Smart Contract Security - Debugging Fuzz Sequences

Support

--- ### Debugging Fuzz Sequences Alright! The moment of truth, let's run our test with: ```bash forge test --mt statefulFuzz_testInvariantBreaksHandler ``` ::image{src='/security-section-5/16-debugging-fuzz-sequences/debugging-fuzz-sequences1.png' style='width: 100%; height: auto;'} Oh no! Something went wrong. We can see `assertion violated` in the output, but there's not a lot of information. In situations like this, we should leverage the `-vvvv` flag. > `-vvvv` can be used to increase the _verbosity_ of an output, often providing additional data or insight. Let's try it again: ```bash forge test --mt statefulFuzz_testInvariantBreaksHandler -vvvv ``` A couple things stand out in this more robust output now (I've highlighted them in blue in the screenshot above). First, the error we're getting seems to be `ERC20InsufficientAllowance`. The reason seems to be that we're calling `transferFrom` on a random address. Whoops! It seems we didn't set our handler as the targetContract in our test - we only set the function selectors! Let's rectify this now. ```js function setUp() public { vm.startPrank(user); mockUSDC = new MockUSDC(); yieldERC20 = new YieldERC20(); startingAmount = yieldERC20.INITIAL_SUPPLY(); mockUSDC.mint(user, startingAmount); vm.stopPrank(); supportedTokens.push(IERC20(address(yieldERC20))); supportedTokens.push(IERC20(address(mockUSDC))); handlerStatefulFuzzCatches = new HandlerStatefulFuzzCatches(supportedTokens); handler = new Handler(handlerStatefulFuzzCatches, mockUSDC, yieldERC20, user); // HANDLER INITIALIZED bytes4[] memory selectors = new bytes4[](4); // SPECIFY SELECTORS TO FUZZ selectors[0] = handler.depositYieldERC20.selector; selectors[1] = handler.depositMockUSDC.selector; selectors[2] = handler.withdrawYieldERC20.selector; selectors[3] = handler.withdrawMockUSDC.selector; targetSelector(FuzzSelector({addr: address(handler), selectors: selectors})); // SET TARGET SELECTORS targetContract(address(handler)); // SET TARGET CONTRACT TO HANDLER } ``` Now let's try it. ::image{src='/security-section-5/16-debugging-fuzz-sequences/debugging-fuzz-sequences2.png' style='width: 100%; height: auto;'} Alright! It looks like we may have found something! We're seeing an error of `ERC20InsufficientBalance` when calling `withdrawToken` on `yieldERC20`. That's odd. Let's look at the `withdrawToken` function again. ```js function withdrawToken(IERC20 token) external requireSupportedToken(token) { uint256 currentBalance = tokenBalances[msg.sender][token]; tokenBalances[msg.sender][token] = 0; token.safeTransfer(msg.sender, currentBalance); } ``` Nothing out of the ordinary it seems, we're just calling `safeTransfer` on the token. Maybe we need to take a closer look at `YieldERC20.sol`. ```js // SPDX-License-Identifier: MIT pragma solidity 0.8.20; import {ERC20} from "@openzeppelin/contracts/token/ERC20/ERC20.sol"; contract YieldERC20 is ERC20 { uint256 public constant INITIAL_SUPPLY = 1_000_000e18; address public immutable owner; // We take a fee once every 10 transactions uint256 public count = 0; uint256 public constant FEE = 10; uint256 public constant USER_AMOUNT = 90; uint256 public constant PRECISION = 100; constructor() ERC20("MockYieldERC20", "MYIELD") { owner = msg.sender; _mint(msg.sender, INITIAL_SUPPLY); } /** * @dev Transfers a `value` amount of tokens from `from` to `to`, or alternatively mints (or burns) if `from` * (or `to`) is the zero address. All customizations to transfers, mints, and burns should be done by overriding * this function. * * Every 10 transactions, we take a fee of 10% and send it to the owner. */ function _update(address from, address to, uint256 value) internal virtual override { if (to == owner) { super._update(from, to, value); } else if (count >= 10) { uint256 userAmount = value * USER_AMOUNT / PRECISION; uint256 ownerAmount = value * FEE / PRECISION; count = 0; super._update(from, to, userAmount); super._update(from, owner, ownerAmount); } else { count++; super._update(from, to, value); } } } ``` Ah ha! This `_update` function is sending a 10% fee to the owner of YieldERC20 every 10 transactions. This is why our `withdrawTokens` function was throwing an `ERC20InsufficientBalance` error - `HandlerStatefulFuzzCatches.sol` doesn't have enough `YieldERC20` to pay the fee! This is actually a fairly common situation known is a `Fee on Transfer` token and they exist in a classification of vulnerabilities known as `Weird ERC20s`. We executed handler-based stateful fuzz testing in order to pinpoint this potential problem in our contract! This should clearly demonstrate how powerful a tool this method of fuzz testing can be. Let's recap everything we've learn about fuzzing.

