = time.time()
     cmd = [
         TIMEOUT_BIN,
-        "3m",
+        "5s",
         "./target/release/ityfuzz",
         "evm",
         "-t",
         f"'{path}/*'",
         "-f",
         "--panic-on-bug",
     ]
-    print(" ".join(cmd))
     # exit(0)
 
     if "concolic" in path:
         cmd.append("--concolic --concolic-caller")
 
+    if "taint" in path:
+        cmd.append("--sha3-bypass")
+
+
+    print(" ".join(cmd))
+
     p = subprocess.run(
         " ".join(cmd), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True
     )

src/evm/concolic/concolic_host.rs

@@ -2,7 +2,6 @@ use std::{
     borrow::Borrow,
     collections::{HashMap, HashSet},
     fmt::{Debug, Display},
-    marker::PhantomData,
     ops::{Add, Div, Mul, Not, Sub},
     rc::Rc,
     sync::{Arc, Mutex, RwLock},
@@ -11,11 +10,7 @@ use std::{
 use bytes::Bytes;
 use itertools::Itertools;
 use lazy_static::lazy_static;
-use libafl::{
-    prelude::{HasMetadata, Input},
-    schedulers::Scheduler,
-    state::{HasCorpus, State},
-};
+use libafl::{prelude::HasMetadata, schedulers::Scheduler};
 use revm_interpreter::Interpreter;
 use serde::{Deserialize, Serialize};
 use tracing::{debug, error};
@@ -34,14 +29,12 @@ use crate::{
         concolic::expr::{simplify, ConcolicOp, Expr},
         corpus_initializer::SourceMapMap,
         host::FuzzHost,
-        input::{ConciseEVMInput, EVMInput, EVMInputT},
+        input::EVMInput,
         middlewares::middleware::{Middleware, MiddlewareType, MiddlewareType::Concolic},
         srcmap::parser::SourceMapLocation,
-        types::{as_u64, is_zero, EVMAddress, EVMU256},
+        types::{as_u64, is_zero, EVMAddress, EVMFuzzState, EVMU256},
     },
-    generic_vm::vm_state::VMStateT,
     input::VMInputT,
-    state::{HasCaller, HasCurrentInputIdx, HasItyState},
 };
 
 lazy_static! {
@@ -566,7 +559,7 @@ pub struct ConcolicCallCtx {
 }
 
 #[derive(Debug, Serialize, Deserialize)]
-pub struct ConcolicHost<I, VS> {
+pub struct ConcolicHost {
     pub symbolic_stack: Vec<Option<Box<Expr>>>,
     pub symbolic_memory: SymbolicMemory,
     pub symbolic_state: HashMap<EVMU256, Option<Box<Expr>>>,
@@ -576,14 +569,12 @@ pub struct ConcolicHost<I, VS> {
 
     pub ctxs: Vec<ConcolicCallCtx>,
     // For current PC, the number of times it has been visited
-    pub phantom: PhantomData<(I, VS)>,
-
     pub num_threads: usize,
     pub call_depth: usize,
 }
 
 #[allow(clippy::vec_box)]
-impl<I, VS> ConcolicHost<I, VS> {
+impl ConcolicHost {
     pub fn new(testcase_ref: Rc<EVMInput>, num_threads: usize) -> Self {
         Self {
             symbolic_stack: Vec::new(),
@@ -592,7 +583,6 @@ impl<I, VS> ConcolicHost<I, VS> {
             input_bytes: Self::construct_input_from_abi(testcase_ref.get_data_abi().expect("data abi not found")),
             constraints: vec![],
             testcase_ref,
-            phantom: Default::default(),
             ctxs: vec![],
             num_threads,
             call_depth: 0,
@@ -710,21 +700,11 @@ impl<I, VS> ConcolicHost<I, VS> {
     }
 }
 
