The fuzz
command will initiate a fuzzing campaign:
medusa fuzz [flags]
The --config
flag allows you to specify the path for your project configuration
file. If the --config
flag is not used, medusa
will look for a medusa.json
file in the
current working directory.
# Set config file path
medusa fuzz --out myConfig.json
The --compilation-target
flag allows you to specify the compilation target. If you are using crytic-compile
, please review the
warning here about changing the compilation target.
# Set compilation target
medusa fuzz --target TestMyContract.sol
The --workers
flag allows you to update the number of threads that will perform parallelized fuzzing (equivalent to
fuzzing.workers
)
# Set workers
medusa fuzz --workers 20
The --timeout
flag allows you to update the duration of the fuzzing campaign (equivalent to
fuzzing.timeout
)
# Set timeout
medusa fuzz --timeout 100
The --test-limit
flag allows you to update the number of transactions to run before stopping the fuzzing campaign
(equivalent to fuzzing.testLimit
)
# Set test limit
medusa fuzz --test-limit 100000
The --seq-len
flag allows you to update the length of a call sequence (equivalent to
fuzzing.callSequenceLength
)
# Set sequence length
medusa fuzz --seq-len 50
The --target-contracts
flag allows you to update the target contracts for fuzzing (equivalent to
fuzzing.targetContracts
)
# Set target contracts
medusa fuzz --target-contracts "TestMyContract, TestMyOtherContract"
The --corpus-dir
flag allows you to set the path for the corpus directory (equivalent to
fuzzing.corpusDirectory
)
# Set corpus directory
medusa fuzz --corpus-dir corpus
The --senders
flag allows you to update medusa
's senders (equivalent to
fuzzing.senderAddresses
)
# Set sender addresses
medusa fuzz --senders "0x50000,0x60000,0x70000"
The --deployer
flag allows you to update medusa
's contract deployer (equivalent to
fuzzing.deployerAddress
)
# Set deployer address
medusa fuzz --deployer "0x40000"
The --trace-all
flag allows you to retrieve an execution trace for each element of a call sequence that triggered a test
failure (equivalent to
testing.traceAll
# Trace each call
medusa fuzz --trace-all
The --no-color
flag disables colored console output (equivalent to
logging.NoColor
)
# Disable colored output
medusa fuzz --no-color