Debugging "contract deployment tx returned a failed status: execution reverted module=fuzzer"

[rappie]

❯ medusa fuzz
⇾ Reading the configuration file at: ./medusa.json
⇾ Compiling targets with crytic-compile module=fuzzer
error Failed to initialize the test chain
‣ contract deployment tx returned a failed status: execution reverted module=fuzzer

How do I debug this? 🙂

[aviggiano]

I was having a similar bug, it seems like it is an issue with your constructor

Try commenting parts of the logic inside it until you figure out what's causing the revert

[rappie]

Thanks.

I think it is because my constructor needs a starting balance: #213

It would be nice to have a bit more verbose error reporting for reverts in the constructor 🙂

[aviggiano]

I think you maybe need to set it as constructor() payable?

[rappie]

Yes i have it as payable, it works in Echidna.

Gustavo Grieco confirmed there is no starting balance yet, so i'm quite confident this must be the reason, I just didn't fully narrow it down.

[anishnaik]

Hey guys, currently medusa does not support payable constructors. We will add this feature ASAP.

A decent workaround would be to have a func like this:

func getEther() public payable {
    address(this).transfer(1 ether);
}

At some point medusa will call this and your contract will have ether. You can then have a precondition in the fuzz tests to ensure that your contract has some balance to continue fuzz testing.

[anishnaik]

@rappie + @aviggiano feel free to try out this branch for payable constructors:
https://github.com/crytic/medusa/tree/dev/merge-assertion-and-property-mode

The logic works as follows. The config file now holds a new config option called TargetContractsBalances. This option is an array where each index in the array maps to a contract in the TargetContracts array (note that TargetContracts used to originally be called deploymentOrder).

Here is an example:
Let's say that targetContracts is [a, b, c] and you want to send c 1 ether. Then your targetContractsBalances will be [0, 0, 1e18]. Similarly, if you want to send b 2 ether and c 1 ether then the array will be [0, 2e18, 1e18]

Hope that makes sense and please let me know if you guys have any issues with that branch.

[aviggiano]

@anishnaik thanks,
I'm still blocked by #211, but I'll try this feature out in other projects when I have opportunity

[anishnaik]

@aviggiano yup we're still looking into that one. Our current theory is that it is because of the inlined bytecode that comes from the create3 library or that we are incorrectly handling create2 calls / metamorphic contracts when tracking coverage. Will try to triage that asap.

[aviggiano]

@anishnaik

FYI, regarding targetContractsBalances, I wasn't able to use e18 notation

		"targetContractsBalances": [
			"3e24"
		],

I was getting the following error:

[I] ➜ medusa fuzz
⇾ Reading the configuration file at: medusa.json
error Failed to run the fuzz command
‣ json: cannot unmarshal hex string without 0x prefix into Go struct field ProjectConfig.fuzzing of type *hexutil.Big

Then, when I converted the number to hex value, it worked

		"targetContractsBalances": [
			"0x27b46536c66c8e3000000"
		],

But I guess the other notation is better, so there might be a type conversion issue.

[anishnaik]

@aviggiano that's a good point - I will update the PR the accept arguments such as "3e24"

[Renzo1]

I am using Recon to setup and test my contract, but I still run into this error. It's odd because, Recon implements the above in its config file by default. Everything compiles and runs on Echidna, but not medusa.

[mikerudenko]

have the same issue...

[ggrieco-tob]

Let´s re-open this issue to investigate.

[anishnaik]

@mikerudenko can you describe what the issue is? There is discussion about a few types of issues in this thread so lmk specifically which part is causing problems :)

[anishnaik]

Closing due to inactivity.