Support

## Stateless Fuzzing in Python We're going to start this lesson by learning how to write stateless fuzz tests. First, we need to understand what fuzz tests are and the difference between stateful and stateless fuzz tests. Stateful fuzz tests need to save state information, allowing them to be more complex, and stateless fuzz tests do not need to save state information. This means that stateless fuzz tests are typically simpler and easier to write, so that's what we're going to focus on first. Let's get started by creating a new folder called sub lesson. Inside of that folder, let's copy two files from our GitHub repository: * `stateful_fuzz_solvable.vy` * `stateless_fuzz_solvable.vy` These files contain code that we will use to write our fuzz tests. If we open the `stateless_fuzz_solvable.vy` file we'll see this code: ```python # pragma version 0.4.1 # title always_return_input @license MIT # notice INVARIANT: always_returns_input_number should always return the input number some_number: public(uint256) @external @pure def always_returns_input_number(input_number: uint256) -> uint256: @param input_number The input number to check if input_number == 2: return 0 return input_number ``` This is a very simple smart contract that has one function called `always_returns_input_number`. This function has an invariant that it should always return the same value that is passed into the function. We also see that there is an exception to this invariant, where the function returns 0 if it is passed the value of 2. Now, we're going to create a new file called `test_stateless.py`, which will contain our stateless fuzz tests. We need to start by importing the `pytest` and `hypothesis` libraries. Hypothesis comes included with Mocassin, which means that we can just import it directly. Let's also import the `StatelessFuzzSolvable` contract. We do this with these commands: ```python import pytest from contracts.sub_lesson import stateless_fuzz_solvable ``` Now, we need to create a fixture to deploy the smart contract: ```python @pytest.fixture(scope="function") def contract(): return stateless_fuzz_solvable.deploy() ``` This fixture will be used to deploy the contract before running each of our tests. To write our actual fuzz test we need to import the `given` function from hypothesis. ```python from hypothesis import given ``` Now, we can start writing our test! ```python @given(input=strategies.uint256) def test_always_returns_input(contract, input): print(input) assert contract.always_returns_input_number(input) == input ``` This test uses the `given` function from hypothesis to generate a random `uint256` value. Then we pass that value into the `always_returns_input_number` function and assert that it returns the same value. One important thing to note is that Hypothesis doesn't work well with fixtures. We're going to add a setting to our test that will allow it to function properly. ```python @settings(suppress_health_check=[HealthCheck.function_scoped_fixture]) ``` This setting tells Hypothesis to ignore the warning about using fixtures. Now, let's run this test and see the results. We will use this command to run the test: ```bash mox test -k test_always_returns_input -s ``` The `-s` flag allows us to see the output of the `print` function in the test. We'll see that Hypothesis has generated and tested a bunch of random `uint256` values and has found one example where the invariant is broken. This is because the function returns 0 when given the value of 2. This concludes our look at stateless fuzzing. We've successfully written a fuzz test that found a bug in our simple smart contract.

Stateless Fuzz

Course Overview

About the course

What you'll learn

Python basics

Introduction to Web3.py

Introduction to Titanoboa

Introduction to Moccasin

How to create an ERC-20

How to test Python code and Vyper smart contract

How to deploy Vyper smart contracts on ZKsync using Moccasin

Course Description

Who is this course for?

Software engineers
Web3 developers
Finance developers
AI developers
Everyone interested in learning Python and smart contracts

Potential Careers

Smart Contract Auditor

$100,000 - $200,000 (avg. salary)

On-chain Data Analyst

$59,000 - $139,000 (avg. salary)

DeFi Developer

$75,000 - $200,000 (avg. salary)

Smart Contract Engineer

$100,000 - $150,000 (avg. salary)

Web3 developer

$60,000 - $150,000 (avg. salary)

Web3 Developer Relations

$85,000 - $125,000 (avg. salary)

Meet your instructors

Patrick Collins

Founder at Cyfrin

Web3 engineer, educator, and Cyfrin co-founder. Patrick's smart contract development and security courses have helped hundreds of thousands of engineers kickstarting their careers into web3.

Last updated on April 21, 2025

Thanks for checking us out

Start learning for free

Start for free

Vyper

Intermediate Python and Vyper

Section 1: Python In Updraft

Duration: 2h 20min

Section 2: Web3py

Duration: 1h 51min

Section 3: Boa Favs

Duration: 58min

Section 4: Mox Favs

Duration: 2h 23min

Section 5: Mox Five

Duration: 53min

Section 6: Mox Coffee

Duration: 2h 24min

Section 7: Mox Html

Duration: 28min

Section 8: Mox Erc20

Duration: 1h 54min

1. Intro

A comprehensive introduction to building your own ERC20 token using Vyper and the Snekmate library. The lesson covers concepts like deploying tokens, importing libraries, testing, and even how to intentionally introduce a bug for testing purposes. Duration: 5min

2. Setup

A comprehensive introduction to setting up a fuzzing project using Mox. The lesson covers creating a new project directory, initializing it with a Python project structure, and exploring the initial files and configuration settings. Duration: 2min