-impl<I, VS, S, SC> Middleware<VS, I, S, SC> for ConcolicHost<I, VS>
+impl<SC> Middleware<SC> for ConcolicHost
 where
-    I: Input + VMInputT<VS, EVMAddress, EVMAddress, ConciseEVMInput> + EVMInputT + 'static,
-    VS: VMStateT,
-    S: State
-        + HasCaller<EVMAddress>
-        + HasCorpus
-        + HasItyState<EVMAddress, EVMAddress, VS, ConciseEVMInput>
-        + HasMetadata
-        + HasCurrentInputIdx
-        + Debug
-        + Clone,
-    SC: Scheduler<State = S> + Clone,
+    SC: Scheduler<State = EVMFuzzState> + Clone,
 {
-    unsafe fn on_step(&mut self, interp: &mut Interpreter, _host: &mut FuzzHost<VS, I, S, SC>, state: &mut S) {
+    unsafe fn on_step(&mut self, interp: &mut Interpreter, _host: &mut FuzzHost<SC>, state: &mut EVMFuzzState) {
         macro_rules! fast_peek {
             ($idx:expr) => {
                 interp.stack.data()[interp.stack.len() - 1 - $idx]
@@ -1389,8 +1369,8 @@ where
     unsafe fn on_return(
         &mut self,
         _interp: &mut Interpreter,
-        _host: &mut FuzzHost<VS, I, S, SC>,
-        _state: &mut S,
+        _host: &mut FuzzHost<SC>,
+        _state: &mut EVMFuzzState,
         _by: &Bytes,
     ) {
         self.pop_ctx();

src/evm/contract_utils.rs

@@ -37,7 +37,7 @@ use self::crypto::{digest::Digest, sha3::Sha3};
 use super::{
     blaz::{is_bytecode_similar_lax, is_bytecode_similar_strict_ranking},
     host::FuzzHost,
-    input::{ConciseEVMInput, EVMInput},
+    input::ConciseEVMInput,
     middlewares::cheatcode::{Cheatcode, CHEATCODE_ADDRESS},
     types::ProjectSourceMapTy,
     vm::{EVMExecutor, EVMState},
@@ -748,7 +748,7 @@ impl ContractLoader {
     fn get_vm_with_cheatcode(
         deployer: EVMAddress,
     ) -> (
-        EVMExecutor<EVMInput, EVMFuzzState, EVMState, ConciseEVMInput, StdScheduler<EVMFuzzState>>,
+        EVMExecutor<EVMState, ConciseEVMInput, StdScheduler<EVMFuzzState>>,
         EVMFuzzState,
     ) {
         let mut state: EVMFuzzState = FuzzState::new(0);

src/evm/corpus_initializer.rs

@@ -66,12 +66,12 @@ where
     SC: ABIScheduler<State = EVMFuzzState> + Clone,
     ISC: Scheduler<State = EVMInfantStateState>,
 {
-    executor: &'a mut EVMExecutor<EVMInput, EVMFuzzState, EVMState, ConciseEVMInput, SC>,
+    executor: &'a mut EVMExecutor<EVMState, ConciseEVMInput, SC>,
     scheduler: SC,
     infant_scheduler: ISC,
     state: &'a mut EVMFuzzState,
     #[cfg(feature = "use_presets")]
-    presets: Vec<&'a dyn Preset<EVMInput, EVMFuzzState, EVMState, SC>>,
+    presets: Vec<&'a dyn Preset<EVMInput, EVMState, SC>>,
     work_dir: String,
 }
 
@@ -178,7 +178,7 @@ where
     ISC: Scheduler<State = EVMInfantStateState>,
 {
     pub fn new(
-        executor: &'a mut EVMExecutor<EVMInput, EVMFuzzState, EVMState, ConciseEVMInput, SC>,
+        executor: &'a mut EVMExecutor<EVMState, ConciseEVMInput, SC>,
         scheduler: SC,
         infant_scheduler: ISC,
         state: &'a mut EVMFuzzState,
@@ -196,7 +196,7 @@ where
     }
 
     #[cfg(feature = "use_presets")]
-    pub fn register_preset(&mut self, preset: &'a dyn Preset<EVMInput, EVMFuzzState, EVMState, SC>) {
+    pub fn register_preset(&mut self, preset: &'a dyn Preset<EVMInput, EVMState, SC>) {
         self.presets.push(preset);
     }
 
