Solana Fuzz Tester

This is a beta version of the Solana Toolkit, and is still a WIP. Please post all feedback as a GitHub issue here.

The Trident fuzz tester is still a WIP and currently only Anchor compatible may require some manual work to complete tests.

Initialize Fuzz Tests

Navigate to an Anchor based workspace and run:

trident init

This command does the following:

• Builds the Anchor-based project.
• Reads the generated IDL.
• Based on the IDL creates the fuzzing template.

Define Fuzz Accounts

Define AccountsStorage type for each Account you would like to use:

#[doc = r" Use AccountsStorage<T> where T can be one of:"]
#[doc = r" Keypair, PdaStore, TokenStore, MintStore, ProgramStore"]
#[derive(Default)]
pub struct FuzzAccounts {
    author: AccountsStorage<Keypair>,
    hello_world_account: AccountsStorage<PdaStore>,
    // No need to fuzz system_program
    // system_program: AccountsStorage<todo!()>,
}

Implement Fuzz Instructions

Each Instruction in the fuzz test has to have defined the following functions:

• get_program_id() specifies which program the instruction belongs to. This function is automatically defined and should not need any updates. Its important to use especially if you have multiple programs in your workspace, allowing Trident to generate instruction sequences corresponding to different programs.
• get_data() specifies what instruction inputs are sent to the program instructions.
• get_accounts() specifies what accounts are sent to the program instructions.

Execute Fuzz Tests

# Replace <TARGET_NAME> with the name of the
# fuzz test (for example: "fuzz_0")
trident fuzz run-hfuzz <TARGET_NAME>

Debug Fuzz Tests

# fuzzer will run the <TARGET_NAME> with the specified <CRASH_FILE_PATH>
trident fuzz debug-hfuzz <TARGET_NAME> <CRASH_FILE_PATH>

For additional documentation go here.

Additional Resources

• Fuzz Tester Source Code.