{"id":15162260,"url":"https://github.com/luisvid/staking-forge-fuzzing","last_synced_at":"2026-01-20T13:02:13.473Z","repository":{"id":235406791,"uuid":"790533339","full_name":"luisvid/staking-forge-fuzzing","owner":"luisvid","description":"Learn and experiment with Forge's property-based fuzz testing capabilities","archived":false,"fork":false,"pushed_at":"2024-05-03T03:18:17.000Z","size":36,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-08T03:23:53.888Z","etag":null,"topics":["blockchain","diligence-fuzzing","forge","foundry","fuzzing","solidity","staking","testing"],"latest_commit_sha":null,"homepage":"","language":"Solidity","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/luisvid.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-04-23T03:50:41.000Z","updated_at":"2024-05-03T03:18:20.000Z","dependencies_parsed_at":"2024-09-22T15:00:27.307Z","dependency_job_id":null,"html_url":"https://github.com/luisvid/staking-forge-fuzzing","commit_stats":null,"previous_names":["luisvid/staking-forge-fuzzing"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/luisvid/staking-forge-fuzzing","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/luisvid%2Fstaking-forge-fuzzing","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/luisvid%2Fstaking-forge-fuzzing/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/luisvid%2Fstaking-forge-fuzzing/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/luisvid%2Fstaking-forge-fuzzing/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/luisvid","download_url":"https://codeload.github.com/luisvid/staking-forge-fuzzing/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/luisvid%2Fstaking-forge-fuzzing/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28603404,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-20T12:01:53.233Z","status":"ssl_error","status_checked_at":"2026-01-20T12:01:46.545Z","response_time":117,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blockchain","diligence-fuzzing","forge","foundry","fuzzing","solidity","staking","testing"],"created_at":"2024-09-27T01:21:59.914Z","updated_at":"2026-01-20T13:02:13.453Z","avatar_url":"https://github.com/luisvid.png","language":"Solidity","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Fuzz Testing Exploration with a Staking Contract Project\n\n### Introduction\n\nThis project serves as an educational toolkit designed to explore **Forge's property-based fuzz testing** capabilities within the context of a Solidity-based staking contract. Fuzz testing, also known as fuzzing, is an automated testing technique that generates a large number of random inputs, or \"fuzz,\" to identify programming errors and security vulnerabilities that might otherwise go unnoticed.\n\nForge is a Solidity testing framework that is part of the Foundry toolchain, well-known for its advanced fuzz testing features. These features help developers ensure their smart contracts are resilient against a diverse range of input values. By adhering to property-based testing principles, Forge allows developers to define properties (expected behaviors) that should always hold true for any valid inputs, and its fuzzing engine attempts to generate test cases that challenge these properties.\n\nFor additional details on fuzz testing and its applications in Forge, refer to the Foundry documentation: [Forge Fuzz Testing](https://book.getfoundry.sh/forge/fuzz-testing).\n\n### Project Overview\n\nThe foundation of this project is [PaulRBerg's foundry-template](https://github.com/PaulRBerg/foundry-template), which provides a robust Foundry-based template for developing Solidity smart contracts with sensible defaults.\n\nThe core functionality of the Staking Contract allows users to deposit a specific ERC-20 token into the contract to earn rewards based on the duration and amount of their stake. The contract encompasses functionalities for staking tokens, unstaking tokens along with accrued interest, and querying staked balances and earned rewards.\n\n### Key Features\n\n1. **Token Staking**: Enables users to deposit (stake) tokens into the contract.\n2. **Unstaking and Claiming Rewards**: Allows users to withdraw their staked tokens along with any accrued rewards.\n3. **Reward Calculation**: Features a mechanism to calculate rewards based on the duration and amount of the stake.\n\n### Installation and Setup\n\nGet started with this project by following these steps:\n\n1. **Clone the repository**:\n   ```bash\n   git clone https://github.com/luisvid/staking-forge-fuzzing.git\n   ```\n\n2. **Install dependencies**:\n   ```bash\n   bun install\n   ```\n\n3. **Compile the contract**:\n   ```bash\n   forge build\n   ```\n\n4. **Run tests**:\n   ```bash\n   forge test\n   ```\n\n### Contracts\n\n#### `TestToken.sol`\n\nA simple ERC20 token utilized for testing the staking functionalities. This token:\n- Initially mints 1 million tokens for the deployer.\n- Includes functionality to mint new tokens to any address.\n\n#### `StakingContract.sol`\n\nThis contract allows users to stake ERC20 tokens (`TestToken`) and earn rewards based on the duration of their stake.\n\nFeatures:\n- Staking and unstaking tokens.\n- Calculating and claiming staking rewards.\n- Emitting events for staking, unstaking, and claiming rewards to ensure transparency.