Debugging Fuzz Sequences

Uncover a broken invariant and debug the output sequence of our fuzz testing in this TSwap lesson.

Solidity Developer

Smart Contract Security

Course Introduction

Duration: 25min

Section 1: Review

Duration: 1h 18min

Section 2: What is a smart contract audit

Duration: 35min

Section 3: Your First Audit | PasswordStore

Duration: 2h 28min

Section 4: Puppy raffle

Duration: 5h 03min

Section 5: TSwap

Duration: 5h 22min

1. Introduction

Learn to find bugs without code inspection. Topics include fuzzing, AMMs, constant product formula, Uniswap/Curve Finance concepts, and more. Duration: 5min

2. Phase 1: Scoping

Beginning our scoping phase of TSwap a fork of Uniswap V1. Duration: 9min

3. Primer On This Review

Learn about protocol invariance without code. Study DEXs & DeFi Security Reviews. Explore TSWAP Protocol Docs w/ Diagrams & Videos. Duration: 2min

4. What is a DEX?

Decentralized exchanges explained through Uniswap and TSwap Duration: 3min

5. What is an AMM?

We're walked through what an AMM is and how it works in DeFi. Duration: 10min

6. Liquidity Providers

An explanation on liquidity providers and the sources of AMM fees for traders. Duration: 11min

7. How AMMs Work

Patrick further details AMMs and how they function in this quick review on How AMMs Work. Duration: 5min

8. TSwap Recon Continued

TSwap - Create New Pools, Swap Tokens via Multiple Pools, Liquidity Providers. Duration: 3min

9. Invariant & Properties Introduction

In-depth explanation of blockchain protocol invariants and fuzz testing. Examples from ERC-20 & ERC-721 tokens. Duration: 3min

10. Stateful And Stateless Fuzzing

Patrick details the differences between stateful and stateless fuzz testing and how each can be used to break protocol invariants. Duration: 10min

11. Stateless And Stateful Fuzzing Practice

Patrick emphasizes the importance of practice to master stateful and stateless fuzz testing. Duration: 5min

12. Stateless Fuzzing

Patrick walks through stateless fuzzing to catch an invariant break in TSwap! Duration: 9min

13. Where Stateless Fuzzing Fails

Patrick walks through some testing failures and how Foundry can be configured to achieve better results. Duration: 11min

14. Fuzzing Where Method 1 Fails

Introduction to different methods of fuzzing when we have no luck with Method 1. Duration: 18min

15. Stateful Fuzzing Method 2

A second approach to stateful fuzzing by Patrick. Duration: 14min

16. Debugging Fuzz Sequences

Uncover a broken invariant and debug the output sequence of our fuzz testing in this TSwap lesson. Duration: 7min

17. Fuzzing Recap

Stateful/Stateless Fuzzing, Handler Method Importance, ERC20 Exploit, TSWAP Testing & Bugs. Duration: 2min

18. Weird Erc20s

Patrick discusses various ERC20 quirks that can affect a protocol's security including missing return values and fee-on-transfer tokens. Duration: 4min

19. Writing Stateful Fuzz Test Suite

Stateful Fuzzing & Manual Review for TSWAP Bugs Duration: 1min

20. Constant Product Formula Explained

Explore the constant product formula and test it's implementation in TSwap through Fuzz and Unit testing. Duration: 9min

21. Invariant.t.sol

Patrick walks us through the invariant testing we perform on TSwap in invariant.t.sol. Duration: 17min