@@ -328,7 +328,6 @@ where
                     .insert(contract.deployed_address, build_artifact.clone());
             }
 
-            #[cfg(feature = "flashloan_v2")]
             {
                 handle_contract_insertion!(
                     self.state,
@@ -454,9 +453,7 @@ where
             step: false,
             env: artifacts.initial_env.clone(),
             access_pattern: Rc::new(RefCell::new(AccessPattern::new())),
-            #[cfg(feature = "flashloan_v2")]
             liquidation_percent: 0,
-            #[cfg(feature = "flashloan_v2")]
             input_type: EVMInputTy::ABI,
             direct_data: Default::default(),
             randomness: vec![0],

src/evm/feedbacks.rs

@@ -10,73 +10,51 @@ use libafl::{
     executors::ExitKind,
     feedbacks::Feedback,
     observers::ObserversTuple,
-    prelude::{HasCorpus, HasMetadata, HasRand, State, Testcase, UsesInput},
+    prelude::Testcase,
     schedulers::Scheduler,
-    state::HasClientPerfMonitor,
     Error,
 };
 use libafl_bolts::Named;
 
+use super::{input::EVMInput, types::EVMFuzzState};
 use crate::{
-    evm::{
-        input::{ConciseEVMInput, EVMInputT},
-        middlewares::sha3_bypass::Sha3TaintAnalysis,
-        types::EVMAddress,
-        vm::EVMExecutor,
-    },
+    evm::{input::ConciseEVMInput, middlewares::sha3_bypass::Sha3TaintAnalysis, vm::EVMExecutor},
     generic_vm::vm_state::VMStateT,
     input::VMInputT,
-    state::{HasCaller, HasCurrentInputIdx, HasItyState},
 };
 
 /// A wrapper around a feedback that also performs sha3 taint analysis
 /// when the feedback is interesting.
 #[allow(clippy::type_complexity)]
-pub struct Sha3WrappedFeedback<I, S, VS, F, SC>
+pub struct Sha3WrappedFeedback<VS, F, SC>
 where
-    S: State + HasCorpus + HasCaller<EVMAddress> + Debug + Clone + HasClientPerfMonitor + 'static,
-    I: VMInputT<VS, EVMAddress, EVMAddress, ConciseEVMInput> + EVMInputT,
     VS: VMStateT,
-    F: Feedback<S>,
-    SC: Scheduler<State = S> + Clone,
+    F: Feedback<EVMFuzzState>,
+    SC: Scheduler<State = EVMFuzzState> + Clone,
 {
     pub inner_feedback: Box<F>,
     pub sha3_taints: Rc<RefCell<Sha3TaintAnalysis>>,
-    pub evm_executor: Rc<RefCell<EVMExecutor<I, S, VS, ConciseEVMInput, SC>>>,
+    pub evm_executor: Rc<RefCell<EVMExecutor<VS, ConciseEVMInput, SC>>>,
     pub enabled: bool,
 }
 