3. Custom Pyproject

A comprehensive guide to project customization with pyproject.toml - Learn how to customize different aspects of your project, including folder names, dependencies, and more, using the pyproject.toml configuration file. Duration: 3min

4. What Is Erc20

A comprehensive explanation of ERC20s - This lesson explains the Ethereum Improvement Proposal (EIP) process, what ERC20s are, and how they are used to create tokens for smart contracts. Duration: 4min

5. Build It

A practical guide to building an ERC20 token on the Ethereum blockchain using Vyper. The lesson covers creating a basic ERC20 token contract and understanding the methods needed for its functionality. Duration: 2min

6. Mox Libs Git

A practical guide to using libraries for Vyper smart contracts. This lesson introduces the concept of libraries, how they function in Vyper, and how to install libraries from both GitHub and PyPI repositories, along with a demonstration of using them in your projects. Duration: 6min

7. Mox Libs Pypi

A comprehensive guide to installing and using third-party packages in a MoCcasin project. The lesson covers creating virtual environments, installing packages from PyPI, and working with dependencies in the `pyproject.toml` file. Duration: 6min

8. Mox Idk

A comprehensive guide to building a custom ERC20 token using the Snekmate framework. This lesson covers setting up a development environment, writing the contract, understanding the ERC20 standard, and implementing important functions like transfer and approve. Duration: 10min

9. Init Supply

A practical guide to setting the initial supply for your ERC20 token using the Snekmate library. The lesson covers the basics of defining an initial supply variable in your Vyper smart contract and using the `mint` function to create tokens. Duration: 1min

10. Built In Interfaces

A comprehensive guide to Vyper built-in interfaces. This lesson delves into the significance of these interfaces in ensuring a robust and secure development process for your contracts, emphasizing their importance in Vyper's compilation logic and token standards implementation. Duration: 2min

11. Deploy Scripts

A comprehensive guide to deploying a Vyper smart contract using a Python deployment script with Moccasin. The lesson covers importing the contract, setting up the initial supply, and running the script to deploy the contract to a local blockchain. Duration: 2min

12. Tests

A simple guide to writing a test for a Vyper smart contract using Python and Vyper. The lesson covers the basics of writing unit tests, testing total supply, and verifying the results using the "mox" test command. Duration: 2min

13. Events

A comprehensive guide to events and logging in Vyper smart contracts. This lesson covers how the EVM uses logs to store data, how events are used in Vyper and Brownie, and how to view events on Etherscan. Duration: 9min

14. Testing Events

A comprehensive guide to testing events and logs in Vyper smart contracts. The lesson covers reading logs to verify actions and using BoA's .env.prank to control the sender of a transaction and test events in a with context. Duration: 5min

15. Formatting

A comprehensive guide to formatting Vyper and Python code - This lesson introduces tools like Ruff and Mamushi to ensure clean, consistent code. You’ll learn how to automatically format your code for better readability and maintainability. Duration: 3min

16. Justfile

A helpful guide to using a Justfile in your Vyper development. The lesson covers how to create a Justfile and configure it to run common commands, such as formatting and linting your project code, making it easier to manage your development workflow. Duration: 2min

17. Vheaders

A practical guide to using Vheader for formatting code in your Vyper projects - Vheader is a tool that can help you automatically format your Vyper code, creating clear and consistent headers and sections that make your codebase much more readable. Vheader is available in Python and Rust. Duration: 2min

18. Fuzzing

A comprehensive introduction to fuzz testing for smart contracts. The lesson introduces fuzzing in the context of Vyper development and explores the concepts of stateless and stateful fuzzing. Duration: 11min

19. Stateless Fuzz

Duration: 11min

20. Stateful Fuzz

A practical guide to stateful fuzzing in smart contract testing. This lesson introduces the concept of stateful fuzzing and demonstrates how to create a stateful fuzzer using Python's hypothesis library. The video covers creating a class to manage state, defining actions and invariants, and executing the fuzzer to uncover bugs. Duration: 15min

21. Workshop

A challenging workshop on stateful fuzzing for ERC20 tokens. The lesson covers writing tests for a simple ERC20 token to achieve 80% coverage and then building a stateful fuzzer to identify bugs in the code. Duration: 3min

22. Rng

A helpful guide to random numbers in blockchain - This lesson covers the deterministic nature of blockchains and why true random numbers are difficult to implement. It also discusses using Chainlink VRF as a solution for programmatically provable randomness. Duration: 2min

23. Cei

A practical guide to understanding the CEI pattern for secure smart contracts. This lesson covers checks, effects, interactions, and reentrancy attacks to build secure and reliable smart contracts. Duration: 2min

24. Mox Console

A helpful overview of the Mocassin Console - This video teaches you how to use the Mocassin Console and how to interact with your blockchain projects directly from your terminal. Mocassin is a Titano-based Vyper smart contract development framework and the console feature is still in beta. Duration: 1min

25. Recap

A comprehensive recap of the Mocassin ERC20 section - This video lesson summarizes the key concepts covered in the Mocassin ERC20 section, including stateful and stateless fuzz testing, testing events, creating a token, and using tools like Snekmate, Mamushi, Ruff, Vheader, and Justfile to improve your workflow. Duration: 3min

Section 9: How To Get Hired