{"id":13578536,"url":"https://github.com/fuzzland/ityfuzz","last_synced_at":"2025-04-05T19:33:14.032Z","repository":{"id":153200041,"uuid":"557020771","full_name":"fuzzland/ityfuzz","owner":"fuzzland","description":"Blazing Fast Bytecode-Level Hybrid Fuzzer for Smart Contracts","archived":false,"fork":false,"pushed_at":"2024-04-11T01:10:59.000Z","size":3571,"stargazers_count":592,"open_issues_count":40,"forks_count":82,"subscribers_count":9,"default_branch":"master","last_synced_at":"2024-04-14T01:58:41.478Z","etag":null,"topics":["aptos","blockchain","concolic-execution","ethereum","evm","fuzzing","move","smart-contracts","solidity","sui"],"latest_commit_sha":null,"homepage":"https://docs.ityfuzz.rs","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fuzzland.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2022-10-25T00:09:33.000Z","updated_at":"2024-06-05T05:00:33.117Z","dependencies_parsed_at":"2024-01-26T07:25:02.345Z","dependency_job_id":"8ae2d16d-11a7-407d-a5d1-6a00a4b30600","html_url":"https://github.com/fuzzland/ityfuzz","commit_stats":null,"previous_names":[],"tags_count":86,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fuzzland%2Fityfuzz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fuzzland%2Fityfuzz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fuzzland%2Fityfuzz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fuzzland%2Fityfuzz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fuzzland","download_url":"https://codeload.github.com/fuzzland/ityfuzz/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247393051,"owners_count":20931803,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aptos","blockchain","concolic-execution","ethereum","evm","fuzzing","move","smart-contracts","solidity","sui"],"created_at":"2024-08-01T15:01:31.604Z","updated_at":"2025-04-05T19:33:14.013Z","avatar_url":"https://github.com/fuzzland.png","language":"Rust","readme":"# 🍦 ItyFuzz\n![Demo](https://ityfuzz.assets.fuzz.land/demo-out.png)\n\n[\\[Docs\\]](https://docs.ityfuzz.rs) /\n[\\[Research Paper\\]](https://dl.acm.org/doi/pdf/10.1145/3597926.3598059) / \n[\\[Twitter\\]](https://twitter.com/fuzzland_) / \n[\\[Discord\\]](https://discord.com/invite/qQa436VEwt) / \n[\\[Telegram\\]](https://t.me/fuzzland) \n\n\n\nItyFuzz is a blazing-fast EVM and MoveVM smart contract hybrid fuzzer that combines symbolic execution and fuzzing to find bugs in smart contracts offchain and onchain. \n\n## Install\n```\ncurl -L https://ity.fuzz.land/ | bash\nityfuzzup\n```\n\n## Example\n#### Fuzzing Deployed Smart Contract\n\nGenerating full exploit to steal funds from a [contract](https://polygonscan.com/address/0x5d6c48f05ad0fde3f64bab50628637d73b1eb0bb) with flashloan + read-only reentrancy vulnerability on Polygon.\n\n```bash\n# Fork Polygon at block 35718198 and fuzz the contract\nETH_RPC_URL=https://polygon-rpc.com ityfuzz evm\\\n    -t 0xbcf6e9d27bf95f3f5eddb93c38656d684317d5b4,0x5d6c48f05ad0fde3f64bab50628637d73b1eb0bb\\\n    -c polygon\\\n    --flashloan\\\n    --onchain-block-number 35718198\\\n    --onchain-etherscan-api-key TR24XDQF35QCNK9PZBV8XEH2XRSWTPWFWT # \u003c-- Get your own API key at https://polygonscan.com/apis if this one is rate limited \n```\n\n#### Foundry Invariant Test\nRun a Foundry invariant test defined in `Invariant` contract in `test/Invariant.sol`.\n\n```bash\n# Replaces: forge test --mc test/Invariant.sol:Invariant\nityfuzz evm -m test/Invariant.sol:Invariant -- forge test\n```\n\nFor other examples and usages, check out the [docs](https://docs.ityfuzz.rs).