22. Handler.t.sol

Implementing the deposit function within our testing handler. Duration: 18min

23. Handler Swap Function

Implementing the swap function within our testing handler. Duration: 12min

24. Final Invariant And Tweaks

Comparing Deltas in Handler Test - Quick Guide. Demonstrates how to set up and run an assertion test for deltas in a handler. Duration: 3min

25. Debugging The Fuzzer

Debug Solidity Test Failures with Foundry Duration: 8min

26. One Last Huzzah

Patrick explains how fuzz testing and formal verification methods can be used together to detect bugs in Solidity smart contracts. Duration: 10min

27. Notes On Invariants

Covers security tools like fuzzing, Echidna, and mutation/diff testing to detect issues stresses the importance of testing & learning from history. Duration: 4min

28. Recon: Manual Review Introduction

In this video, Patrick discusses the importance of manual codebase review along with tooling, specifically focusing on TSWAP pool. Duration: 2min

29. Slither

Patrick runs through using Slither on the TSwap repo. Duration: 2min

30. Aderyn

Using Cyfrin's Aderyn to find some non-critical bugs in TSwap! Duration: 2min

31. PoolFactory.sol

In this video, Patrick reviews PoolFactory.sol for TSwap liquidity pools, covering structure, functions, variables, bugs, and best practices. Duration: 6min

32. Manual Review: TSwapPool

Patrick discusses the security review of TSWAP pool in the context of Uniswap V1, He highlights a swap counting bug that breaks protocol invariants Duration: 3min

33. Using The Compiler As Static Analysis Tool

Importance is placed on addressing compiler warnings for potential issues and how they can help us in an audit scenario. Duration: 6min

34. Add Liquidity

Performing a manual review of the addLiquidity function and assessing risks found within! Duration: 8min

35. Remove Liquidity

Withdrawing Liquidity: Burning LP tokens to exchange for underlying money, parameters explained. Duration: 8min

36. swapExactInput

Understanding Swap Exact Input/Output & Protocol Checks in DeFi Duration: 6min

37. swapExactOutput

swapExactOutput lacks slippage protection for sudden price changes. Duration: 3min

38. sellPoolTokens

Sells pool tokens for WETH; business logic error: swap exact output instead of swap exact input. Duration: 2min

39. Checking The Last Few Functions

Patrick quickly skims the final few functions for vulnerabilities in TSwap. Duration: 2min

40. Phase 4: Reporting

Quick overview of reporting process - finding reports & appropriate tags. Multiple passes suggested for thoroughness. Duration: 5min

41. Reporting: Missing Deadline

TSWAP pool deposit function vulnerability. Deadline parameter accepted but unused, allowing MEV attacks during unfavourable market conditions. Medium impact. Duration: 4min

42. Reporting Continued

Patrick continues by showing how to report issues with examples and proofs to fix them. Duration: 10min

43. Reporting: No Slippage Protection

Slippage Protection Lacking in SwapExactOutput, Add Max Input for Safety. Patrick elaborates with a Proof-Of-Concept Scenario. Duration: 8min

44. Reporting: sellPoolTokens

Patrick highlights flawed SellPool tokens calculation. Recommends using swapExactInput & adding a MinWethToReceive w/Deadline to prevent exploitation. Duration: 4min

45. Reporting: Invariant Break & PoC

In this video, Patrick explains how to create a unit test that replicates a sequence found using fuzz testing to break an invariant. Duration: 9min

46. Reporting: Weird Erc20

Uniswap V1, TSWAP pool issues, breaks protocol invariance. Explore, and report weird ERC20s, DeFi vulnerabilities. Duration: 4min

47. Creating Pdf For Your Portfolio

Creating a PDF of your audit report to add to your GitHub portfolio! Show case your achievements! Duration: 4min

48. Recap

Recap things covered in this section. Common issues in DeFi: liquidity, price manipulation, governance attacks. Duration: 8min

49. Exercises

Learn smart contract security testing by coding a fuzz test, discover reentrancy attacks, share insights on Twitter. Upcoming sections explained. Duration: 3min

Section 6: Thunder Loan

Duration: 4h 33min

Section 7: Boss Bridge

Duration: 2h 01min

Section 8: MEV & Governance

Duration: 1h 40min