medusa
's project configuration provides extensive and granular control over the execution of the fuzzer. The project
configuration is a .json
file that is broken down into five core components.
- Fuzzing Configuration: The fuzzing configuration dictates the parameters with which the fuzzer will execute.
- Testing Configuration: The testing configuration dictates how and what
medusa
should fuzz test. - Chain Configuration: The chain configuration dictates how
medusa
's underlying blockchain should be configured. - Compilation Configuration: The compilation configuration dictates how to compile the fuzzing target.
- Slither Configuration: The Slither configuration dictates whether Slither should be used in
medusa
and whether the results from Slither should be cached. - Logging Configuration: The logging configuration dictates when and where to log events.
To generate a project configuration file, run medusa init
.
You can also view this example project configuration file for visualization.
A common issue that first-time users face is identifying which configuration options to change. medusa
provides an
incredible level of flexibility on how the fuzzer should run but this comes with a tradeoff of understanding the nuances
of what configuration options control what feature. Outlined below is a list of configuration options that we recommend
you become familiar with and change before starting to fuzz test.
Note: Having an example project configuration file open will aid in visualizing which configuration options to change.
Updating this configuration option is required! The targetContracts
configuration option tells medusa
which contracts
to fuzz test. You can specify one or more contracts for this option which is why it accepts an array
of strings. Let's say you have a fuzz testing contract called TestStakingContract
that you want to test.
Then, you would set the value of targetContracts
to ["TestStakingContract"]
.
You can learn more about this option here.
Updating test limit is optional but recommended. Test limit determines how many transactions medusa
will execute before
stopping the fuzzing campaign. By default, the testLimit
is set to 0. This means that medusa
will run indefinitely.
While you iterate over your fuzz tests, it is beneficial to have a non-zero value. Thus, it is recommended to update this
value to 10_000
or 100_000
depending on the use case. You can learn more about this option here.
Updating the corpus directory is optional but recommended. The corpus directory determines where corpus items should be
stored on disk. A corpus item is a sequence of transactions that increased medusa
's coverage of the system. Thus, these
corpus items are valuable to store so that they can be re-used for the next fuzzing campaign. Additionally, the directory
will also hold coverage reports which is a valuable tool for debugging and validation. For most cases, you may set
corpusDirectory
's value to "corpus". This will create a corpus/
directory in the same directory as the medusa.json
file.
You can learn more about this option here.