\n\n### Testing\n\nTests are implemented using Forge and focus on fuzz testing for the staking and unstaking functionalities. Execute the tests with the following commands:\n\n```bash\nforge test --match-path test/StakingContract.t.sol\nforge test --match-path test/StakingContractFuzz.t.sol\n```\n\n#### Key Test Scenarios\n\nDescriptions for each fuzz test in the `StakingContractFuzz.t.sol` test suite are as follows:\n\n1. **`test_FuzzStake(uint256 amount)`**:\n   - Verifies that the staking function robustly handles random staking amounts ranging from 1 to 1,000,000 tokens, ensuring the contract's token balance is reduced accordingly.\n\n2. **`test_FuzzUnstake(uint256 amount)`**:\n   - Initially stakes a random amount of tokens, then simulates 100 blocks to accrue rewards, and finally unstakes, verifying that the staked tokens and rewards are accurately returned, enhancing the final balance.\n\n3. **`testFuzz_StakeAndImmediateUnstake(uint256 amount)`**:\n   - Ensures that immediate unstaking after staking a random valid amount correctly reverts token balances to their original states, affirming that no tokens are lost.\n\n4. **`testFuzz_MultipleStakesSingleUnstake(uint256[] memory amounts)`**:\n   - Assesses the contract's capacity to manage multiple consecutive stakes and a single unstake, confirming the precise computation of accumulated rewards and the reflection of these in the final token balance.\n\n5. **`testFuzz_StakeRedeemInterleaved(uint256[] memory stakes, uint16 rolledBlocks)`**:\n   - Simulates a scenario with multiple stakes at different intervals and intermittent reward redemptions, checking the precision of reward calculations and the correct adjustment of the final token balance after all operations.\n\n### Development Notes\n\n- The contract and tests are intended for educational purposes and are not recommended for production use without further modifications, primarily due to their simplicity and the potential for security vulnerabilities.\n- Consider further optimizing the reward calculation mechanism to better align with specific business models or operational criteria.\n\nExplore various testing scenarios and refine the functionalities of your Staking Contract through this iterative process. This approach is essential for ensuring your contract's robustness and preparing it for practical deployment.\n\n## Bonus: Integrating Diligence Fuzzing\n\n[`Diligence Fuzzing`](https://consensys.io/diligence/fuzzing/) is an advanced fuzz testing tool developed by ConsenSys that aims to identify potential\nvulnerabilities in Ethereum smart contracts. By generating random inputs and testing them against the contract's logic,\nit helps uncover hidden issues that might not be easily caught through normal testing.\n\n#### Why Use Diligence Fuzzing?\n\nFuzzing is essential for ensuring the robustness of smart contracts by exposing them to a wide range of input\nconditions. Diligence Fuzzing offers:\n\n- Automated discovery of vulnerabilities.\n- Easy integration with Solidity and Foundry.\n- Comprehensive documentation and support.\n\n#### Getting Started with Diligence Fuzzing on Existing Foundry Projects\n\nTo integrate Diligence Fuzzing into your existing Foundry project and start fuzz testing your contracts, follow these\ndetailed steps based on the\n[official tutorial](https://fuzzing-docs.diligence.tools/getting-started/fuzzing-foundry-projects).\n\n1. **Install the CLI and Configure the API Key**\n   - Ensure Foundry is installed and make sure you’re at least python 3.6 and node 16. You can add Diligence Fuzzing to\n     your project by running:\n     ```bash\n     pip3 install diligence-fuzzing\n     ```\n2. **API Key**\n\n   - With the tools installed, you will need to generate an API for the CLI and add it to the `.env` file. The API keys\n     menu is [accessible here](https://fuzzing.diligence.tools/keys).\n\n3. **Running Fuzz Tests**\n\n   - Run your fuzz tests to see how your contract behaves under random conditions:\n     ```bash\n     fuzz forge test\n     ```\n   - This sequence compiles unit tests, automatically detects and collects test contracts, and submits them for fuzzing:\n\n     ```bash\n     $ fuzz forge test\n\n     🛠️  Parsing Foundry configuration\n     🛠️  Compiling tests\n     🛠️  Gathering test contracts\n     🛠️  Assembling and validating campaigns for submission\n     🛠️  Configuring the initial seed state\n     ⚡️ Launching fuzzing campaigns\n     You can track the progress of the campaign here: [Campaign Dashboard](https://fuzzing.diligence.tools/campaigns/cmp_ffcd3abf6b0640598c7cc7e436717xxx)\n     Done 🎉\n     ```\n\n   - Visit the provided URL to access the Campaign Dashboard where you can monitor detailed statistics and results of\n     the fuzzing process.\n\n#### Recommendations\n\n- **Consult the Official Documentation**: For comprehensive guidance and advanced techniques, visit the\n  [Diligence Fuzzing Documentation](https://fuzzing-docs.diligence.tools/getting-started/fuzzing-foundry-projects).\n- **Incorporate Regular Fuzz Testing**: Include fuzz testing in your regular testing routines to continuously improve\n  the security and reliability of your contracts.\n\nThis setup not only enhances your project’s testing capabilities but also deepens your understanding of smart contract\nsecurity practices.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fluisvid%2Fstaking-forge-fuzzing","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fluisvid%2Fstaking-forge-fuzzing","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fluisvid%2Fstaking-forge-fuzzing/lists"}