\n\n## Performance\nOn large real-world smart contract projects, ItyFuzz finds 126 vulnerabilities while Echidna finds 0 and Mythril finds 9. For details, refer to [backtesting](https://docs.ityfuzz.rs/tutorials/exp-known-working-hacks), [research paper](https://dl.acm.org/doi/pdf/10.1145/3597926.3598059), and [new bugs discovered](#bugs-found).\n\nOn small real-world smart contracts (ERC20, lottery, etc.), ItyFuzz gains 10% more test coverage than academia state-of-the-art fuzzer SMARTIAN using 1/30 of the time.\n\u003cp align=\"middle\"\u003e\n    \u003cimg src=\"https://ityfuzz.assets.fuzz.land/ityfuzz3.png\" width=\"49%\"\u003e\n    \u003cimg src=\"https://ityfuzz.assets.fuzz.land/ityfuzz1.png\" width=\"49%\"\u003e\n\u003c/p\u003e\n\nOn Consensys's [Daedaluzz](https://github.com/Consensys/daedaluzz) benchmark, ItyFuzz *without symbolic execution* finds 44% more bugs than Echidna and 31% more bugs than Foundry. ItyFuzz is also 2.5x faster than Echidna and 1.5x faster than Foundry.\n\n\u003cp align=\"middle\"\u003e\n    \u003cimg src=\"https://ityfuzz.assets.fuzz.land/daedaluzz-bar.jpeg\" width=\"49%\"\u003e\n    \u003cimg src=\"https://ityfuzz.assets.fuzz.land/FvRIuhfWwAEdBBz.jpg\" width=\"49%\"\u003e\n\u003c/p\u003e\n\n## Features\n\n* **Chain forking** to fuzz contracts on any chain at any block number.\n* **Accurate exploit generation** for precision loss, integer overflow, fund stealing, Uniswap pair misuse etc.\n* **Reentrancy support** to concretely leverage potential reentrancy opportunities for exploring more code paths.\n* **Blazing fast power scheduling** to prioritize fuzzing on code that is more likely to have bugs.\n* **Symbolic execution** to generate test cases that cover more code paths than fuzzing alone.\n* **Flashloan support** assuming attackers have infinite funds to exploit flashloan vulnerabilities.\n* **Liquidation support** to simulate buying and selling any token from liquidity pools during fuzzing.\n* **Decompilation support** for fuzzing contracts without source code.\n* **Supports complex contracts initialization** using Foundry setup script, forking Anvil RPC, or providing a JSON config file.\n* Backed by SOTA fuzzing engine [LibAFL](https://github.com/AFLplusplus/LibAFL).\n\n## Bugs Found\n\nSelected new vulnerabilities found:\n\n| Project | Vulnerability | Assets at Risks |\n| --- | --- | --- |\n| BSC $rats NFT | Integer overflow leading to unlimited minting | $79k |\n| 9419 Token | Incorrect logic leading to price manipulation | $35k |\n| BSC Mevbot | Unguarded DPPFlashLoanCall | $19k |\n| FreeCash | Incorrect logic leading to price manipulation | $12k |\n| 0xnoob Token | Incorrect logic leading to price manipulation | $7k |\n| Baby Wojak Token | Incorrect logic leading to price manipulation | $4k |\n| Arrow | Incorrect position logic leading to fund loss | Found During Audit |\n\nItyFuzz can automatically generate exploits for \u003e80% of previous hacks without any knowledge of the hack. \nRefer to [backtesting](https://docs.ityfuzz.rs/tutorials/exp-known-working-hacks) for running previously hacked protocols.\n\n\n## Sponsors \u0026 Grants\n* [Manifold Finance](https://www.manifoldfinance.com/)\n* [Sui](https://sui.io/)\n","funding_links":[],"categories":["Rust","Fuzzing Software","Tools","Fuzzing Tools"],"sub_categories":["Emerging/Specialized Fuzzers"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffuzzland%2Fityfuzz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffuzzland%2Fityfuzz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffuzzland%2Fityfuzz/lists"}