-impl<I, S, VS, F, SC> Feedback<S> for Sha3WrappedFeedback<I, S, VS, F, SC>
+impl<VS, F, SC> Feedback<EVMFuzzState> for Sha3WrappedFeedback<VS, F, SC>
 where
-    S: State
-        + HasRand
-        + HasCorpus
-        + HasItyState<EVMAddress, EVMAddress, VS, ConciseEVMInput>
-        + HasMetadata
-        + HasCaller<EVMAddress>
-        + HasCurrentInputIdx
-        + HasClientPerfMonitor
-        + Default
-        + Clone
-        + Debug
-        + UsesInput<Input = I>
-        + 'static,
-    I: VMInputT<VS, EVMAddress, EVMAddress, ConciseEVMInput> + EVMInputT + 'static,
     VS: VMStateT + 'static,
-    F: Feedback<S>,
-    SC: Scheduler<State = S> + Clone + 'static,
+    F: Feedback<EVMFuzzState>,
+    SC: Scheduler<State = EVMFuzzState> + Clone + 'static,
 {
     fn is_interesting<EM, OT>(
         &mut self,
-        state: &mut S,
+        state: &mut EVMFuzzState,
         manager: &mut EM,
-        input: &S::Input,
+        input: &EVMInput,
         observers: &OT,
         exit_kind: &ExitKind,
     ) -> Result<bool, Error>
     where
-        EM: EventFirer<State = S>,
-        OT: ObserversTuple<S>,
+        EM: EventFirer<State = EVMFuzzState>,
+        OT: ObserversTuple<EVMFuzzState>,
     {
         // checks if the inner feedback is interesting
         if self.enabled {
@@ -110,30 +88,28 @@ where
     #[allow(unused_variables)]
     fn append_metadata<OT>(
         &mut self,
-        state: &mut S,
+        state: &mut EVMFuzzState,
         observers: &OT,
-        testcase: &mut Testcase<S::Input>,
+        testcase: &mut Testcase<EVMInput>,
     ) -> Result<(), Error>
     where
-        OT: ObserversTuple<S>,
+        OT: ObserversTuple<EVMFuzzState>,
     {
         self.inner_feedback.as_mut().append_metadata(state, observers, testcase)
     }
 }
 
-impl<I, S, VS, F, SC> Sha3WrappedFeedback<I, S, VS, F, SC>
+impl<VS, F, SC> Sha3WrappedFeedback<VS, F, SC>
 where
-    S: State + HasCorpus + HasCaller<EVMAddress> + Debug + Clone + HasClientPerfMonitor + 'static,
-    I: VMInputT<VS, EVMAddress, EVMAddress, ConciseEVMInput> + EVMInputT,
     VS: VMStateT,
-    F: Feedback<S>,
-    SC: Scheduler<State = S> + Clone,
+    F: Feedback<EVMFuzzState>,
+    SC: Scheduler<State = EVMFuzzState> + Clone,
 {
     #[allow(clippy::type_complexity)]
     pub(crate) fn new(
         inner_feedback: F,
         sha3_taints: Rc<RefCell<Sha3TaintAnalysis>>,
-        evm_executor: Rc<RefCell<EVMExecutor<I, S, VS, ConciseEVMInput, SC>>>,
+        evm_executor: Rc<RefCell<EVMExecutor<VS, ConciseEVMInput, SC>>>,
         enabled: bool,
     ) -> Self {
         Self {
@@ -145,26 +121,22 @@ where
     }
 }
 
-impl<I, S, VS, F, SC> Named for Sha3WrappedFeedback<I, S, VS, F, SC>
+impl<VS, F, SC> Named for Sha3WrappedFeedback<VS, F, SC>
 where
-    S: State + HasCorpus + HasCaller<EVMAddress> + Debug + Clone + HasClientPerfMonitor + 'static,
-    I: VMInputT<VS, EVMAddress, EVMAddress, ConciseEVMInput> + EVMInputT,
     VS: VMStateT,
-    F: Feedback<S>,
-    SC: Scheduler<State = S> + Clone,
+    F: Feedback<EVMFuzzState>,
+    SC: Scheduler<State = EVMFuzzState> + Clone,
 {
     fn name(&self) -> &str {
         todo!()
     }
 }
 
-impl<I, S, VS, F, SC> Debug for Sha3WrappedFeedback<I, S, VS, F, SC>
+impl<VS, F, SC> Debug for Sha3WrappedFeedback<VS, F, SC>
 where
-    S: State + HasCorpus + HasCaller<EVMAddress> + Debug + Clone + HasClientPerfMonitor + 'static,
-    I: VMInputT<VS, EVMAddress, EVMAddress, ConciseEVMInput> + EVMInputT,
     VS: VMStateT,
-    F: Feedback<S>,
-    SC: Scheduler<State = S> + Clone,
+    F: Feedback<EVMFuzzState>,
+    SC: Scheduler<State = EVMFuzzState> + Clone,
 {
     fn fmt(&self, _f: &mut Formatter<'_>) -> Result<(), std::fmt::Error> {
         todo!()