Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

panic: runtime error: index out of range #487

Open
bohendo opened this issue Sep 24, 2024 · 2 comments
Open

panic: runtime error: index out of range #487

bohendo opened this issue Sep 24, 2024 · 2 comments
Labels
bug Something isn't working high-priority

Comments

@bohendo
Copy link
Contributor

bohendo commented Sep 24, 2024

I'm running medusa at commit 95f69b4c7224851cc200631f728965b7e2ac5ebb.

Issue #231 is closely related, although the PR fixing that one doesn't seem to do the job here.

Issue #299 is also related, the error message is the same at least, but this bug also occurs if coverageEnabled is false.

cd ./pkg/vault && medusa fuzz
⇾ Reading the configuration file at: /Users/bohendo/audits/audit-balancer-v3-aug-2024/pkg/vault/medusa.json
warn Disabling coverage may limit efficacy of fuzzing. Consider enabling coverage for better results.
⇾ Compiling targets with crytic-compile
⇾ Running command:
crytic-compile . --export-format solc --foundry-out-directory=forge-artifacts --foundry-compile-all
⇾ Finished compiling targets in 1m21s
⇾ Initializing corpus
⇾ Setting up test chain
⇾ Finished setting up test chain
⇾ Running call sequences in the corpus
⇾ Finished running call sequences in the corpus in 35s
⇾ corpus: health: 60%, sequences: 734 (442 valid, 292 invalid)
⇾ Fuzzing with 10 workers
⇾ [NOT STARTED] Assertion Test: FuzzHarness.computeRemoveLiquiditySingleTokenExactIn(uint256,uint256,uint256,bool)
⇾ [NOT STARTED] Assertion Test: FuzzHarness.computeAddLiquidityUnbalanced(uint256[],uint256,bool)
⇾ [NOT STARTED] Assertion Test: FuzzHarness.computeProportionalAmountsOut(uint256,bool)
⇾ [NOT STARTED] Assertion Test: FuzzHarness.computeRemoveLiquiditySingleTokenExactOut(uint256,uint256,uint256,bool)
⇾ [NOT STARTED] Assertion Test: FuzzHarness.createNewStablePool(uint256,uint256[])
⇾ [NOT STARTED] Assertion Test: FuzzHarness.computeAddLiquiditySingleTokenExactOut(uint256,uint256,uint256,bool)
⇾ [NOT STARTED] Assertion Test: FuzzHarness.computeProportionalAmountsIn(uint256,bool)
⇾ [NOT STARTED] Assertion Test: FuzzHarness.computeRemoveAndAddLiquidityMultiToken(uint256,uint256,bool)
⇾ [NOT STARTED] Assertion Test: FuzzHarness.computeAddAndRemoveAddLiquidityMultiToken(uint256,uint256,bool)
⇾ [NOT STARTED] Assertion Test: FuzzHarness.computeAddAndRemoveLiquiditySingleToken(uint256,uint256,uint256,bool)
⇾ [NOT STARTED] Assertion Test: FuzzHarness.computeRemoveAndAddLiquiditySingleToken(uint256,uint256,uint256,bool)
⇾ [NOT STARTED] Assertion Test: FuzzHarness.createNewWeightedPool(uint256,uint256,uint256[])
⇾ [NOT STARTED] Optimization Test: FuzzHarness.optimize_bptProfit()

⇾ [NOT STARTED] Optimization Test: FuzzHarness.optimize_rateDecrease()

panic: runtime error: index out of range [16083] with length 16083

goroutine 30658 [running]:
github.com/crytic/medusa/fuzzing/coverage.(*CoverageMaps).UniquePCs(...)
	github.com/crytic/medusa/fuzzing/coverage/coverage_maps.go:269
github.com/crytic/medusa/fuzzing.(*Fuzzer).printMetricsLoop(0x14000255888)
	github.com/crytic/medusa/fuzzing/fuzzer.go:898 +0x15e8
created by github.com/crytic/medusa/fuzzing.(*Fuzzer).Start in goroutine 1
	github.com/crytic/medusa/fuzzing/fuzzer.go:791 +0xb30
@anishnaik anishnaik added bug Something isn't working high-priority labels Oct 15, 2024
@anishnaik anishnaik added this to the Release 0.1.9 milestone Oct 16, 2024
@bohendo
Copy link
Contributor Author

bohendo commented Oct 17, 2024

Hint: the fuzz harness in question has a helper function that deploys a contract, it's called from the constructor to setup part of the fuzz target. The panic occurs if this fn is made public so the fuzzer can call it & replace this contract w one that has new params. No panic occurs if this function is private & only run in the constructor.

@anishnaik
Copy link
Collaborator

Thanks @bohendo will take a look

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working high-priority
Projects
None yet
Development

No branches or pull requests

2 participants