Solana Fuzz Tester
Info
This is a beta version of the Solana Toolkit, and is still a WIP. Please post all feedback as a GitHub issue here.
Info
The Trident fuzz tester is still a WIP and currently only Anchor compatible may require some manual work to complete tests.
Initialize Fuzz Tests #
Navigate to an Anchor based workspace and run:
trident initThis command does the following:
- Builds the Anchor-based project.
- Reads the generated IDL.
- Based on the IDL creates the fuzzing template.
Define Fuzz Accounts #
Define AccountsStorage type for each Account you would like to use:
#[doc = r" Use AccountsStorage<T> where T can be one of:"]
#[doc = r" Keypair, PdaStore, TokenStore, MintStore, ProgramStore"]
#[derive(Default)]
pub struct FuzzAccounts {
author: AccountsStorage<Keypair>,
hello_world_account: AccountsStorage<PdaStore>,
// No need to fuzz system_program
// system_program: AccountsStorage<todo!()>,
}Implement Fuzz Instructions #
Each Instruction in the fuzz test has to have defined the following functions:
get_program_id()specifies which program the instruction belongs to. This function is automatically defined and should not need any updates. Its important to use especially if you have multiple programs in your workspace, allowing Trident to generate instruction sequences corresponding to different programs.get_data()specifies what instruction inputs are sent to the program instructions.get_accounts()specifies what accounts are sent to the program instructions.
Execute Fuzz Tests #
# Replace <TARGET_NAME> with the name of the
# fuzz test (for example: "fuzz_0")
trident fuzz run-hfuzz <TARGET_NAME>Debug Fuzz Tests #
# fuzzer will run the <TARGET_NAME> with the specified <CRASH_FILE_PATH>
trident fuzz debug-hfuzz <TARGET_NAME> <CRASH_FILE_PATH>For additional documentation go here.